diff options
author | Benny Prijono <bennylp@teluu.com> | 2008-07-01 15:31:59 +0000 |
---|---|---|
committer | Benny Prijono <bennylp@teluu.com> | 2008-07-01 15:31:59 +0000 |
commit | 5c50c25acb9d1c7e6c92dedb796023594dafa162 (patch) | |
tree | 97416483a5afbd595ada7f91d81d0ec33f98b4bd /pjsip | |
parent | 042028219c31fff6913d0b14b006a54a8bbfabcb (diff) |
Ticket #552: Added TLS server name extension to support connecting to multi-hosted SIP TLS server (thanks Klaus Darilion for the suggestion)
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@2094 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjsip')
-rw-r--r-- | pjsip/include/pjsip/sip_transport_tls.h | 10 | ||||
-rw-r--r-- | pjsip/src/pjsip/sip_transport_tls_ossl.c | 21 |
2 files changed, 31 insertions, 0 deletions
diff --git a/pjsip/include/pjsip/sip_transport_tls.h b/pjsip/include/pjsip/sip_transport_tls.h index d970df7b..cec869d4 100644 --- a/pjsip/include/pjsip/sip_transport_tls.h +++ b/pjsip/include/pjsip/sip_transport_tls.h @@ -109,6 +109,16 @@ typedef struct pjsip_tls_setting pj_str_t ciphers; /** + * Optionally specify the server name instance to be contacted when + * making outgoing TLS connection. This setting is useful when the + * server is hosting multiple domains for the same TLS listening + * socket. + * + * Default: empty. + */ + pj_str_t server_name; + + /** * When PJSIP is acting as a client (outgoing TLS connections), * it will always receive a certificate from the peer. * If \a verify_server is disabled (set to zero), PJSIP will not diff --git a/pjsip/src/pjsip/sip_transport_tls_ossl.c b/pjsip/src/pjsip/sip_transport_tls_ossl.c index 4ca2c2f9..3c4fc706 100644 --- a/pjsip/src/pjsip/sip_transport_tls_ossl.c +++ b/pjsip/src/pjsip/sip_transport_tls_ossl.c @@ -164,6 +164,7 @@ struct tls_transport /* TLS settings, copied from listener */ struct { + pj_str_t server_name; pj_time_val timeout; } setting; @@ -513,6 +514,24 @@ static pj_status_t ssl_connect(struct tls_transport *tls) if (!SSL_in_connect_init(ssl)) SSL_set_connect_state(ssl); +#ifdef SSL_set_tlsext_host_name + if (tls->setting.server_name.slen) { + char server_name[PJ_MAX_HOSTNAME]; + + if (tls->setting.server_name.slen >= PJ_MAX_HOSTNAME) + return PJ_ENAMETOOLONG; + + pj_memcpy(server_name, tls->setting.server_name.ptr, + tls->setting.server_name.slen); + server_name[tls->setting.server_name.slen] = '\0'; + + if (!SSL_set_tlsext_host_name(ssl, server_name)) { + PJ_LOG(4,(tls->base.obj_name, + "SSL_set_tlsext_host_name() failed")); + } + } +#endif + PJ_LOG(5,(tls->base.obj_name, "Starting SSL_connect() negotiation")); do { @@ -1231,6 +1250,8 @@ static pj_status_t tls_create( struct tls_listener *listener, pj_list_init(&tls->delayed_list); tls->base.pool = pool; tls->setting.timeout = listener->setting.timeout; + pj_strdup(pool, &tls->setting.server_name, + &listener->setting.server_name); pj_ansi_snprintf(tls->base.obj_name, PJ_MAX_OBJ_NAME, (is_server ? "tlss%p" :"tlsc%p"), tls); |