Ignore:
Timestamp:
Oct 16, 2009 3:06:13 AM (13 years ago)
Author:
nanang
Message:

Ticket #957:

  • Added SSL socket abstraction with OpenSSL backend.
  • Updated cipher data type and added cipher constants (Symbian SSL socket has also been updated).
  • Updated SIP TLS transport to allow setting certificate/credential (via file).
File:
1 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

    r2913 r2950  
    241241    ssock_param.cb.on_data_sent = &on_data_sent; 
    242242    ssock_param.async_cnt = async_cnt; 
    243     ssock_param.ciphers = listener->tls_setting.ciphers; 
    244243    ssock_param.ioqueue = pjsip_endpt_get_ioqueue(endpt); 
    245244    ssock_param.require_client_cert = listener->tls_setting.require_client_cert; 
     
    248247    ssock_param.user_data = listener; 
    249248    ssock_param.verify_peer = listener->tls_setting.verify_client; 
     249    if (ssock_param.send_buffer_size < PJSIP_MAX_PKT_LEN) 
     250        ssock_param.send_buffer_size = PJSIP_MAX_PKT_LEN; 
     251    if (ssock_param.read_buffer_size < PJSIP_MAX_PKT_LEN) 
     252        ssock_param.read_buffer_size = PJSIP_MAX_PKT_LEN; 
     253 
     254    has_listener = PJ_FALSE; 
    250255 
    251256    switch(listener->tls_setting.method) { 
     
    280285    } 
    281286 
     287    /* Check if certificate for SSL socket is set */ 
     288    if (listener->tls_setting.cert_file.slen)  
     289    { 
     290        pj_ssl_cert_t *cert; 
     291 
     292        status = pj_ssl_cert_load_from_files(pool, 
     293                        &listener->tls_setting.ca_list_file, 
     294                        &listener->tls_setting.cert_file, 
     295                        &listener->tls_setting.privkey_file, 
     296                        &listener->tls_setting.password, 
     297                        &cert); 
     298        if (status != PJ_SUCCESS) 
     299            goto on_error; 
     300 
     301        status = pj_ssl_sock_set_certificate(listener->ssock, pool, cert); 
     302        if (status != PJ_SUCCESS) 
     303            goto on_error; 
     304    } 
     305 
    282306    /* Start accepting incoming connections. Note that some TLS/SSL backends 
    283307     * may not support for SSL socket server. 
    284308     */ 
    285309    has_listener = PJ_FALSE; 
     310 
    286311    status = pj_ssl_sock_start_accept(listener->ssock, pool,  
    287312                          (pj_sockaddr_t*)listener_addr,  
     
    352377    } 
    353378 
    354     PJ_LOG(4,(listener->factory.obj_name,  
    355              "SIP TLS listener is ready%s at %.*s:%d", 
    356              (has_listener?" for incoming connections":""), 
    357              (int)listener->factory.addr_name.host.slen, 
    358              listener->factory.addr_name.host.ptr, 
    359              listener->factory.addr_name.port)); 
     379    if (has_listener) { 
     380        PJ_LOG(4,(listener->factory.obj_name,  
     381                 "SIP TLS listener is ready for incoming connections " 
     382                 "at %.*s:%d", 
     383                 (int)listener->factory.addr_name.host.slen, 
     384                 listener->factory.addr_name.host.ptr, 
     385                 listener->factory.addr_name.port)); 
     386    } else { 
     387        PJ_LOG(4,(listener->factory.obj_name, "SIP TLS is ready " 
     388                  "(client only)")); 
     389    } 
    360390 
    361391    /* Return the pointer to user */ 
     
    757787    ssock_param.cb.on_data_sent = &on_data_sent; 
    758788    ssock_param.async_cnt = 1; 
    759     ssock_param.ciphers = listener->tls_setting.ciphers; 
    760789    ssock_param.ioqueue = pjsip_endpt_get_ioqueue(listener->endpt); 
    761     PJ_TODO(SET_PROPER_SERVERNAME_BASED_ON_TARGET); 
     790    PJ_TODO(set_proper_servername_based_on_target); 
     791    PJ_TODO(synchronize_tls_cipher_type_with_ssl_sock_cipher_type); 
    762792    ssock_param.servername = listener->tls_setting.server_name; 
    763793    ssock_param.timeout = listener->tls_setting.timeout; 
    764794    ssock_param.user_data = NULL; /* pending, must be set later */ 
    765795    ssock_param.verify_peer = listener->tls_setting.verify_server; 
    766      
     796    if (ssock_param.send_buffer_size < PJSIP_MAX_PKT_LEN) 
     797        ssock_param.send_buffer_size = PJSIP_MAX_PKT_LEN; 
     798    if (ssock_param.read_buffer_size < PJSIP_MAX_PKT_LEN) 
     799        ssock_param.read_buffer_size = PJSIP_MAX_PKT_LEN; 
     800 
    767801    switch(listener->tls_setting.method) { 
    768802    case PJSIP_TLSV1_METHOD: 
     
    894928                         (const pj_sockaddr_in*)&listener->factory.local_addr, 
    895929                         (const pj_sockaddr_in*)src_addr, &tls); 
     930     
    896931    if (status == PJ_SUCCESS) { 
     932        /* Set the "pending" SSL socket user data */ 
     933        pj_ssl_sock_set_user_data(new_ssock, tls); 
     934 
    897935        status = tls_start_read(tls); 
    898936        if (status != PJ_SUCCESS) { 
     
    11731211    tls = (struct tls_transport*) pj_ssl_sock_get_user_data(ssock); 
    11741212 
    1175     /* Mark that pending connect() operation has completed. */ 
    1176     tls->has_pending_connect = PJ_FALSE; 
    1177  
    11781213    /* Check connect() status */ 
    11791214    if (status != PJ_SUCCESS) { 
     
    12031238        return PJ_FALSE; 
    12041239    } 
    1205  
    1206     PJ_LOG(4,(tls->base.obj_name,  
    1207               "TLS transport %.*s:%d is connected to %.*s:%d", 
    1208               (int)tls->base.local_name.host.slen, 
    1209               tls->base.local_name.host.ptr, 
    1210               tls->base.local_name.port, 
    1211               (int)tls->base.remote_name.host.slen, 
    1212               tls->base.remote_name.host.ptr, 
    1213               tls->base.remote_name.port)); 
    1214  
    12151240 
    12161241    /* Update (again) local address, just in case local address currently 
     
    12341259    } 
    12351260 
     1261    PJ_LOG(4,(tls->base.obj_name,  
     1262              "TLS transport %.*s:%d is connected to %.*s:%d", 
     1263              (int)tls->base.local_name.host.slen, 
     1264              tls->base.local_name.host.ptr, 
     1265              tls->base.local_name.port, 
     1266              (int)tls->base.remote_name.host.slen, 
     1267              tls->base.remote_name.host.ptr, 
     1268              tls->base.remote_name.port)); 
     1269 
     1270    /* Mark that pending connect() operation has completed. */ 
     1271    tls->has_pending_connect = PJ_FALSE; 
     1272 
    12361273    /* Start pending read */ 
    12371274    status = tls_start_read(tls); 
     
    12621299} 
    12631300 
     1301 
    12641302/* Transport keep-alive timer callback */ 
    12651303static void tls_keep_alive_timer(pj_timer_heap_t *th, pj_timer_entry *e) 
Note: See TracChangeset for help on using the changeset viewer.