Changeset 3106 for pjproject/trunk/pjsip-apps/src/pjsua/pjsua_app.c

Timestamp:

Feb 24, 2010 5:43:34 AM (14 years ago)

Author:

nanang

Message:

Ticket #1032:

• Initial version of server domain name verification:
  • Updated SSL certificate info, especially identities info
  • Updated verification mechanism as in the specifications in ticket desc.
  • Added server domain name info in pjsip_tx_data.
  • Added alternative API for acquiring transport and creating transport of transport factory to include pjsip_tx_data param.
  • Server identity match criteria:
    • full host name match
    • wild card not accepted
    • if identity is URI, it must be SIP/SIPS URI
• Initial version of transport state notifications:
  • Added new API to set transport state callback in PJSIP and PJSUA.
  • Defined states: connected/disconnected, accepted/rejected, verification errors.
• Minors:
  • Updated SSL socket test: dump verification result, test of requiring client cert, and few minors.
  • Updated test cert to include subjectAltName extensions.
  • Added SSL certificate dump function.
  • Updated max number of socket async operations in Symbian sample apps (RSocketServ::Connect()) to 32 (was default 8).

File:

• pjproject/trunk/pjsip-apps/src/pjsua/pjsua_app.c (modified) (2 diffs)

pjproject/trunk/pjsip-apps/src/pjsua/pjsua_app.c

@@ -2789 +2789 @@
 
 /*
+ * Transport status notification
+ */
+static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
+                                    const pjsip_transport_state_info *info)
+{
+    char host_port[128];
+
+    pj_ansi_snprintf(host_port, sizeof(host_port), "[%.*s:%d]",
+                     (int)tp->remote_name.host.slen,
+                     tp->remote_name.host.ptr,
+                     tp->remote_name.port);
+
+    if (state & PJSIP_TP_STATE_CONNECTED) {
+        PJ_LOG(3,(THIS_FILE, "SIP transport %s is connected to %s", 
+                 tp->type_name, host_port));
+    } 
+    else if (state & PJSIP_TP_STATE_ACCEPTED) {
+        PJ_LOG(3,(THIS_FILE, "SIP transport %s accepted %s",
+                 tp->type_name, host_port));
+    } 
+    else if (state & PJSIP_TP_STATE_DISCONNECTED) {
+        char buf[100];
+
+        snprintf(buf, sizeof(buf), "SIP transport %s is disconnected from %s",
+                 tp->type_name, host_port);
+        pjsua_perror(THIS_FILE, buf, info->status);
+    }
+    else if (state & PJSIP_TP_STATE_REJECTED) {
+        char buf[100];
+
+        snprintf(buf, sizeof(buf), "SIP transport %s rejected %s",
+                 tp->type_name, host_port);
+        pjsua_perror(THIS_FILE, buf, info->status);
+    }
+
+#if defined(PJSIP_HAS_TLS_TRANSPORT) && PJSIP_HAS_TLS_TRANSPORT!=0
+
+    if (!pj_ansi_stricmp(tp->type_name, "tls") && info->ext_info &&
+        (state == PJSIP_TP_STATE_CONNECTED || 
+         (state & PJSIP_TP_STATE_TLS_VERIF_ERROR)))
+    {
+        pjsip_tls_state_info *tls_info = (pjsip_tls_state_info*)info->ext_info;
+        pj_ssl_sock_info *ssl_sock_info = (pj_ssl_sock_info*)
+                                          tls_info->ssl_sock_info;
+        char buf[2048];
+        const char *verif_msgs[32];
+        unsigned verif_msg_cnt;
+
+        /* Dump server TLS certificate */
+        pj_ssl_cert_info_dump(ssl_sock_info->remote_cert_info, "  ",
+                              buf, sizeof(buf));
+        PJ_LOG(4,(THIS_FILE, "TLS cert info of %s:\n%s", host_port, buf));
+
+        /* Dump server TLS certificate verification result */
+        verif_msg_cnt = PJ_ARRAY_SIZE(verif_msgs);
+        pj_ssl_cert_verify_error_st(ssl_sock_info->verify_status,
+                                    verif_msgs, &verif_msg_cnt);
+        PJ_LOG(3,(THIS_FILE, "TLS cert verification result of %s : %s",
+                             host_port,
+                             (verif_msg_cnt == 1? verif_msgs[0]:"")));
+        if (verif_msg_cnt > 1) {
+            unsigned i;
+            for (i = 0; i < verif_msg_cnt; ++i)
+                PJ_LOG(3,(THIS_FILE, "- %s", verif_msgs[i]));
+        }
+
+        if (state & PJSIP_TP_STATE_TLS_VERIF_ERROR && 
+            !app_config.udp_cfg.tls_setting.verify_server) 
+        {
+            PJ_LOG(3,(THIS_FILE, "PJSUA is configured to ignore TLS cert "
+                                 "verification errors"));
+        }
+    }
+
+#endif
+    return PJ_TRUE;
+}
+
+/*
  * Print buddy list.
  */
@@ -4384 +4463 @@
     app_config.cfg.cb.on_nat_detect = &on_nat_detect;
     app_config.cfg.cb.on_mwi_info = &on_mwi_info;
+    app_config.cfg.cb.on_transport_state = &on_transport_state;
 
     /* Set sound device latency */