diff options
| author | Benny Prijono <bennylp@teluu.com> | 2008-02-15 08:08:06 +0000 |
|---|---|---|
| committer | Benny Prijono <bennylp@teluu.com> | 2008-02-15 08:08:06 +0000 |
| commit | 118a635a4592af6f43735fe3f8c300834f21d3af (patch) | |
| tree | 12a4774f748ad0a7f6951eecd28f93e71843b29c /pjsip | |
| parent | d8f46101a302542184867ec08f6a8c5bc0a97854 (diff) | |
Ticket #481: Default TLS version should be TLSv1 (thanks Klaus Darilion)
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@1799 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjsip')
| -rw-r--r-- | pjsip/include/pjsip/sip_transport_tls.h | 34 | ||||
| -rw-r--r-- | pjsip/src/pjsip/sip_transport_tls_ossl.c | 8 |
2 files changed, 29 insertions, 13 deletions
diff --git a/pjsip/include/pjsip/sip_transport_tls.h b/pjsip/include/pjsip/sip_transport_tls.h index debddfb8..600ff298 100644 --- a/pjsip/include/pjsip/sip_transport_tls.h +++ b/pjsip/include/pjsip/sip_transport_tls.h @@ -39,17 +39,27 @@ PJ_BEGIN_DECL * the transport to the framework. */ +/** + * The default SSL method to be used by PJSIP. + * Default is PJSIP_TLSV1_METHOD + */ +#ifndef PJSIP_SSL_DEFAULT_METHOD +# define PJSIP_SSL_DEFAULT_METHOD PJSIP_TLSV1_METHOD +#endif + /** SSL protocol method constants. */ typedef enum pjsip_ssl_method { - PJSIP_SSL_DEFAULT_METHOD = 0, /**< Default protocol method. */ - PJSIP_TLSV1_METHOD = 1, /**< Use SSLv1 method. */ - PJSIP_SSLV2_METHOD = 2, /**< Use SSLv2 method. */ - PJSIP_SSLV3_METHOD = 3, /**< Use SSLv3 method. */ + PJSIP_SSL_UNSPECIFIED_METHOD= 0, /**< Default protocol method. */ + PJSIP_TLSV1_METHOD = 31, /**< Use SSLv1 method. */ + PJSIP_SSLV2_METHOD = 20, /**< Use SSLv2 method. */ + PJSIP_SSLV3_METHOD = 30, /**< Use SSLv3 method. */ PJSIP_SSLV23_METHOD = 23 /**< Use SSLv23 method. */ } pjsip_ssl_method; + + /** * TLS transport settings. */ @@ -79,14 +89,16 @@ typedef struct pjsip_tls_setting /** * TLS protocol method from #pjsip_ssl_method, which can be: - * - PJSIP_SSL_DEFAULT_METHOD(0): default (which will use SSLv23) - * - PJSIP_TLSV1_METHOD(1): TLSv1 - * - PJSIP_SSLV2_METHOD(2): TLSv2 - * - PJSIP_SSLV3_METHOD(3): TLSv3 - * - PJSIP_SSLV23_METHOD(23): TLSv23 + * - PJSIP_SSL_UNSPECIFIED_METHOD(0): default (which will use + * PJSIP_SSL_DEFAULT_METHOD) + * - PJSIP_TLSV1_METHOD(1): TLSv1 + * - PJSIP_SSLV2_METHOD(2): SSLv2 + * - PJSIP_SSLV3_METHOD(3): SSL3 + * - PJSIP_SSLV23_METHOD(23): SSL23 * - * Default is PJSIP_SSL_DEFAULT_METHOD (0), which will use SSLv23 - * protocol method. + * Default is PJSIP_SSL_UNSPECIFIED_METHOD (0), which in turn will + * use PJSIP_SSL_DEFAULT_METHOD, which default value is + * PJSIP_TLSV1_METHOD. */ int method; diff --git a/pjsip/src/pjsip/sip_transport_tls_ossl.c b/pjsip/src/pjsip/sip_transport_tls_ossl.c index a7d7d73c..81e19f1d 100644 --- a/pjsip/src/pjsip/sip_transport_tls_ossl.c +++ b/pjsip/src/pjsip/sip_transport_tls_ossl.c @@ -315,6 +315,7 @@ static void shutdown_openssl(void) static pj_status_t create_ctx( struct tls_listener *lis, SSL_CTX **p_ctx) { struct pjsip_tls_setting *opt = &lis->setting; + int method; char *lis_name = lis->factory.obj_name; SSL_METHOD *ssl_method; SSL_CTX *ctx; @@ -326,8 +327,11 @@ static pj_status_t create_ctx( struct tls_listener *lis, SSL_CTX **p_ctx) init_openssl(); /* Determine SSL method to use */ - switch (opt->method) { - case PJSIP_SSL_DEFAULT_METHOD: + method = opt->method; + if (method == PJSIP_SSL_UNSPECIFIED_METHOD) + method = PJSIP_SSL_DEFAULT_METHOD; + + switch (method) { case PJSIP_SSLV23_METHOD: ssl_method = SSLv23_method(); break; |