Ignore:
Timestamp:
Jul 2, 2014 6:57:53 PM (8 years ago)
Author:
bennylp
Message:

Closed #1775: Changing OpenSSL default method from TLSv1 to SSLv23 to enable enable AES-GCM cipher suites in default (thanks Alexander Traud for the patch).

Also fixed a bug in SIP TLS transport (sip_transport_tls.c). According to sip_transport_tls.h:94, when PJSIP_SSL_UNSPECIFIED_METHOD is set as method, PJSIP_SSL_DEFAULT_METHOD will be used. But the implementation uses PJ_SSL_SOCK_PROTO_DEFAULT instead of PJSIP_SSL_DEFAULT_METHOD. Currently this is fine because both resolve to TLSv1, but the patch will break it.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c

    r4862 r4869  
    275275    pj_pool_t *pool; 
    276276    pj_bool_t is_ipv6; 
    277     int af; 
     277    int af, sip_ssl_method; 
    278278    struct tls_listener *listener; 
    279279    pj_ssl_sock_param ssock_param; 
     
    368368    has_listener = PJ_FALSE; 
    369369 
    370     switch(listener->tls_setting.method) { 
     370    sip_ssl_method = listener->tls_setting.method; 
     371    if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD) 
     372        sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD; 
     373 
     374    switch(sip_ssl_method) { 
    371375    case PJSIP_TLSV1_METHOD: 
    372376        ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1; 
     
    959963    struct tls_listener *listener; 
    960964    struct tls_transport *tls; 
     965    int sip_ssl_method; 
    961966    pj_pool_t *pool; 
    962967    pj_grp_lock_t *glock; 
     
    10221027              sizeof(listener->tls_setting.sockopt_params)); 
    10231028 
    1024     switch(listener->tls_setting.method) { 
     1029    sip_ssl_method = listener->tls_setting.method; 
     1030    if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD) 
     1031        sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD; 
     1032 
     1033    switch(sip_ssl_method) { 
    10251034    case PJSIP_TLSV1_METHOD: 
    10261035        ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1; 
Note: See TracChangeset for help on using the changeset viewer.