From 0afb0fd54874856944a4df43f6242cbd46868999 Mon Sep 17 00:00:00 2001
From: Benny Prijono <bennylp@teluu.com>
Date: Wed, 2 Jul 2014 18:57:53 +0000
Subject: Closed #1775: Changing OpenSSL default method from TLSv1 to SSLv23 to
 enable enable AES-GCM cipher suites in default (thanks Alexander Traud for
 the patch).

Also fixed a bug in SIP TLS transport (sip_transport_tls.c). According to [https://trac.pjsip.org/repos/browser/pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h#L94 sip_transport_tls.h:94], when PJSIP_SSL_UNSPECIFIED_METHOD is set as method, PJSIP_SSL_DEFAULT_METHOD will be used. But the implementation uses PJ_SSL_SOCK_PROTO_DEFAULT instead of PJSIP_SSL_DEFAULT_METHOD. Currently this is fine because both resolve to TLSv1, but the patch will break it.


git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4869 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjsip/src/pjsip/sip_transport_tls.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'pjsip')

diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
index 4e890e10..aa486987 100644
--- a/pjsip/src/pjsip/sip_transport_tls.c
+++ b/pjsip/src/pjsip/sip_transport_tls.c
@@ -274,7 +274,7 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start2( pjsip_endpoint *endpt,
 {
     pj_pool_t *pool;
     pj_bool_t is_ipv6;
-    int af;
+    int af, sip_ssl_method;
     struct tls_listener *listener;
     pj_ssl_sock_param ssock_param;
     pj_sockaddr *listener_addr;
@@ -367,7 +367,11 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start2( pjsip_endpoint *endpt,
 
     has_listener = PJ_FALSE;
 
-    switch(listener->tls_setting.method) {
+    sip_ssl_method = listener->tls_setting.method;
+    if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD)
+	sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD;
+
+    switch(sip_ssl_method) {
     case PJSIP_TLSV1_METHOD:
 	ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
 	break;
@@ -958,6 +962,7 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
 {
     struct tls_listener *listener;
     struct tls_transport *tls;
+    int sip_ssl_method;
     pj_pool_t *pool;
     pj_grp_lock_t *glock;
     pj_ssl_sock_t *ssock;
@@ -1021,7 +1026,11 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
 	      &listener->tls_setting.sockopt_params,
 	      sizeof(listener->tls_setting.sockopt_params));
 
-    switch(listener->tls_setting.method) {
+    sip_ssl_method = listener->tls_setting.method;
+    if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD)
+	sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD;
+
+    switch(sip_ssl_method) {
     case PJSIP_TLSV1_METHOD:
 	ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
 	break;
-- 
cgit v1.2.3