Changeset 4869


Ignore:
Timestamp:
Jul 2, 2014 6:57:53 PM (5 years ago)
Author:
bennylp
Message:

Closed #1775: Changing OpenSSL default method from TLSv1 to SSLv23 to enable enable AES-GCM cipher suites in default (thanks Alexander Traud for the patch).

Also fixed a bug in SIP TLS transport (sip_transport_tls.c). According to sip_transport_tls.h:94, when PJSIP_SSL_UNSPECIFIED_METHOD is set as method, PJSIP_SSL_DEFAULT_METHOD will be used. But the implementation uses PJ_SSL_SOCK_PROTO_DEFAULT instead of PJSIP_SSL_DEFAULT_METHOD. Currently this is fine because both resolve to TLSv1, but the patch will break it.

Location:
pjproject/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r4862 r4869  
    507507    /* Determine SSL method to use */ 
    508508    switch (ssock->param.proto) { 
    509     case PJ_SSL_SOCK_PROTO_DEFAULT: 
    510509    case PJ_SSL_SOCK_PROTO_TLS1: 
    511510        ssl_method = (SSL_METHOD*)TLSv1_method(); 
     
    519518        ssl_method = (SSL_METHOD*)SSLv3_method(); 
    520519        break; 
     520    case PJ_SSL_SOCK_PROTO_DEFAULT: 
    521521    case PJ_SSL_SOCK_PROTO_SSL23: 
    522522        ssl_method = (SSL_METHOD*)SSLv23_method(); 
  • pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

    r4862 r4869  
    275275    pj_pool_t *pool; 
    276276    pj_bool_t is_ipv6; 
    277     int af; 
     277    int af, sip_ssl_method; 
    278278    struct tls_listener *listener; 
    279279    pj_ssl_sock_param ssock_param; 
     
    368368    has_listener = PJ_FALSE; 
    369369 
    370     switch(listener->tls_setting.method) { 
     370    sip_ssl_method = listener->tls_setting.method; 
     371    if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD) 
     372        sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD; 
     373 
     374    switch(sip_ssl_method) { 
    371375    case PJSIP_TLSV1_METHOD: 
    372376        ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1; 
     
    959963    struct tls_listener *listener; 
    960964    struct tls_transport *tls; 
     965    int sip_ssl_method; 
    961966    pj_pool_t *pool; 
    962967    pj_grp_lock_t *glock; 
     
    10221027              sizeof(listener->tls_setting.sockopt_params)); 
    10231028 
    1024     switch(listener->tls_setting.method) { 
     1029    sip_ssl_method = listener->tls_setting.method; 
     1030    if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD) 
     1031        sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD; 
     1032 
     1033    switch(sip_ssl_method) { 
    10251034    case PJSIP_TLSV1_METHOD: 
    10261035        ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1; 
Note: See TracChangeset for help on using the changeset viewer.