Changeset 4869 for pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

Timestamp:

Jul 2, 2014 6:57:53 PM (10 years ago)

Author:

bennylp

Message:

Closed #1775: Changing OpenSSL default method from TLSv1 to SSLv23 to enable enable AES-GCM cipher suites in default (thanks Alexander Traud for the patch).

Also fixed a bug in SIP TLS transport (sip_transport_tls.c). According to sip_transport_tls.h:94, when PJSIP_SSL_UNSPECIFIED_METHOD is set as method, PJSIP_SSL_DEFAULT_METHOD will be used. But the implementation uses PJ_SSL_SOCK_PROTO_DEFAULT instead of PJSIP_SSL_DEFAULT_METHOD. Currently this is fine because both resolve to TLSv1, but the patch will break it.

File:

• pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c (modified) (4 diffs)

pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

@@ -275 +275 @@
     pj_pool_t *pool;
     pj_bool_t is_ipv6;
-    int af;
+    int af, sip_ssl_method;
     struct tls_listener *listener;
     pj_ssl_sock_param ssock_param;
@@ -368 +368 @@
     has_listener = PJ_FALSE;
 
-    switch(listener->tls_setting.method) {
+    sip_ssl_method = listener->tls_setting.method;
+    if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD)
+        sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD;
+
+    switch(sip_ssl_method) {
     case PJSIP_TLSV1_METHOD:
         ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
@@ -959 +963 @@
     struct tls_listener *listener;
     struct tls_transport *tls;
+    int sip_ssl_method;
     pj_pool_t *pool;
     pj_grp_lock_t *glock;
@@ -1022 +1027 @@
               sizeof(listener->tls_setting.sockopt_params));
 
-    switch(listener->tls_setting.method) {
+    sip_ssl_method = listener->tls_setting.method;
+    if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD)
+        sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD;
+
+    switch(sip_ssl_method) {
     case PJSIP_TLSV1_METHOD:
         ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;