Changeset 3110 for pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

Timestamp:

Feb 25, 2010 11:58:19 AM (14 years ago)

Author:

nanang

Message:

More ticket #1032:

• Updated transport state notification callback to return void.
• Updated transport state enum to only contain connected and disconnected, no more bitmask value.
• Added direction field to SIP transport.
• Removed remote hostname hash from transport key.
• Updated cert info dump to return -1 when buffer is insufficient.
• Added new error code PJSIP_TLS_ECERTVERIF.
• Updated get_cert_name() in ssl_sock_symbian.c to use heap buffer instead of stack.
• Minors, e.g: added prefix PJ in cipher types, docs.

File:

• pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c (modified) (8 diffs)

pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

@@ -558 +558 @@
     tls->base.key.type = PJSIP_TRANSPORT_TLS;
     pj_memcpy(&tls->base.key.rem_addr, remote, sizeof(pj_sockaddr_in));
-    tls->base.key.hname = pj_hash_calc_tolower(0, (char*)tls->remote_name.ptr,
-                                               &tls->remote_name);
     tls->base.type_name = "tls";
     tls->base.flag = pjsip_transport_get_flag_from_type(PJSIP_TRANSPORT_TLS);
@@ -569 +567 @@
 
     tls->base.addr_len = sizeof(pj_sockaddr_in);
+    tls->base.dir = is_server? PJSIP_TP_DIR_INCOMING : PJSIP_TP_DIR_OUTGOING;
     
     /* Set initial local address */
@@ -979 +978 @@
     pj_ssl_sock_info ssl_info;
     char addr[PJ_INET6_ADDRSTRLEN+10];
+    pjsip_tp_state_callback *state_cb;
+    pj_bool_t is_shutdown;
     pj_status_t status;
-
-    pjsip_tp_state_callback *state_cb;
-    pj_bool_t tls_verif_ignored;
 
     PJ_UNUSED_ARG(src_addr_len);
@@ -1022 +1020 @@
     pj_ssl_sock_set_user_data(new_ssock, tls);
 
-    tls_verif_ignored = !listener->tls_setting.verify_client;
+    /* Prevent immediate transport destroy as application may access it 
+     * (getting info, etc) in transport state notification callback.
+     */
+    pjsip_transport_add_ref(&tls->base);
+
+    /* If there is verification error and verification is mandatory, shutdown
+     * and destroy the transport.
+     */
+    if (ssl_info.verify_status && listener->tls_setting.verify_client) {
+        if (tls->close_reason == PJ_SUCCESS) 
+            tls->close_reason = PJSIP_TLS_ECERTVERIF;
+        pjsip_transport_shutdown(&tls->base);
+    }
 
     /* Notify transport state to application */
@@ -1029 +1039 @@
         pjsip_transport_state_info state_info;
         pjsip_tls_state_info tls_info;
-        pj_uint32_t tp_state = 0;
-
-        /* Init transport state notification callback */
+        pjsip_transport_state tp_state;
+
+        /* Init transport state info */
         pj_bzero(&tls_info, sizeof(tls_info));
         pj_bzero(&state_info, sizeof(state_info));
-
-        /* Set transport state based on verification status */
-        if (ssl_info.verify_status) {
-            state_info.status = PJSIP_TLS_EACCEPT;
-            tp_state |= PJSIP_TP_STATE_TLS_VERIF_ERROR;
-            if (listener->tls_setting.verify_client)
-                tp_state |= PJSIP_TP_STATE_REJECTED;
-            else
-                tp_state |= PJSIP_TP_STATE_ACCEPTED;
-        } else {
-            tp_state |= PJSIP_TP_STATE_ACCEPTED;
-        }
-
         tls_info.ssl_sock_info = &ssl_info;
         state_info.ext_info = &tls_info;
 
-        tls_verif_ignored = (*state_cb)(&tls->base, tp_state, &state_info);
-    }
-
-    /* Transport should be destroyed when there is TLS verification error
-     * and application doesn't want to ignore it.
-     */
-    if (ssl_info.verify_status && 
-        (listener->tls_setting.verify_client || !tls_verif_ignored))
-    {
-        tls_destroy(&tls->base, PJSIP_TLS_EACCEPT);
+        /* Set transport state based on verification status */
+        if (ssl_info.verify_status && listener->tls_setting.verify_client)
+        {
+            tp_state = PJSIP_TP_STATE_DISCONNECTED;
+            state_info.status = PJSIP_TLS_ECERTVERIF;
+        } else {
+            tp_state = PJSIP_TP_STATE_CONNECTED;
+            state_info.status = PJ_SUCCESS;
+        }
+
+        (*state_cb)(&tls->base, tp_state, &state_info);
+    }
+
+    /* Release transport reference. If transport is shutting down, it may
+     * get destroyed here.
+     */
+    is_shutdown = tls->base.is_shutdown;
+    pjsip_transport_dec_ref(&tls->base);
+    if (is_shutdown)
         return PJ_TRUE;
-    }
+
 
     status = tls_start_read(tls);
@@ -1332 +1338 @@
     pj_ssl_sock_info ssl_info;
     pj_sockaddr_in addr, *tp_addr;
-
     pjsip_tp_state_callback *state_cb;
-    pj_bool_t tls_verif_ignored;
+    pj_bool_t is_shutdown;
 
     tls = (struct tls_transport*) pj_ssl_sock_get_user_data(ssock);
@@ -1433 +1438 @@
     }
 
-    tls_verif_ignored = !tls->verify_server;
+    /* Prevent immediate transport destroy as application may access it 
+     * (getting info, etc) in transport state notification callback.
+     */
+    pjsip_transport_add_ref(&tls->base);
+
+    /* If there is verification error and verification is mandatory, shutdown
+     * and destroy the transport.
+     */
+    if (ssl_info.verify_status && tls->verify_server) {
+        if (tls->close_reason == PJ_SUCCESS) 
+            tls->close_reason = PJSIP_TLS_ECERTVERIF;
+        pjsip_transport_shutdown(&tls->base);
+    }
 
     /* Notify transport state to application */
@@ -1442 +1459 @@
         pj_uint32_t tp_state = 0;
 
-        /* Init transport state notification callback */
+        /* Init transport state info */
         pj_bzero(&state_info, sizeof(state_info));
         pj_bzero(&tls_info, sizeof(tls_info));
-
-        /* Set transport state info */
         state_info.ext_info = &tls_info;
         tls_info.ssl_sock_info = &ssl_info;
 
         /* Set transport state based on verification status */
-        if (ssl_info.verify_status) {
-            state_info.status = PJSIP_TLS_ECONNECT;
-            tp_state |= PJSIP_TP_STATE_TLS_VERIF_ERROR;
-            if (tls->verify_server)
-                tp_state |= PJSIP_TP_STATE_DISCONNECTED;
-            else
-                tp_state |= PJSIP_TP_STATE_CONNECTED;
+        if (ssl_info.verify_status && tls->verify_server)
+        {
+            tp_state = PJSIP_TP_STATE_DISCONNECTED;
+            state_info.status = PJSIP_TLS_ECERTVERIF;
         } else {
-            tp_state |= PJSIP_TP_STATE_CONNECTED;
+            tp_state = PJSIP_TP_STATE_CONNECTED;
+            state_info.status = PJ_SUCCESS;
         }
 
-        tls_verif_ignored = (*state_cb)(&tls->base, tp_state, &state_info);
-    }
-
-    /* Transport should be shutdown when there is TLS verification error
-     * and application doesn't want to ignore it.
-     */
-    if (ssl_info.verify_status && 
-        (tls->verify_server || !tls_verif_ignored))
-    {
-        if (tls->close_reason == PJ_SUCCESS) 
-            tls->close_reason = PJSIP_TLS_ECONNECT;
-        pjsip_transport_shutdown(&tls->base);
+        (*state_cb)(&tls->base, tp_state, &state_info);
+    }
+
+    /* Release transport reference. If transport is shutting down, it may
+     * get destroyed here.
+     */
+    is_shutdown = tls->base.is_shutdown;
+    pjsip_transport_dec_ref(&tls->base);
+    if (is_shutdown)
         return PJ_FALSE;
-    }
+
 
     /* Mark that pending connect() operation has completed. */