From edc65dae7b3332ead145bb2d2b030c5df3e9a2e1 Mon Sep 17 00:00:00 2001
From: Riza Sulistyo <riza@teluu.com>
Date: Thu, 18 Dec 2014 04:40:35 +0000
Subject: Re #1806: Implement SSL/TLS setting to set protocol operation.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4968 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjsip/include/pjsip/sip_transport_tls.h | 49 +++++++++++++++++++++------------
 pjsip/include/pjsua2/siptypes.hpp       | 16 +++++++++--
 2 files changed, 45 insertions(+), 20 deletions(-)

(limited to 'pjsip/include')

diff --git a/pjsip/include/pjsip/sip_transport_tls.h b/pjsip/include/pjsip/sip_transport_tls.h
index b6deafc7..5a36384d 100644
--- a/pjsip/include/pjsip/sip_transport_tls.h
+++ b/pjsip/include/pjsip/sip_transport_tls.h
@@ -51,18 +51,28 @@ PJ_BEGIN_DECL
 #   define PJSIP_SSL_DEFAULT_METHOD	PJSIP_TLSV1_METHOD
 #endif
 
+
 /** SSL protocol method constants. */
 typedef enum pjsip_ssl_method
 {
-    PJSIP_SSL_UNSPECIFIED_METHOD= 0,	/**< Default protocol method.	*/
-    PJSIP_TLSV1_METHOD		= 31,	/**< Use SSLv1 method.		*/
-    PJSIP_SSLV2_METHOD		= 20,	/**< Use SSLv2 method.		*/
-    PJSIP_SSLV3_METHOD		= 30,	/**< Use SSLv3 method.		*/
-    PJSIP_SSLV23_METHOD		= 23	/**< Use SSLv23 method.		*/
+    PJSIP_SSL_UNSPECIFIED_METHOD = 0,	/**< Default protocol method.	*/    
+    PJSIP_SSLV2_METHOD		 = 20,	/**< Use SSLv2 method.		*/
+    PJSIP_SSLV3_METHOD		 = 30,	/**< Use SSLv3 method.		*/
+    PJSIP_TLSV1_METHOD		 = 31,	/**< Use TLSv1 method.		*/
+    PJSIP_TLSV1_1_METHOD	 = 32,	/**< Use TLSv1_1 method.	*/
+    PJSIP_TLSV1_2_METHOD	 = 33,	/**< Use TLSv1_2 method.	*/
+    PJSIP_SSLV23_METHOD		 = 23,	/**< Use SSLv23 method.		*/
 } pjsip_ssl_method;
 
-
-
+/**
+ * The default enabled SSL proto to be used.
+ * Default is all protocol above TLSv1 (TLSv1 & TLS v1.1 & TLS v1.2).
+ */
+#ifndef PJSIP_SSL_DEFAULT_PROTO
+#   define PJSIP_SSL_DEFAULT_PROTO  (PJ_SSL_SOCK_PROTO_TLS1 | \
+				     PJ_SSL_SOCK_PROTO_TLS1_1 | \
+				     PJ_SSL_SOCK_PROTO_TLS1_2)
+#endif
 
 /**
  * TLS transport settings.
@@ -92,19 +102,23 @@ typedef struct pjsip_tls_setting
     pj_str_t	password;
 
     /**
-     * TLS protocol method from #pjsip_ssl_method, which can be:
-     *	- PJSIP_SSL_UNSPECIFIED_METHOD(0): default (which will use 
-     *                                     PJSIP_SSL_DEFAULT_METHOD)
-     *	- PJSIP_TLSV1_METHOD(1):	   TLSv1
-     *	- PJSIP_SSLV2_METHOD(2):	   SSLv2
-     *	- PJSIP_SSLV3_METHOD(3):	   SSL3
-     *	- PJSIP_SSLV23_METHOD(23):	   SSL23
+     * TLS protocol method from #pjsip_ssl_method. In the future, this field
+     * might be deprecated in favor of <b>proto</b> field. For now, this field 
+     * is only applicable only when <b>proto</b> field is set to zero.
      *
      * Default is PJSIP_SSL_UNSPECIFIED_METHOD (0), which in turn will
-     * use PJSIP_SSL_DEFAULT_METHOD, which default value is 
-     * PJSIP_TLSV1_METHOD.
+     * use PJSIP_SSL_DEFAULT_METHOD, which default value is PJSIP_TLSV1_METHOD.
+     */
+    pjsip_ssl_method	method;
+
+    /**
+     * TLS protocol type from #pj_ssl_sock_proto. Use this field to enable 
+     * specific protocol type. Use bitwise OR operation to combine the protocol 
+     * type.
+     *
+     * Default is PJSIP_SSL_DEFAULT_PROTO.
      */
-    int		method;
+    pj_uint32_t	proto;
 
     /**
      * Number of ciphers contained in the specified cipher preference. 
@@ -252,6 +266,7 @@ PJ_INLINE(void) pjsip_tls_setting_default(pjsip_tls_setting *tls_opt)
     tls_opt->qos_type = PJ_QOS_TYPE_BEST_EFFORT;
     tls_opt->qos_ignore_error = PJ_TRUE;
     tls_opt->sockopt_ignore_error = PJ_TRUE;
+    tls_opt->proto = PJSIP_SSL_DEFAULT_PROTO;
 }
 
 
diff --git a/pjsip/include/pjsua2/siptypes.hpp b/pjsip/include/pjsua2/siptypes.hpp
index 8e0428b9..c5b23dea 100644
--- a/pjsip/include/pjsua2/siptypes.hpp
+++ b/pjsip/include/pjsua2/siptypes.hpp
@@ -145,14 +145,24 @@ struct TlsConfig : public PersistentObject
     string		password;
 
     /**
-     * TLS protocol method from pjsip_ssl_method.
+     * TLS protocol method from #pjsip_ssl_method. In the future, this field
+     * might be deprecated in favor of <b>proto</b> field. For now, this field 
+     * is only applicable only when <b>proto</b> field is set to zero.
      *
      * Default is PJSIP_SSL_UNSPECIFIED_METHOD (0), which in turn will
-     * use PJSIP_SSL_DEFAULT_METHOD, which default value is
-     * PJSIP_TLSV1_METHOD.
+     * use PJSIP_SSL_DEFAULT_METHOD, which default value is PJSIP_TLSV1_METHOD.
      */
     pjsip_ssl_method	method;
 
+    /**
+     * TLS protocol type from #pj_ssl_sock_proto. Use this field to enable 
+     * specific protocol type. Use bitwise OR operation to combine the protocol 
+     * type.
+     *
+     * Default is PJSIP_SSL_DEFAULT_PROTO.
+     */
+    unsigned		proto;
+
     /**
      * Ciphers and order preference. The Endpoint::utilSslGetAvailableCiphers()
      * can be used to check the available ciphers supported by backend.
-- 
cgit v1.2.3