Index: /pjproject/trunk/pjlib/include/pj/ssl_sock.h
===================================================================
--- /pjproject/trunk/pjlib/include/pj/ssl_sock.h (revision 4967)
+++ /pjproject/trunk/pjlib/include/pj/ssl_sock.h (revision 4968)
@@ -488,14 +488,49 @@
/**
* Enumeration of secure socket protocol types.
+ * This can be combined using bitwise OR operation.
*/
typedef enum pj_ssl_sock_proto
{
- PJ_SSL_SOCK_PROTO_DEFAULT, /**< Default protocol of backend. */
- PJ_SSL_SOCK_PROTO_TLS1, /**< TLSv1.0 protocol. */
- PJ_SSL_SOCK_PROTO_SSL3, /**< SSLv3.0 protocol. */
- PJ_SSL_SOCK_PROTO_SSL23, /**< SSLv3.0 but can roll back to
- SSLv2.0. */
- PJ_SSL_SOCK_PROTO_SSL2, /**< SSLv2.0 protocol. */
- PJ_SSL_SOCK_PROTO_DTLS1 /**< DTLSv1.0 protocol. */
+ /**
+ * Default protocol of backend.
+ */
+ PJ_SSL_SOCK_PROTO_DEFAULT = 0,
+
+ /**
+ * SSLv2.0 protocol.
+ */
+ PJ_SSL_SOCK_PROTO_SSL2 = (1 << 0),
+
+ /**
+ * SSLv3.0 protocol.
+ */
+ PJ_SSL_SOCK_PROTO_SSL3 = (1 << 1),
+
+ /**
+ * TLSv1.0 protocol.
+ */
+ PJ_SSL_SOCK_PROTO_TLS1 = (1 << 2),
+
+ /**
+ * TLSv1.1 protocol.
+ */
+ PJ_SSL_SOCK_PROTO_TLS1_1 = (1 << 3),
+
+ /**
+ * TLSv1.2 protocol.
+ */
+ PJ_SSL_SOCK_PROTO_TLS1_2 = (1 << 4),
+
+ /**
+ * Certain backend implementation e.g:OpenSSL, has feature to enable all
+ * protocol.
+ */
+ PJ_SSL_SOCK_PROTO_SSL23 = (1 << 16) - 1,
+
+ /**
+ * DTLSv1.0 protocol.
+ */
+ PJ_SSL_SOCK_PROTO_DTLS1 = (1 << 16),
+
} pj_ssl_sock_proto;
@@ -513,7 +548,8 @@
/**
- * Describes secure socket protocol being used.
- */
- pj_ssl_sock_proto proto;
+ * Describes secure socket protocol being used, see #pj_ssl_sock_proto.
+ * Use bitwise OR operation to combine the protocol type.
+ */
+ pj_uint32_t proto;
/**
@@ -615,9 +651,10 @@
/**
- * Specify security protocol to use, see #pj_ssl_sock_proto.
+ * Specify security protocol to use, see #pj_ssl_sock_proto. Use bitwise OR
+ * operation to combine the protocol type.
*
* Default is PJ_SSL_SOCK_PROTO_DEFAULT.
*/
- pj_ssl_sock_proto proto;
+ pj_uint32_t proto;
/**
Index: /pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c
===================================================================
--- /pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c (revision 4967)
+++ /pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c (revision 4968)
@@ -503,6 +503,7 @@
EC_KEY *ecdh;
#endif
- SSL_METHOD *ssl_method;
+ SSL_METHOD *ssl_method = NULL;
SSL_CTX *ctx;
+ pj_uint32_t ssl_opt = 0;
pj_ssl_cert_t *cert;
int mode, rc;
@@ -515,4 +516,7 @@
/* Make sure OpenSSL library has been initialized */
init_openssl();
+
+ if (ssock->param.proto == PJ_SSL_SOCK_PROTO_DEFAULT)
+ ssock->param.proto = PJ_SSL_SOCK_PROTO_SSL23;
/* Determine SSL method to use */
@@ -529,13 +533,40 @@
ssl_method = (SSL_METHOD*)SSLv3_method();
break;
- case PJ_SSL_SOCK_PROTO_DEFAULT:
- case PJ_SSL_SOCK_PROTO_SSL23:
+ }
+
+ if (!ssl_method) {
ssl_method = (SSL_METHOD*)SSLv23_method();
- break;
- //case PJ_SSL_SOCK_PROTO_DTLS1:
- //ssl_method = (SSL_METHOD*)DTLSv1_method();
- //break;
- default:
- return PJ_EINVAL;
+
+#ifdef SSL_OP_NO_SSLv2
+ /** Check if SSLv2 is enabled */
+ ssl_opt |= ((ssock->param.proto & PJ_SSL_SOCK_PROTO_SSL2)==0)?
+ SSL_OP_NO_SSLv2:0;
+#endif
+
+#ifdef SSL_OP_NO_SSLv3
+ /** Check if SSLv3 is enabled */
+ ssl_opt |= ((ssock->param.proto & PJ_SSL_SOCK_PROTO_SSL3)==0)?
+ SSL_OP_NO_SSLv3:0;
+#endif
+
+#ifdef SSL_OP_NO_TLSv1
+ /** Check if TLSv1 is enabled */
+ ssl_opt |= ((ssock->param.proto & PJ_SSL_SOCK_PROTO_TLS1)==0)?
+ SSL_OP_NO_TLSv1:0;
+#endif
+
+#ifdef SSL_OP_NO_TLSv1_1
+ /** Check if TLSv1_1 is enabled */
+ ssl_opt |= ((ssock->param.proto & PJ_SSL_SOCK_PROTO_TLS1_1)==0)?
+ SSL_OP_NO_TLSv1_1:0;
+#endif
+
+#ifdef SSL_OP_NO_TLSv1_2
+ /** Check if TLSv1_2 is enabled */
+ ssl_opt |= ((ssock->param.proto & PJ_SSL_SOCK_PROTO_TLS1_2)==0)?
+ SSL_OP_NO_TLSv1_2:0;
+
+#endif
+
}
@@ -545,4 +576,6 @@
return GET_SSL_STATUS(ssock);
}
+ if (ssl_opt)
+ SSL_CTX_set_options(ctx, ssl_opt);
/* Apply credentials */
Index: /pjproject/trunk/pjlib/src/pj/ssl_sock_symbian.cpp
===================================================================
--- /pjproject/trunk/pjlib/src/pj/ssl_sock_symbian.cpp (revision 4967)
+++ /pjproject/trunk/pjlib/src/pj/ssl_sock_symbian.cpp (revision 4968)
@@ -1384,12 +1384,9 @@
/* CSecureSocket only support TLS1.0 and SSL3.0 */
- switch(ssock->proto) {
- case PJ_SSL_SOCK_PROTO_TLS1:
+ if (ssock->proto & PJ_SSL_SOCK_PROTO_TLS1==PJ_SSL_SOCK_PROTO_TLS1) {
proto.Set((const TUint8*)"TLS1.0", 6);
- break;
- case PJ_SSL_SOCK_PROTO_SSL3:
+ } else if (ssock->proto & PJ_SSL_SOCK_PROTO_SSL3==PJ_SSL_SOCK_PROTO_SSL3) {
proto.Set((const TUint8*)"SSL3.0", 6);
- break;
- default:
+ } else {
return PJ_ENOTSUP;
}
Index: /pjproject/trunk/pjsip-apps/src/swig/symbols.i
===================================================================
--- /pjproject/trunk/pjsip-apps/src/swig/symbols.i (revision 4967)
+++ /pjproject/trunk/pjsip-apps/src/swig/symbols.i (revision 4968)
@@ -32,4 +32,6 @@
typedef enum pj_ssl_cipher {PJ_TLS_UNKNOWN_CIPHER = -1, PJ_TLS_NULL_WITH_NULL_NULL = 0x00000000, PJ_TLS_RSA_WITH_NULL_MD5 = 0x00000001, PJ_TLS_RSA_WITH_NULL_SHA = 0x00000002, PJ_TLS_RSA_WITH_NULL_SHA256 = 0x0000003B, PJ_TLS_RSA_WITH_RC4_128_MD5 = 0x00000004, PJ_TLS_RSA_WITH_RC4_128_SHA = 0x00000005, PJ_TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x0000000A, PJ_TLS_RSA_WITH_AES_128_CBC_SHA = 0x0000002F, PJ_TLS_RSA_WITH_AES_256_CBC_SHA = 0x00000035, PJ_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003C, PJ_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x0000003D, PJ_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x0000000D, PJ_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000010, PJ_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x00000013, PJ_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000016, PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x00000030, PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x00000031, PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x00000032, PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x00000033, PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x00000036, PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x00000037, PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x00000038, PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x00000039, PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x0000003E, PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003F, PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x00000040, PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x00000067, PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x00000068, PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x00000069, PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x0000006A, PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x0000006B, PJ_TLS_DH_anon_WITH_RC4_128_MD5 = 0x00000018, PJ_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x0000001B, PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x00000034, PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x0000003A, PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x0000006C, PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x0000006D, PJ_TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x00000003, PJ_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x00000006, PJ_TLS_RSA_WITH_IDEA_CBC_SHA = 0x00000007, PJ_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000008, PJ_TLS_RSA_WITH_DES_CBC_SHA = 0x00000009, PJ_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0000000B, PJ_TLS_DH_DSS_WITH_DES_CBC_SHA = 0x0000000C, PJ_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0000000E, PJ_TLS_DH_RSA_WITH_DES_CBC_SHA = 0x0000000F, PJ_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x00000011, PJ_TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x00000012, PJ_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000014, PJ_TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x00000015, PJ_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x00000017, PJ_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x00000019, PJ_TLS_DH_anon_WITH_DES_CBC_SHA = 0x0000001A, PJ_SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x0000001C, PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x0000001D, PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E, PJ_SSL_CK_RC4_128_WITH_MD5 = 0x00010080, PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x00020080, PJ_SSL_CK_RC2_128_CBC_WITH_MD5 = 0x00030080, PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x00040080, PJ_SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x00050080, PJ_SSL_CK_DES_64_CBC_WITH_MD5 = 0x00060040, PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x000700C0} pj_ssl_cipher;
+
+typedef enum pj_ssl_sock_proto {PJ_SSL_SOCK_PROTO_DEFAULT = 0, PJ_SSL_SOCK_PROTO_SSL2 = 1 << 0, PJ_SSL_SOCK_PROTO_SSL3 = 1 << 1, PJ_SSL_SOCK_PROTO_TLS1 = 1 << 2, PJ_SSL_SOCK_PROTO_TLS1_1 = 1 << 3, PJ_SSL_SOCK_PROTO_TLS1_2 = 1 << 4, PJ_SSL_SOCK_PROTO_SSL23 = (1 << 16) - 1, PJ_SSL_SOCK_PROTO_DTLS1 = 1 << 16} pj_ssl_sock_proto;
typedef enum pj_stun_nat_type {PJ_STUN_NAT_TYPE_UNKNOWN, PJ_STUN_NAT_TYPE_ERR_UNKNOWN, PJ_STUN_NAT_TYPE_OPEN, PJ_STUN_NAT_TYPE_BLOCKED, PJ_STUN_NAT_TYPE_SYMMETRIC_UDP, PJ_STUN_NAT_TYPE_FULL_CONE, PJ_STUN_NAT_TYPE_SYMMETRIC, PJ_STUN_NAT_TYPE_RESTRICTED, PJ_STUN_NAT_TYPE_PORT_RESTRICTED} pj_stun_nat_type;
@@ -108,5 +110,5 @@
typedef enum pjsip_transport_state {PJSIP_TP_STATE_CONNECTED, PJSIP_TP_STATE_DISCONNECTED, PJSIP_TP_STATE_SHUTDOWN, PJSIP_TP_STATE_DESTROY} pjsip_transport_state;
-typedef enum pjsip_ssl_method {PJSIP_SSL_UNSPECIFIED_METHOD = 0, PJSIP_TLSV1_METHOD = 31, PJSIP_SSLV2_METHOD = 20, PJSIP_SSLV3_METHOD = 30, PJSIP_SSLV23_METHOD = 23} pjsip_ssl_method;
+typedef enum pjsip_ssl_method {PJSIP_SSL_UNSPECIFIED_METHOD = 0, PJSIP_SSLV2_METHOD = 20, PJSIP_SSLV3_METHOD = 30, PJSIP_TLSV1_METHOD = 31, PJSIP_TLSV1_1_METHOD = 32, PJSIP_TLSV1_2_METHOD = 33, PJSIP_SSLV23_METHOD = 23} pjsip_ssl_method;
typedef enum pjsip_tsx_state_e {PJSIP_TSX_STATE_NULL, PJSIP_TSX_STATE_CALLING, PJSIP_TSX_STATE_TRYING, PJSIP_TSX_STATE_PROCEEDING, PJSIP_TSX_STATE_COMPLETED, PJSIP_TSX_STATE_CONFIRMED, PJSIP_TSX_STATE_TERMINATED, PJSIP_TSX_STATE_DESTROYED, PJSIP_TSX_STATE_MAX} pjsip_tsx_state_e;
Index: /pjproject/trunk/pjsip-apps/src/swig/symbols.lst
===================================================================
--- /pjproject/trunk/pjsip-apps/src/swig/symbols.lst (revision 4967)
+++ /pjproject/trunk/pjsip-apps/src/swig/symbols.lst (revision 4968)
@@ -3,5 +3,5 @@
pj/log.h pj_log_decoration
pj/sock_qos.h pj_qos_type pj_qos_flag pj_qos_wmm_prio pj_qos_params
-pj/ssl_sock.h pj_ssl_cipher
+pj/ssl_sock.h pj_ssl_cipher pj_ssl_sock_proto
pjnath/nat_detect.h pj_stun_nat_type
Index: /pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h
===================================================================
--- /pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h (revision 4967)
+++ /pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h (revision 4968)
@@ -52,16 +52,26 @@
#endif
+
/** SSL protocol method constants. */
typedef enum pjsip_ssl_method
{
- PJSIP_SSL_UNSPECIFIED_METHOD= 0, /**< Default protocol method. */
- PJSIP_TLSV1_METHOD = 31, /**< Use SSLv1 method. */
- PJSIP_SSLV2_METHOD = 20, /**< Use SSLv2 method. */
- PJSIP_SSLV3_METHOD = 30, /**< Use SSLv3 method. */
- PJSIP_SSLV23_METHOD = 23 /**< Use SSLv23 method. */
+ PJSIP_SSL_UNSPECIFIED_METHOD = 0, /**< Default protocol method. */
+ PJSIP_SSLV2_METHOD = 20, /**< Use SSLv2 method. */
+ PJSIP_SSLV3_METHOD = 30, /**< Use SSLv3 method. */
+ PJSIP_TLSV1_METHOD = 31, /**< Use TLSv1 method. */
+ PJSIP_TLSV1_1_METHOD = 32, /**< Use TLSv1_1 method. */
+ PJSIP_TLSV1_2_METHOD = 33, /**< Use TLSv1_2 method. */
+ PJSIP_SSLV23_METHOD = 23, /**< Use SSLv23 method. */
} pjsip_ssl_method;
-
-
+/**
+ * The default enabled SSL proto to be used.
+ * Default is all protocol above TLSv1 (TLSv1 & TLS v1.1 & TLS v1.2).
+ */
+#ifndef PJSIP_SSL_DEFAULT_PROTO
+# define PJSIP_SSL_DEFAULT_PROTO (PJ_SSL_SOCK_PROTO_TLS1 | \
+ PJ_SSL_SOCK_PROTO_TLS1_1 | \
+ PJ_SSL_SOCK_PROTO_TLS1_2)
+#endif
/**
@@ -93,17 +103,21 @@
/**
- * TLS protocol method from #pjsip_ssl_method, which can be:
- * - PJSIP_SSL_UNSPECIFIED_METHOD(0): default (which will use
- * PJSIP_SSL_DEFAULT_METHOD)
- * - PJSIP_TLSV1_METHOD(1): TLSv1
- * - PJSIP_SSLV2_METHOD(2): SSLv2
- * - PJSIP_SSLV3_METHOD(3): SSL3
- * - PJSIP_SSLV23_METHOD(23): SSL23
+ * TLS protocol method from #pjsip_ssl_method. In the future, this field
+ * might be deprecated in favor of proto field. For now, this field
+ * is only applicable only when proto field is set to zero.
*
* Default is PJSIP_SSL_UNSPECIFIED_METHOD (0), which in turn will
- * use PJSIP_SSL_DEFAULT_METHOD, which default value is
- * PJSIP_TLSV1_METHOD.
- */
- int method;
+ * use PJSIP_SSL_DEFAULT_METHOD, which default value is PJSIP_TLSV1_METHOD.
+ */
+ pjsip_ssl_method method;
+
+ /**
+ * TLS protocol type from #pj_ssl_sock_proto. Use this field to enable
+ * specific protocol type. Use bitwise OR operation to combine the protocol
+ * type.
+ *
+ * Default is PJSIP_SSL_DEFAULT_PROTO.
+ */
+ pj_uint32_t proto;
/**
@@ -253,4 +267,5 @@
tls_opt->qos_ignore_error = PJ_TRUE;
tls_opt->sockopt_ignore_error = PJ_TRUE;
+ tls_opt->proto = PJSIP_SSL_DEFAULT_PROTO;
}
Index: /pjproject/trunk/pjsip/include/pjsua2/siptypes.hpp
===================================================================
--- /pjproject/trunk/pjsip/include/pjsua2/siptypes.hpp (revision 4967)
+++ /pjproject/trunk/pjsip/include/pjsua2/siptypes.hpp (revision 4968)
@@ -146,11 +146,21 @@
/**
- * TLS protocol method from pjsip_ssl_method.
+ * TLS protocol method from #pjsip_ssl_method. In the future, this field
+ * might be deprecated in favor of proto field. For now, this field
+ * is only applicable only when proto field is set to zero.
*
* Default is PJSIP_SSL_UNSPECIFIED_METHOD (0), which in turn will
- * use PJSIP_SSL_DEFAULT_METHOD, which default value is
- * PJSIP_TLSV1_METHOD.
+ * use PJSIP_SSL_DEFAULT_METHOD, which default value is PJSIP_TLSV1_METHOD.
*/
pjsip_ssl_method method;
+
+ /**
+ * TLS protocol type from #pj_ssl_sock_proto. Use this field to enable
+ * specific protocol type. Use bitwise OR operation to combine the protocol
+ * type.
+ *
+ * Default is PJSIP_SSL_DEFAULT_PROTO.
+ */
+ unsigned proto;
/**
Index: /pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c
===================================================================
--- /pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c (revision 4967)
+++ /pjproject/trunk/pjsip/src/pjsip/sip_transport_tls.c (revision 4968)
@@ -186,4 +186,41 @@
+static pj_uint32_t ssl_get_proto(pjsip_ssl_method ssl_method, pj_uint32_t proto)
+{
+ pj_uint32_t out_proto;
+
+ if (proto)
+ return proto;
+
+ if (ssl_method == PJSIP_SSL_UNSPECIFIED_METHOD)
+ ssl_method = PJSIP_SSL_DEFAULT_METHOD;
+
+ switch(ssl_method) {
+ case PJSIP_SSLV2_METHOD:
+ out_proto = PJ_SSL_SOCK_PROTO_SSL2;
+ break;
+ case PJSIP_SSLV3_METHOD:
+ out_proto = PJ_SSL_SOCK_PROTO_SSL3;
+ break;
+ case PJSIP_TLSV1_METHOD:
+ out_proto = PJ_SSL_SOCK_PROTO_TLS1;
+ break;
+ case PJSIP_TLSV1_1_METHOD:
+ out_proto = PJ_SSL_SOCK_PROTO_TLS1_1;
+ break;
+ case PJSIP_TLSV1_2_METHOD:
+ out_proto = PJ_SSL_SOCK_PROTO_TLS1_2;
+ break;
+ case PJSIP_SSLV23_METHOD:
+ out_proto = PJ_SSL_SOCK_PROTO_SSL23;
+ break;
+ default:
+ out_proto = PJ_SSL_SOCK_PROTO_DEFAULT;
+ break;
+ }
+ return out_proto;
+}
+
+
static void tls_init_shutdown(struct tls_transport *tls, pj_status_t status)
{
@@ -276,4 +313,5 @@
pj_bool_t is_ipv6;
int af, sip_ssl_method;
+ pj_uint32_t sip_ssl_proto;
struct tls_listener *listener;
pj_ssl_sock_param ssock_param;
@@ -369,24 +407,6 @@
sip_ssl_method = listener->tls_setting.method;
- if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD)
- sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD;
-
- switch(sip_ssl_method) {
- case PJSIP_TLSV1_METHOD:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
- break;
- case PJSIP_SSLV2_METHOD:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
- break;
- case PJSIP_SSLV3_METHOD:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
- break;
- case PJSIP_SSLV23_METHOD:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL23;
- break;
- default:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_DEFAULT;
- break;
- }
+ sip_ssl_proto = listener->tls_setting.proto;
+ ssock_param.proto = ssl_get_proto(sip_ssl_method, sip_ssl_proto);
/* Create group lock */
@@ -964,4 +984,5 @@
struct tls_transport *tls;
int sip_ssl_method;
+ pj_uint32_t sip_ssl_proto;
pj_pool_t *pool;
pj_grp_lock_t *glock;
@@ -1028,24 +1049,6 @@
sip_ssl_method = listener->tls_setting.method;
- if (sip_ssl_method==PJSIP_SSL_UNSPECIFIED_METHOD)
- sip_ssl_method = PJSIP_SSL_DEFAULT_METHOD;
-
- switch(sip_ssl_method) {
- case PJSIP_TLSV1_METHOD:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
- break;
- case PJSIP_SSLV2_METHOD:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
- break;
- case PJSIP_SSLV3_METHOD:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
- break;
- case PJSIP_SSLV23_METHOD:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL23;
- break;
- default:
- ssock_param.proto = PJ_SSL_SOCK_PROTO_DEFAULT;
- break;
- }
+ sip_ssl_proto = listener->tls_setting.proto;
+ ssock_param.proto = ssl_get_proto(sip_ssl_method, sip_ssl_proto);
/* Create group lock */
Index: /pjproject/trunk/pjsip/src/pjsua2/siptypes.cpp
===================================================================
--- /pjproject/trunk/pjsip/src/pjsua2/siptypes.cpp (revision 4967)
+++ /pjproject/trunk/pjsip/src/pjsua2/siptypes.cpp (revision 4968)
@@ -166,4 +166,5 @@
ts.method = this->method;
ts.ciphers_num = (unsigned)this->ciphers.size();
+ ts.proto = this->proto;
// The following will only work if sizeof(enum)==sizeof(int)
pj_assert(sizeof(ts.ciphers[0]) == sizeof(int));
@@ -189,4 +190,5 @@
this->password = pj2Str(prm.password);
this->method = (pjsip_ssl_method)prm.method;
+ this->proto = prm.proto;
// The following will only work if sizeof(enum)==sizeof(int)
pj_assert(sizeof(prm.ciphers[0]) == sizeof(int));