diff options
| author | Nanang Izzuddin <nanang@teluu.com> | 2009-12-30 06:35:20 +0000 |
|---|---|---|
| committer | Nanang Izzuddin <nanang@teluu.com> | 2009-12-30 06:35:20 +0000 |
| commit | eca8d28de93c429f4ed8c39bef710ffa45beaf5b (patch) | |
| tree | 2ed2fc26430fa3db8d2aa8bbac7a34b46f8161e7 /pjsip | |
| parent | 2944d17a99b5f84b09713f36c430f94647be4f34 (diff) | |
Ticket #1005:
- Fixed bug in pjsip_tls_transport_start(): specified ca_list_file must be applied even when cert_file is not set.
- Fixed bug in lis_create_transport(): new transport should inherit cert settings (from listener).
- Fixed pjsua app, missing TLS transport setting 'require_client_cert' for '--tls-verify-client' option.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@3039 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjsip')
| -rw-r--r-- | pjsip/src/pjsip/sip_transport_tls.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c index a61cee29..ab96ecd9 100644 --- a/pjsip/src/pjsip/sip_transport_tls.c +++ b/pjsip/src/pjsip/sip_transport_tls.c @@ -54,6 +54,7 @@ struct tls_listener pjsip_endpoint *endpt; pjsip_tpmgr *tpmgr; pj_ssl_sock_t *ssock; + pj_ssl_cert_t *cert; pjsip_tls_setting tls_setting; }; @@ -288,21 +289,21 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start (pjsip_endpoint *endpt, pj_sockaddr_in_init(listener_addr, NULL, 0); } - /* Check if certificate for SSL socket is set */ - if (listener->tls_setting.cert_file.slen) + /* Check if certificate/CA list for SSL socket is set */ + if (listener->tls_setting.cert_file.slen || + listener->tls_setting.ca_list_file.slen) { - pj_ssl_cert_t *cert; - status = pj_ssl_cert_load_from_files(pool, &listener->tls_setting.ca_list_file, &listener->tls_setting.cert_file, &listener->tls_setting.privkey_file, &listener->tls_setting.password, - &cert); + &listener->cert); if (status != PJ_SUCCESS) goto on_error; - status = pj_ssl_sock_set_certificate(listener->ssock, pool, cert); + status = pj_ssl_sock_set_certificate(listener->ssock, pool, + listener->cert); if (status != PJ_SUCCESS) goto on_error; } @@ -837,6 +838,13 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory, if (status != PJ_SUCCESS) return status; + /* Apply SSL certificate */ + if (listener->cert) { + status = pj_ssl_sock_set_certificate(ssock, pool, listener->cert); + if (status != PJ_SUCCESS) + return status; + } + /* Initially set bind address to PJ_INADDR_ANY port 0 */ pj_sockaddr_in_init(&local_addr, NULL, 0); |