From edc65dae7b3332ead145bb2d2b030c5df3e9a2e1 Mon Sep 17 00:00:00 2001 From: Riza Sulistyo Date: Thu, 18 Dec 2014 04:40:35 +0000 Subject: Re #1806: Implement SSL/TLS setting to set protocol operation. git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4968 74dad513-b988-da41-8d7b-12977e46ad98 --- pjsip/src/pjsip/sip_transport_tls.c | 83 +++++++++++++++++++------------------ pjsip/src/pjsua2/siptypes.cpp | 2 + 2 files changed, 45 insertions(+), 40 deletions(-) (limited to 'pjsip/src') diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c index 0878c3a2..10c4f574 100644 --- a/pjsip/src/pjsip/sip_transport_tls.c +++ b/pjsip/src/pjsip/sip_transport_tls.c @@ -185,6 +185,43 @@ static void sockaddr_to_host_port( pj_pool_t *pool, } +static pj_uint32_t ssl_get_proto(pjsip_ssl_method ssl_method, pj_uint32_t proto) +{ + pj_uint32_t out_proto; + + if (proto) + return proto; + + if (ssl_method == PJSIP_SSL_UNSPECIFIED_METHOD) + ssl_method = PJSIP_SSL_DEFAULT_METHOD; + + switch(ssl_method) { + case PJSIP_SSLV2_METHOD: + out_proto = PJ_SSL_SOCK_PROTO_SSL2; + break; + case PJSIP_SSLV3_METHOD: + out_proto = PJ_SSL_SOCK_PROTO_SSL3; + break; + case PJSIP_TLSV1_METHOD: + out_proto = PJ_SSL_SOCK_PROTO_TLS1; + break; + case PJSIP_TLSV1_1_METHOD: + out_proto = PJ_SSL_SOCK_PROTO_TLS1_1; + break; + case PJSIP_TLSV1_2_METHOD: + out_proto = PJ_SSL_SOCK_PROTO_TLS1_2; + break; + case PJSIP_SSLV23_METHOD: + out_proto = PJ_SSL_SOCK_PROTO_SSL23; + break; + default: + out_proto = PJ_SSL_SOCK_PROTO_DEFAULT; + break; + } + return out_proto; +} + + static void tls_init_shutdown(struct tls_transport *tls, pj_status_t status) { pjsip_tp_state_callback state_cb; @@ -275,6 +312,7 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start2( pjsip_endpoint *endpt, pj_pool_t *pool; pj_bool_t is_ipv6; int af, sip_ssl_method; + pj_uint32_t sip_ssl_proto; struct tls_listener *listener; pj_ssl_sock_param ssock_param; pj_sockaddr *listener_addr; @@ -368,26 +406,8 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start2( pjsip_endpoint *endpt, has_listener = PJ_FALSE; sip_ssl_method = listener->tls_setting.method; - if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD) - sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD; - - switch(sip_ssl_method) { - case PJSIP_TLSV1_METHOD: - ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1; - break; - case PJSIP_SSLV2_METHOD: - ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2; - break; - case PJSIP_SSLV3_METHOD: - ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3; - break; - case PJSIP_SSLV23_METHOD: - ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL23; - break; - default: - ssock_param.proto = PJ_SSL_SOCK_PROTO_DEFAULT; - break; - } + sip_ssl_proto = listener->tls_setting.proto; + ssock_param.proto = ssl_get_proto(sip_ssl_method, sip_ssl_proto); /* Create group lock */ status = pj_grp_lock_create(pool, NULL, &listener->grp_lock); @@ -963,6 +983,7 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory, struct tls_listener *listener; struct tls_transport *tls; int sip_ssl_method; + pj_uint32_t sip_ssl_proto; pj_pool_t *pool; pj_grp_lock_t *glock; pj_ssl_sock_t *ssock; @@ -1027,26 +1048,8 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory, sizeof(listener->tls_setting.sockopt_params)); sip_ssl_method = listener->tls_setting.method; - if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD) - sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD; - - switch(sip_ssl_method) { - case PJSIP_TLSV1_METHOD: - ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1; - break; - case PJSIP_SSLV2_METHOD: - ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2; - break; - case PJSIP_SSLV3_METHOD: - ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3; - break; - case PJSIP_SSLV23_METHOD: - ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL23; - break; - default: - ssock_param.proto = PJ_SSL_SOCK_PROTO_DEFAULT; - break; - } + sip_ssl_proto = listener->tls_setting.proto; + ssock_param.proto = ssl_get_proto(sip_ssl_method, sip_ssl_proto); /* Create group lock */ status = pj_grp_lock_create(pool, NULL, &glock); diff --git a/pjsip/src/pjsua2/siptypes.cpp b/pjsip/src/pjsua2/siptypes.cpp index 2b5ddc3e..a3391bbc 100644 --- a/pjsip/src/pjsua2/siptypes.cpp +++ b/pjsip/src/pjsua2/siptypes.cpp @@ -165,6 +165,7 @@ pjsip_tls_setting TlsConfig::toPj() const ts.password = str2Pj(this->password); ts.method = this->method; ts.ciphers_num = (unsigned)this->ciphers.size(); + ts.proto = this->proto; // The following will only work if sizeof(enum)==sizeof(int) pj_assert(sizeof(ts.ciphers[0]) == sizeof(int)); ts.ciphers = ts.ciphers_num? @@ -188,6 +189,7 @@ void TlsConfig::fromPj(const pjsip_tls_setting &prm) this->privKeyFile = pj2Str(prm.privkey_file); this->password = pj2Str(prm.password); this->method = (pjsip_ssl_method)prm.method; + this->proto = prm.proto; // The following will only work if sizeof(enum)==sizeof(int) pj_assert(sizeof(prm.ciphers[0]) == sizeof(int)); this->ciphers = IntVector(prm.ciphers, prm.ciphers+prm.ciphers_num); -- cgit v1.2.3