Major TLS work (ticket #3): asynchronous socket, rather complete TLS options, and pjsua integration. The TLS support should work in both client and server mode.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@861 74dad513-b988-da41-8d7b-12977e46ad98
author: Benny Prijono <bennylp@teluu.com> 2006-12-25 06:43:59 +0000
committer: Benny Prijono <bennylp@teluu.com> 2006-12-25 06:43:59 +0000
commit: d6a9dded719756a7a873f1f9a6c1d201859b0ee6 (patch)
tree: 9db7148d26d53dedb2c91dc8bbb5da20c163faa0 /pjsip-apps
parent: 94aaa0ce2af8bf9799752bb6cb6c9989d60bc612 (diff)
1 files changed, 93 insertions, 21 deletions
diff --git a/pjsip-apps/src/pjsua/pjsua_app.c b/pjsip-apps/src/pjsua/pjsua_app.c
index a3156e38..be6292ac 100644
--- a/pjsip-apps/src/pjsua/pjsua_app.c
+++ b/pjsip-apps/src/pjsua/pjsua_app.c
@@ -138,12 +138,17 @@ static void usage(void)
     puts  ("                      May be specified multiple times");
     puts  ("  --use-stun1=host[:port]");
     puts  ("  --use-stun2=host[:port]  Resolve local IP with the specified STUN servers");
-#if defined(PJSIP_HAS_TLS_TRANSPORT) && PJSIP_HAS_TLS_TRANSPORT!=0
+    puts  ("");
+    puts  ("TLS Options:");
     puts  ("  --use-tls           Enable TLS transport");
-    puts  ("  --tls-ca-file       Specify TLS CA file");
-    puts  ("  --tls-key-file      Specify TLS client key file");
-    puts  ("  --tls-password      Specify TLS password");
-#endif
+    puts  ("  --tls-ca-file       Specify TLS CA file (default=none)");
+    puts  ("  --tls-cert-file     Specify TLS certificate file (default=none)");
+    puts  ("  --tls-privkey-file  Specify TLS private key file (default=none)");
+    puts  ("  --tls-password      Specify TLS password to private key file (default=none)");
+    puts  ("  --tls-verify-server Verify server's certificate (default=no)");
+    puts  ("  --tls-verify-client Verify client's certificate (default=no)");
+    puts  ("  --tls-neg-timeout   Specify TLS negotiation timeout (default=no)");
+
     puts  ("");
     puts  ("Media Options:");
     puts  ("  --add-codec=name    Manually add codec (default is to enable all)");
@@ -306,7 +311,9 @@ static pj_status_t parse_args(int argc, char *argv[],
 	   OPT_NEXT_ACCOUNT, OPT_NEXT_CRED, OPT_MAX_CALLS, 
 	   OPT_DURATION, OPT_NO_TCP, OPT_NO_UDP, OPT_THREAD_CNT,
 	   OPT_NOREFERSUB,
-	   OPT_USE_TLS, OPT_TLS_CA_FILE, OPT_TLS_KEY_FILE, OPT_TLS_PASSWORD,
+	   OPT_USE_TLS, OPT_TLS_CA_FILE, OPT_TLS_CERT_FILE, OPT_TLS_PRIV_FILE,
+	   OPT_TLS_PASSWORD, OPT_TLS_VERIFY_SERVER, OPT_TLS_VERIFY_CLIENT,
+	   OPT_TLS_NEG_TIMEOUT,
     };
     struct pj_getopt_option long_options[] = {
 	{ "config-file",1, 0, OPT_CONFIG_FILE},
@@ -363,8 +370,12 @@ static pj_status_t parse_args(int argc, char *argv[],
 	{ "thread-cnt",	1, 0, OPT_THREAD_CNT},
 	{ "use-tls",	0, 0, OPT_USE_TLS}, 
 	{ "tls-ca-file",1, 0, OPT_TLS_CA_FILE},
-	{ "tls-key-file",1,0, OPT_TLS_KEY_FILE}, 
+	{ "tls-cert-file",1,0, OPT_TLS_CERT_FILE}, 
+	{ "tls-privkey-file",1,0, OPT_TLS_PRIV_FILE},
 	{ "tls-password",1,0, OPT_TLS_PASSWORD},
+	{ "tls-verify-server", 0, 0, OPT_TLS_VERIFY_SERVER},
+	{ "tls-verify-client", 0, 0, OPT_TLS_VERIFY_CLIENT},
+	{ "tls-neg-timeout", 1, 0, OPT_TLS_NEG_TIMEOUT},
 	{ NULL, 0, 0, 0}
     };
     pj_status_t status;
@@ -788,18 +799,50 @@ static pj_status_t parse_args(int argc, char *argv[],
 
 	case OPT_USE_TLS:
 	    cfg->use_tls = PJ_TRUE;
+#if !defined(PJSIP_HAS_TLS_TRANSPORT) || PJSIP_HAS_TLS_TRANSPORT==0
+	    PJ_LOG(1,(THIS_FILE, "Error: TLS support is not configured"));
+	    return -1;
+#endif
 	    break;
 	    
 	case OPT_TLS_CA_FILE:
-	    cfg->udp_cfg.tls_ca_file = pj_str(pj_optarg);
+	    cfg->udp_cfg.tls_setting.ca_list_file = pj_str(pj_optarg);
+#if !defined(PJSIP_HAS_TLS_TRANSPORT) || PJSIP_HAS_TLS_TRANSPORT==0
+	    PJ_LOG(1,(THIS_FILE, "Error: TLS support is not configured"));
+	    return -1;
+#endif
 	    break;
 	    
-	case OPT_TLS_KEY_FILE:
-	    cfg->udp_cfg.tls_key_file = pj_str(pj_optarg);
+	case OPT_TLS_CERT_FILE:
+	    cfg->udp_cfg.tls_setting.cert_file = pj_str(pj_optarg);
+#if !defined(PJSIP_HAS_TLS_TRANSPORT) || PJSIP_HAS_TLS_TRANSPORT==0
+	    PJ_LOG(1,(THIS_FILE, "Error: TLS support is not configured"));
+	    return -1;
+#endif
 	    break;
 	    
+	case OPT_TLS_PRIV_FILE:
+	    cfg->udp_cfg.tls_setting.privkey_file = pj_str(pj_optarg);
+	    break;
+
 	case OPT_TLS_PASSWORD:
-	    cfg->udp_cfg.tls_password = pj_str(pj_optarg);
+	    cfg->udp_cfg.tls_setting.password = pj_str(pj_optarg);
+#if !defined(PJSIP_HAS_TLS_TRANSPORT) || PJSIP_HAS_TLS_TRANSPORT==0
+	    PJ_LOG(1,(THIS_FILE, "Error: TLS support is not configured"));
+	    return -1;
+#endif
+	    break;
+
+	case OPT_TLS_VERIFY_SERVER:
+	    cfg->udp_cfg.tls_setting.verify_server = PJ_TRUE;
+	    break;
+
+	case OPT_TLS_VERIFY_CLIENT:
+	    cfg->udp_cfg.tls_setting.verify_client = PJ_TRUE;
+	    break;
+
+	case OPT_TLS_NEG_TIMEOUT:
+	    cfg->udp_cfg.tls_setting.timeout.sec = atoi(pj_optarg);
 	    break;
 
 	default:
@@ -1033,22 +1076,41 @@ static int write_settings(const struct app_config *config,
     /* TLS */
     if (config->use_tls)
 	pj_strcat2(&cfg, "--use-tls\n");
-    if (config->udp_cfg.tls_ca_file.slen) {
+    if (config->udp_cfg.tls_setting.ca_list_file.slen) {
 	pj_ansi_sprintf(line, "--tls-ca-file %.*s\n",
-			(int)config->udp_cfg.tls_ca_file.slen, 
-			config->udp_cfg.tls_ca_file.ptr);
+			(int)config->udp_cfg.tls_setting.ca_list_file.slen, 
+			config->udp_cfg.tls_setting.ca_list_file.ptr);
 	pj_strcat2(&cfg, line);
     }
-    if (config->udp_cfg.tls_key_file.slen) {
-	pj_ansi_sprintf(line, "--tls-key-file %.*s\n",
-			(int)config->udp_cfg.tls_key_file.slen, 
-			config->udp_cfg.tls_key_file.ptr);
+    if (config->udp_cfg.tls_setting.cert_file.slen) {
+	pj_ansi_sprintf(line, "--tls-cert-file %.*s\n",
+			(int)config->udp_cfg.tls_setting.cert_file.slen, 
+			config->udp_cfg.tls_setting.cert_file.ptr);
 	pj_strcat2(&cfg, line);
     }
-    if (config->udp_cfg.tls_password.slen) {
+    if (config->udp_cfg.tls_setting.privkey_file.slen) {
+	pj_ansi_sprintf(line, "--tls-privkey-file %.*s\n",
+			(int)config->udp_cfg.tls_setting.privkey_file.slen, 
+			config->udp_cfg.tls_setting.privkey_file.ptr);
+	pj_strcat2(&cfg, line);
+    }
+
+    if (config->udp_cfg.tls_setting.password.slen) {
 	pj_ansi_sprintf(line, "--tls-password %.*s\n",
-			(int)config->udp_cfg.tls_password.slen, 
-			config->udp_cfg.tls_password.ptr);
+			(int)config->udp_cfg.tls_setting.password.slen, 
+			config->udp_cfg.tls_setting.password.ptr);
+	pj_strcat2(&cfg, line);
+    }
+
+    if (config->udp_cfg.tls_setting.verify_server)
+	pj_strcat2(&cfg, "--tls-verify-server\n");
+
+    if (config->udp_cfg.tls_setting.verify_client)
+	pj_strcat2(&cfg, "--tls-verify-client\n");
+
+    if (config->udp_cfg.tls_setting.timeout.sec) {
+	pj_ansi_sprintf(line, "--tls-neg-timeout %d\n",
+			config->udp_cfg.tls_setting.timeout.sec);
 	pj_strcat2(&cfg, line);
     }
 
@@ -2829,11 +2891,21 @@ pj_status_t app_init(int argc, char *argv[])
 #if defined(PJSIP_HAS_TLS_TRANSPORT) && PJSIP_HAS_TLS_TRANSPORT!=0
     /* Add TLS transport when application wants one */
     if (app_config.use_tls) {
+
+	pjsua_acc_id acc_id;
+
+	/* Set TLS port as TCP port+1 */
+	app_config.udp_cfg.port++;
 	status = pjsua_transport_create(PJSIP_TRANSPORT_TLS,
 					&app_config.udp_cfg, 
 					&transport_id);
+	app_config.udp_cfg.port--;
 	if (status != PJ_SUCCESS)
 	    goto on_error;
+	
+	/* Add local account */
+	pjsua_acc_add_local(transport_id, PJ_FALSE, &acc_id);
+	pjsua_acc_set_online_status(acc_id, PJ_TRUE);
     }
 #endif
author	Benny Prijono <bennylp@teluu.com>	2006-12-25 06:43:59 +0000
committer	Benny Prijono <bennylp@teluu.com>	2006-12-25 06:43:59 +0000
commit	d6a9dded719756a7a873f1f9a6c1d201859b0ee6 (patch)
tree	9db7148d26d53dedb2c91dc8bbb5da20c163faa0 /pjsip-apps
parent	94aaa0ce2af8bf9799752bb6cb6c9989d60bc612 (diff)