From a21885c3133c2f35be44dfcd14fb2023b1d60c89 Mon Sep 17 00:00:00 2001 From: Liong Sauw Ming Date: Thu, 23 Apr 2015 02:42:49 +0000 Subject: Fixed #1845: Add support if OpenSSL library has more than 100 cipher suites git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5076 74dad513-b988-da41-8d7b-12977e46ad98 --- pjlib/include/pj/config.h | 10 ++++++++++ pjlib/src/pj/ssl_sock_ossl.c | 9 +++------ pjlib/src/pjlib-test/ssl_sock.c | 2 +- pjsip-apps/src/pjsua/pjsua_app_config.c | 4 ++-- pjsip/src/pjsua2/endpoint.cpp | 2 +- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/pjlib/include/pj/config.h b/pjlib/include/pj/config.h index 67659191..cad816e8 100644 --- a/pjlib/include/pj/config.h +++ b/pjlib/include/pj/config.h @@ -864,6 +864,16 @@ #endif +/** + * Define the maximum number of ciphers supported by the secure socket. + * + * Default: 256 + */ +#ifndef PJ_SSL_SOCK_MAX_CIPHERS +# define PJ_SSL_SOCK_MAX_CIPHERS 256 +#endif + + /** * Disable WSAECONNRESET error for UDP sockets on Win32 platforms. See * https://trac.pjsip.org/repos/ticket/1197. diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index 4915a18c..07e81d1a 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -39,9 +39,6 @@ /* Workaround for ticket #985 */ #define DELAYED_CLOSE_TIMEOUT 200 -/* Maximum ciphers */ -#define MAX_CIPHERS 100 - /* * Include OpenSSL headers */ @@ -296,7 +293,7 @@ static unsigned openssl_cipher_num; static struct openssl_ciphers_t { pj_ssl_cipher id; const char *name; -} openssl_ciphers[MAX_CIPHERS]; +} openssl_ciphers[PJ_SSL_SOCK_MAX_CIPHERS]; /* OpenSSL application data index */ static int sslsock_idx; @@ -345,7 +342,7 @@ static pj_status_t init_openssl(void) pj_assert(meth); ctx=SSL_CTX_new(meth); - SSL_CTX_set_cipher_list(ctx, "ALL"); + SSL_CTX_set_cipher_list(ctx, "ALL:COMPLEMENTOFALL"); ssl = SSL_new(ctx); sk_cipher = SSL_get_ciphers(ssl); @@ -792,7 +789,7 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) pj_strset(&cipher_list, buf, 0); /* Set SSL with ALL available ciphers */ - SSL_set_cipher_list(ssock->ossl_ssl, "ALL"); + SSL_set_cipher_list(ssock->ossl_ssl, "ALL:COMPLEMENTOFALL"); /* Generate user specified cipher list in OpenSSL format */ sk_cipher = SSL_get_ciphers(ssock->ossl_ssl); diff --git a/pjlib/src/pjlib-test/ssl_sock.c b/pjlib/src/pjlib-test/ssl_sock.c index 4ebf9979..92fffd86 100644 --- a/pjlib/src/pjlib-test/ssl_sock.c +++ b/pjlib/src/pjlib-test/ssl_sock.c @@ -40,7 +40,7 @@ struct send_key { static int get_cipher_list(void) { pj_status_t status; - pj_ssl_cipher ciphers[100]; + pj_ssl_cipher ciphers[PJ_SSL_SOCK_MAX_CIPHERS]; unsigned cipher_num; unsigned i; diff --git a/pjsip-apps/src/pjsua/pjsua_app_config.c b/pjsip-apps/src/pjsua/pjsua_app_config.c index 740be6f2..2016e525 100644 --- a/pjsip-apps/src/pjsua/pjsua_app_config.c +++ b/pjsip-apps/src/pjsua/pjsua_app_config.c @@ -1216,12 +1216,12 @@ static pj_status_t parse_args(int argc, char *argv[], } if (pj_ssl_cipher_is_supported(cipher)) { - static pj_ssl_cipher tls_ciphers[128]; + static pj_ssl_cipher tls_ciphers[PJ_SSL_SOCK_MAX_CIPHERS]; tls_ciphers[cfg->udp_cfg.tls_setting.ciphers_num++] = cipher; cfg->udp_cfg.tls_setting.ciphers = tls_ciphers; } else { - pj_ssl_cipher ciphers[128]; + pj_ssl_cipher ciphers[512]; unsigned j, ciphers_cnt; ciphers_cnt = PJ_ARRAY_SIZE(ciphers); diff --git a/pjsip/src/pjsua2/endpoint.cpp b/pjsip/src/pjsua2/endpoint.cpp index e7fcded3..a12dced4 100644 --- a/pjsip/src/pjsua2/endpoint.cpp +++ b/pjsip/src/pjsua2/endpoint.cpp @@ -1452,7 +1452,7 @@ void Endpoint::utilTimerCancel(Token prmTimerToken) IntVector Endpoint::utilSslGetAvailableCiphers() throw (Error) { #if PJ_HAS_SSL_SOCK - pj_ssl_cipher ciphers[64]; + pj_ssl_cipher ciphers[PJ_SSL_SOCK_MAX_CIPHERS]; unsigned count = PJ_ARRAY_SIZE(ciphers); PJSUA2_CHECK_EXPR( pj_ssl_cipher_get_availables(ciphers, &count) ); -- cgit v1.2.3