Changeset 3039


Ignore:
Timestamp:
Dec 30, 2009 6:35:20 AM (14 years ago)
Author:
nanang
Message:

Ticket #1005:

  • Fixed bug in pjsip_tls_transport_start(): specified ca_list_file must be applied even when cert_file is not set.
  • Fixed bug in lis_create_transport(): new transport should inherit cert settings (from listener).
  • Fixed pjsua app, missing TLS transport setting 'require_client_cert' for '--tls-verify-client' option.
Location:
pjproject/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjsip-apps/src/pjsua/pjsua_app.c

    r3021 r3039  
    12801280        case OPT_TLS_VERIFY_CLIENT: 
    12811281            cfg->udp_cfg.tls_setting.verify_client = PJ_TRUE; 
     1282            cfg->udp_cfg.tls_setting.require_client_cert = PJ_TRUE; 
    12821283            break; 
    12831284 
  • pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

    r3020 r3039  
    5555    pjsip_tpmgr             *tpmgr; 
    5656    pj_ssl_sock_t           *ssock; 
     57    pj_ssl_cert_t           *cert; 
    5758    pjsip_tls_setting        tls_setting; 
    5859}; 
     
    289290    } 
    290291 
    291     /* Check if certificate for SSL socket is set */ 
    292     if (listener->tls_setting.cert_file.slen)  
     292    /* Check if certificate/CA list for SSL socket is set */ 
     293    if (listener->tls_setting.cert_file.slen || 
     294        listener->tls_setting.ca_list_file.slen)  
    293295    { 
    294         pj_ssl_cert_t *cert; 
    295  
    296296        status = pj_ssl_cert_load_from_files(pool, 
    297297                        &listener->tls_setting.ca_list_file, 
     
    299299                        &listener->tls_setting.privkey_file, 
    300300                        &listener->tls_setting.password, 
    301                         &cert); 
     301                        &listener->cert); 
    302302        if (status != PJ_SUCCESS) 
    303303            goto on_error; 
    304304 
    305         status = pj_ssl_sock_set_certificate(listener->ssock, pool, cert); 
     305        status = pj_ssl_sock_set_certificate(listener->ssock, pool,  
     306                                             listener->cert); 
    306307        if (status != PJ_SUCCESS) 
    307308            goto on_error; 
     
    838839        return status; 
    839840 
     841    /* Apply SSL certificate */ 
     842    if (listener->cert) { 
     843        status = pj_ssl_sock_set_certificate(ssock, pool, listener->cert); 
     844        if (status != PJ_SUCCESS) 
     845            return status; 
     846    } 
     847 
    840848    /* Initially set bind address to PJ_INADDR_ANY port 0 */ 
    841849    pj_sockaddr_in_init(&local_addr, NULL, 0); 
Note: See TracChangeset for help on using the changeset viewer.