Ignore:
Timestamp:
Feb 24, 2010 5:43:34 AM (14 years ago)
Author:
nanang
Message:

Ticket #1032:

  • Initial version of server domain name verification:
    • Updated SSL certificate info, especially identities info
    • Updated verification mechanism as in the specifications in ticket desc.
    • Added server domain name info in pjsip_tx_data.
    • Added alternative API for acquiring transport and creating transport of transport factory to include pjsip_tx_data param.
    • Server identity match criteria:
      • full host name match
      • wild card not accepted
      • if identity is URI, it must be SIP/SIPS URI
  • Initial version of transport state notifications:
    • Added new API to set transport state callback in PJSIP and PJSUA.
    • Defined states: connected/disconnected, accepted/rejected, verification errors.
  • Minors:
    • Updated SSL socket test: dump verification result, test of requiring client cert, and few minors.
    • Updated test cert to include subjectAltName extensions.
    • Added SSL certificate dump function.
    • Updated max number of socket async operations in Symbian sample apps (RSocketServ::Connect()) to 32 (was default 8).
File:
1 edited

Legend:

Unmodified
Added
Removed

  • pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h

    r2998 r3106  
    2727 
    2828#include <pjsip/sip_transport.h> 
     29#include <pj/ssl_sock.h> 
    2930#include <pj/string.h> 
    3031#include <pj/sock_qos.h> 
     
    122123 
    123124    /** 
    124      * When PJSIP is acting as a client (outgoing TLS connections),  
    125      * it will always receive a certificate from the peer.  
    126      * If \a verify_server is disabled (set to zero), PJSIP will not  
    127      * verifiy the certificate and allows TLS connections to servers  
    128      * which do not present a valid certificate.  
    129      * If \a tls_verify_server is non-zero, PJSIP verifies the server  
    130      * certificate and will close the TLS connection if the server  
    131      * certificate is not valid. 
    132      * 
    133      * This setting corresponds to OpenSSL SSL_VERIFY_PEER flag. 
    134      * Default value is zero. 
     125     * Specifies the action when verification of server TLS certificate 
     126     * resulting errors: 
     127     * - If \a verify_server is disabled (set to PJ_FALSE), TLS transport  
     128     *   will just notify the application via #pjsip_tp_state_callback with 
     129     *   state (PJSIP_TP_STATE_CONNECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR) 
     130     *   whenever there is any TLS verification error, the return value of  
     131     *   the callback will be used to decide whether transport should be  
     132     *   shutdown. 
     133     * - If \a verify_server is enabled (set to PJ_TRUE), TLS transport  
     134     *   will be shutdown and application will be notified with state 
     135     *   (PJSIP_TP_STATE_DISCONNECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR) 
     136     *   whenever there is any TLS verification error. 
     137     * 
     138     * When the verification resulting success, application will be notified 
     139     * via #pjsip_tp_state_callback with state PJSIP_TP_STATE_CONNECTED. 
     140     * 
     141     * Default value is PJ_FALSE. 
    135142     */ 
    136143    pj_bool_t   verify_server; 
    137144 
    138145    /** 
    139      * When acting as server (incoming TLS connections), setting 
    140      * \a verify_client to non-zero will cause the transport to activate 
    141      * peer verification upon receiving incoming TLS connection. 
    142      * 
    143      * This setting corresponds to OpenSSL SSL_VERIFY_PEER flag. 
    144      * Default value is zero. 
     146     * Specifies the action when verification of server TLS certificate 
     147     * resulting errors: 
     148     * - If \a verify_client is disabled (set to PJ_FALSE), TLS transport  
     149     *   will just notify the application via #pjsip_tp_state_callback with 
     150     *   state (PJSIP_TP_STATE_ACCEPTED | PJSIP_TP_STATE_TLS_VERIF_ERROR) 
     151     *   whenever there is any TLS verification error, the return value of  
     152     *   the callback will be used to decide whether transport should be  
     153     *   shutdown. 
     154     * - If \a verify_client is enabled (set to PJ_TRUE), TLS transport  
     155     *   will be shutdown and application will be notified with state 
     156     *   (PJSIP_TP_STATE_REJECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR) 
     157     *   whenever there is any TLS verification error. 
     158     * 
     159     * When the verification resulting success, application will be notified 
     160     * via #pjsip_tp_state_callback with state PJSIP_TP_STATE_ACCEPTED. 
     161     * 
     162     * Default value is PJ_FALSE. 
    145163     */ 
    146164    pj_bool_t   verify_client; 
     
    151169     * 
    152170     * This setting corresponds to SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. 
    153      * Default value is zero. 
     171     * Default value is PJ_FALSE. 
    154172     */ 
    155173    pj_bool_t   require_client_cert; 
     
    189207 
    190208} pjsip_tls_setting; 
     209 
     210 
     211/** 
     212 * This structure defines transport state extended info specifically for 
     213 * TLS transport. 
     214 */ 
     215typedef struct pjsip_tls_state_info 
     216{ 
     217    /** 
     218     * SSL socket info. 
     219     */ 
     220    pj_ssl_sock_info    *ssl_sock_info; 
     221 
     222} pjsip_tls_state_info; 
    191223 
    192224 
Note: See TracChangeset for help on using the changeset viewer.