diff options
author | Nanang Izzuddin <nanang@teluu.com> | 2010-02-24 05:43:34 +0000 |
---|---|---|
committer | Nanang Izzuddin <nanang@teluu.com> | 2010-02-24 05:43:34 +0000 |
commit | bb2fc905eb58b9ebdf66e89330599be996821db7 (patch) | |
tree | f6bedef48655a824a1393efbb667a3b8af560b63 /pjsip/include | |
parent | df622f00fa10e2cbcde9df6169ad628fe3e72226 (diff) |
Ticket #1032:
- Initial version of server domain name verification:
- Updated SSL certificate info, especially identities info
- Updated verification mechanism as in the specifications in ticket desc.
- Added server domain name info in pjsip_tx_data.
- Added alternative API for acquiring transport and creating transport of transport factory to include pjsip_tx_data param.
- Server identity match criteria:
- full host name match
- wild card not accepted
- if identity is URI, it must be SIP/SIPS URI
- Initial version of transport state notifications:
- Added new API to set transport state callback in PJSIP and PJSUA.
- Defined states: connected/disconnected, accepted/rejected, verification errors.
- Minors:
- Updated SSL socket test: dump verification result, test of requiring client cert, and few minors.
- Updated test cert to include subjectAltName extensions.
- Added SSL certificate dump function.
- Updated max number of socket async operations in Symbian sample apps (RSocketServ::Connect()) to 32 (was default 8).
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@3106 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjsip/include')
-rw-r--r-- | pjsip/include/pjsip/sip_endpoint.h | 29 | ||||
-rw-r--r-- | pjsip/include/pjsip/sip_transport.h | 143 | ||||
-rw-r--r-- | pjsip/include/pjsip/sip_transport_tls.h | 64 | ||||
-rw-r--r-- | pjsip/include/pjsua-lib/pjsua.h | 19 |
4 files changed, 238 insertions, 17 deletions
diff --git a/pjsip/include/pjsip/sip_endpoint.h b/pjsip/include/pjsip/sip_endpoint.h index 1938e9d4..2abcf4a4 100644 --- a/pjsip/include/pjsip/sip_endpoint.h +++ b/pjsip/include/pjsip/sip_endpoint.h @@ -372,6 +372,35 @@ pjsip_endpt_acquire_transport( pjsip_endpoint *endpt, pjsip_transport **p_tp); +/** + * Find a SIP transport suitable for sending SIP message to the specified + * address by also considering the outgoing SIP message data. If transport + * selector ("sel") is set, then the function will check if the transport + * selected is suitable to send requests to the specified address. + * + * @see pjsip_tpmgr_acquire_transport + * + * @param endpt The SIP endpoint instance. + * @param type The type of transport to be acquired. + * @param remote The remote address to send message to. + * @param addr_len Length of the remote address. + * @param sel Optional pointer to transport selector instance which is + * used to find explicit transport, if required. + * @param tdata Optional pointer to SIP message data to be sent. + * @param p_tp Pointer to receive the transport instance, if one is found. + * + * @return PJ_SUCCESS on success, or the appropriate error code. + */ +PJ_DECL(pj_status_t) +pjsip_endpt_acquire_transport2(pjsip_endpoint *endpt, + pjsip_transport_type_e type, + const pj_sockaddr_t *remote, + int addr_len, + const pjsip_tpselector *sel, + pjsip_tx_data *tdata, + pjsip_transport **p_tp); + + /***************************************************************************** * * Capabilities Management diff --git a/pjsip/include/pjsip/sip_transport.h b/pjsip/include/pjsip/sip_transport.h index 6592fc98..9f6534cd 100644 --- a/pjsip/include/pjsip/sip_transport.h +++ b/pjsip/include/pjsip/sip_transport.h @@ -540,6 +540,10 @@ struct pjsip_tx_data */ struct { + /** Server name. + */ + pj_str_t name; + /** Server addresses resolved. */ pjsip_server_addresses addr; @@ -689,6 +693,11 @@ typedef struct pjsip_transport_key long type; /** + * Hash of host name. + */ + pj_uint32_t hname; + + /** * Destination address. */ pj_sockaddr rem_addr; @@ -918,7 +927,8 @@ struct pjsip_tpfactory pjsip_host_port addr_name; /**< Published name. */ /** - * Create new outbound connection. + * Create new outbound connection suitable for sending SIP message + * to specified remote address. * Note that the factory is responsible for both creating the * transport and registering it to the transport manager. */ @@ -930,6 +940,21 @@ struct pjsip_tpfactory pjsip_transport **transport); /** + * Create new outbound connection suitable for sending SIP message + * to specified remote address by also considering outgoing SIP + * message data. + * Note that the factory is responsible for both creating the + * transport and registering it to the transport manager. + */ + pj_status_t (*create_transport2)(pjsip_tpfactory *factory, + pjsip_tpmgr *mgr, + pjsip_endpoint *endpt, + const pj_sockaddr *rem_addr, + int addr_len, + pjsip_tx_data *tdata, + pjsip_transport **transport); + + /** * Destroy the listener. */ pj_status_t (*destroy)(pjsip_tpfactory *factory); @@ -1100,6 +1125,34 @@ PJ_DECL(pj_status_t) pjsip_tpmgr_acquire_transport(pjsip_tpmgr *mgr, pjsip_transport **tp); /** + * Find suitable transport for sending SIP message to specified remote + * destination by also considering the outgoing SIP message. If no suitable + * transport is found, a new one will be created. + * + * This is an internal function since normally application doesn't have access + * to transport manager. Application should use pjsip_endpt_acquire_transport() + * instead. + * + * @param mgr The transport manager instance. + * @param type The type of transport to be acquired. + * @param remote The remote address to send message to. + * @param addr_len Length of the remote address. + * @param sel Optional pointer to transport selector instance which is + * used to find explicit transport, if required. + * @param tdata Optional pointer to data to be sent. + * @param tp Pointer to receive the transport instance, if one is found. + * + * @return PJ_SUCCESS on success, or the appropriate error code. + */ +PJ_DECL(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, + pjsip_transport_type_e type, + const pj_sockaddr_t *remote, + int addr_len, + const pjsip_tpselector *sel, + pjsip_tx_data *tdata, + pjsip_transport **tp); + +/** * Type of callback to receive notification when message or raw data * has been sent. * @@ -1187,6 +1240,94 @@ PJ_DECL(pj_status_t) pjsip_tpmgr_send_raw(pjsip_tpmgr *mgr, void *token, pjsip_tp_send_callback cb); + +/** + * Enumeration of transport state types. + */ +typedef enum pjsip_transport_state_type { + + /** Transport connected. */ + PJSIP_TP_STATE_CONNECTED = (1 << 0), + + /** Transport accepted. */ + PJSIP_TP_STATE_ACCEPTED = (1 << 1), + + /** Transport disconnected. */ + PJSIP_TP_STATE_DISCONNECTED = (1 << 2), + + /** Incoming connection rejected. */ + PJSIP_TP_STATE_REJECTED = (1 << 3), + + /** TLS verification error. */ + PJSIP_TP_STATE_TLS_VERIF_ERROR = (1 << 8) + +} pjsip_transport_state_type; + + +/** + * Structure of transport state info. + */ +typedef struct pjsip_transport_state_info { + /** + * The last error code related to the transport state. + */ + pj_status_t status; + + /** + * Optional extended info, the content is specific for each transport type. + */ + void *ext_info; +} pjsip_transport_state_info; + + +/** + * Type of callback to receive transport state notifications, such as + * transport connected, disconnected or TLS verification error. + * + * @param tp The transport instance. + * @param state The transport state, this may contain single or + * combination of transport state types defined in + * #pjsip_transport_state_type. + * @param info The transport state info. + * + * @return When TLS verification fails and peer verification in + * #pjsip_tls_setting is not set, application may return + * PJ_TRUE to ignore the verification result and continue + * using the transport. On other cases, this return value + * is currently not used and will be ignored. + */ +typedef pj_bool_t (*pjsip_tp_state_callback)( + pjsip_transport *tp, + pj_uint32_t state, + const pjsip_transport_state_info *info); + + +/** + * Setting callback of transport state notification. The caller will be + * notified whenever the state of transport is changed. The type of + * events are defined in #pjsip_transport_state_type. + * + * @param mgr Transport manager. + * @param cb Callback to be called to notify caller about transport + * status changing. + * + * @return PJ_SUCCESS on success, or the appropriate error code. + */ +PJ_DECL(pj_status_t) pjsip_tpmgr_set_status_cb(pjsip_tpmgr *mgr, + pjsip_tp_state_callback *cb); + + +/** + * Getting the callback of transport state notification. + * + * @param mgr Transport manager. + * + * @return The transport state callback or NULL if it is not set. + */ +PJ_DECL(pjsip_tp_state_callback*) pjsip_tpmgr_get_status_cb( + const pjsip_tpmgr *mgr); + + /** * @} */ diff --git a/pjsip/include/pjsip/sip_transport_tls.h b/pjsip/include/pjsip/sip_transport_tls.h index 8c41e167..f97414b3 100644 --- a/pjsip/include/pjsip/sip_transport_tls.h +++ b/pjsip/include/pjsip/sip_transport_tls.h @@ -26,6 +26,7 @@ */ #include <pjsip/sip_transport.h> +#include <pj/ssl_sock.h> #include <pj/string.h> #include <pj/sock_qos.h> @@ -121,27 +122,44 @@ typedef struct pjsip_tls_setting pj_str_t server_name; /** - * When PJSIP is acting as a client (outgoing TLS connections), - * it will always receive a certificate from the peer. - * If \a verify_server is disabled (set to zero), PJSIP will not - * verifiy the certificate and allows TLS connections to servers - * which do not present a valid certificate. - * If \a tls_verify_server is non-zero, PJSIP verifies the server - * certificate and will close the TLS connection if the server - * certificate is not valid. + * Specifies the action when verification of server TLS certificate + * resulting errors: + * - If \a verify_server is disabled (set to PJ_FALSE), TLS transport + * will just notify the application via #pjsip_tp_state_callback with + * state (PJSIP_TP_STATE_CONNECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR) + * whenever there is any TLS verification error, the return value of + * the callback will be used to decide whether transport should be + * shutdown. + * - If \a verify_server is enabled (set to PJ_TRUE), TLS transport + * will be shutdown and application will be notified with state + * (PJSIP_TP_STATE_DISCONNECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR) + * whenever there is any TLS verification error. * - * This setting corresponds to OpenSSL SSL_VERIFY_PEER flag. - * Default value is zero. + * When the verification resulting success, application will be notified + * via #pjsip_tp_state_callback with state PJSIP_TP_STATE_CONNECTED. + * + * Default value is PJ_FALSE. */ pj_bool_t verify_server; /** - * When acting as server (incoming TLS connections), setting - * \a verify_client to non-zero will cause the transport to activate - * peer verification upon receiving incoming TLS connection. + * Specifies the action when verification of server TLS certificate + * resulting errors: + * - If \a verify_client is disabled (set to PJ_FALSE), TLS transport + * will just notify the application via #pjsip_tp_state_callback with + * state (PJSIP_TP_STATE_ACCEPTED | PJSIP_TP_STATE_TLS_VERIF_ERROR) + * whenever there is any TLS verification error, the return value of + * the callback will be used to decide whether transport should be + * shutdown. + * - If \a verify_client is enabled (set to PJ_TRUE), TLS transport + * will be shutdown and application will be notified with state + * (PJSIP_TP_STATE_REJECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR) + * whenever there is any TLS verification error. + * + * When the verification resulting success, application will be notified + * via #pjsip_tp_state_callback with state PJSIP_TP_STATE_ACCEPTED. * - * This setting corresponds to OpenSSL SSL_VERIFY_PEER flag. - * Default value is zero. + * Default value is PJ_FALSE. */ pj_bool_t verify_client; @@ -150,7 +168,7 @@ typedef struct pjsip_tls_setting * connection if client doesn't have a valid certificate. * * This setting corresponds to SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. - * Default value is zero. + * Default value is PJ_FALSE. */ pj_bool_t require_client_cert; @@ -191,6 +209,20 @@ typedef struct pjsip_tls_setting /** + * This structure defines transport state extended info specifically for + * TLS transport. + */ +typedef struct pjsip_tls_state_info +{ + /** + * SSL socket info. + */ + pj_ssl_sock_info *ssl_sock_info; + +} pjsip_tls_state_info; + + +/** * Initialize TLS setting with default values. * * @param tls_opt The TLS setting to be initialized. diff --git a/pjsip/include/pjsua-lib/pjsua.h b/pjsip/include/pjsua-lib/pjsua.h index ecafb25d..8d4d0a97 100644 --- a/pjsip/include/pjsua-lib/pjsua.h +++ b/pjsip/include/pjsua-lib/pjsua.h @@ -843,6 +843,25 @@ typedef struct pjsua_callback */ void (*on_mwi_info)(pjsua_acc_id acc_id, pjsua_mwi_info *mwi_info); + /** + * This callback is called when transport state is changed. See also + * #pjsip_tp_state_callback. + * + * @param tp The transport instance. + * @param state The transport state, this may contain single or + * combination of transport state types defined in + * #pjsip_transport_state_type. + * @param info The transport state info. + * + * @return When TLS verification fails and peer verification in + * #pjsip_tls_setting is not set, application may return + * PJ_TRUE to ignore the verification result and continue + * using the transport. On other cases, this return value + * is currently not used and will be ignored. + */ + pj_bool_t (*on_transport_state)(pjsip_transport *tp, pj_uint32_t state, + const pjsip_transport_state_info *info); + } pjsua_callback; |