From eca8d28de93c429f4ed8c39bef710ffa45beaf5b Mon Sep 17 00:00:00 2001
From: Nanang Izzuddin <nanang@teluu.com>
Date: Wed, 30 Dec 2009 06:35:20 +0000
Subject: Ticket #1005:  - Fixed bug in pjsip_tls_transport_start(): specified
 ca_list_file must be applied even when cert_file is not set.  - Fixed bug in
 lis_create_transport(): new transport should inherit cert settings (from
 listener).  - Fixed pjsua app, missing TLS transport setting
 'require_client_cert' for '--tls-verify-client' option.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@3039 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjsip/src/pjsip/sip_transport_tls.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'pjsip')

diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
index a61cee29..ab96ecd9 100644
--- a/pjsip/src/pjsip/sip_transport_tls.c
+++ b/pjsip/src/pjsip/sip_transport_tls.c
@@ -54,6 +54,7 @@ struct tls_listener
     pjsip_endpoint	    *endpt;
     pjsip_tpmgr		    *tpmgr;
     pj_ssl_sock_t	    *ssock;
+    pj_ssl_cert_t	    *cert;
     pjsip_tls_setting	     tls_setting;
 };
 
@@ -288,21 +289,21 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start (pjsip_endpoint *endpt,
 	pj_sockaddr_in_init(listener_addr, NULL, 0);
     }
 
-    /* Check if certificate for SSL socket is set */
-    if (listener->tls_setting.cert_file.slen) 
+    /* Check if certificate/CA list for SSL socket is set */
+    if (listener->tls_setting.cert_file.slen ||
+	listener->tls_setting.ca_list_file.slen) 
     {
-	pj_ssl_cert_t *cert;
-
 	status = pj_ssl_cert_load_from_files(pool,
 			&listener->tls_setting.ca_list_file,
 			&listener->tls_setting.cert_file,
 			&listener->tls_setting.privkey_file,
 			&listener->tls_setting.password,
-			&cert);
+			&listener->cert);
 	if (status != PJ_SUCCESS)
 	    goto on_error;
 
-	status = pj_ssl_sock_set_certificate(listener->ssock, pool, cert);
+	status = pj_ssl_sock_set_certificate(listener->ssock, pool, 
+					     listener->cert);
 	if (status != PJ_SUCCESS)
 	    goto on_error;
     }
@@ -837,6 +838,13 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
     if (status != PJ_SUCCESS)
 	return status;
 
+    /* Apply SSL certificate */
+    if (listener->cert) {
+	status = pj_ssl_sock_set_certificate(ssock, pool, listener->cert);
+	if (status != PJ_SUCCESS)
+	    return status;
+    }
+
     /* Initially set bind address to PJ_INADDR_ANY port 0 */
     pj_sockaddr_in_init(&local_addr, NULL, 0);
 
-- 
cgit v1.2.3