Changeset 861 for pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h
- Timestamp:
- Dec 25, 2006 6:43:59 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h
r849 r861 26 26 27 27 #include <pjsip/sip_transport.h> 28 #include <pj/string.h> 29 28 30 29 31 PJ_BEGIN_DECL … … 38 40 */ 39 41 42 /** SSL protocol method constants. */ 43 typedef enum pjsip_ssl_method 44 { 45 PJSIP_SSL_DEFAULT_METHOD = 0, /**< Default protocol method. */ 46 PJSIP_TLSV1_METHOD = 1, /**< Use SSLv1 method. */ 47 PJSIP_SSLV2_METHOD = 2, /**< Use SSLv2 method. */ 48 PJSIP_SSLV3_METHOD = 3, /**< Use SSLv3 method. */ 49 PJSIP_SSLV23_METHOD = 23 /**< Use SSLv23 method. */ 50 } pjsip_ssl_method; 51 52 53 /** 54 * TLS transport settings. 55 */ 56 typedef struct pjsip_tls_setting 57 { 58 /** 59 * Certificate of Authority (CA) list file. 60 */ 61 pj_str_t ca_list_file; 62 63 /** 64 * Public endpoint certificate file, which will be used as client- 65 * side certificate for outgoing TLS connection, and server-side 66 * certificate for incoming TLS connection. 67 */ 68 pj_str_t cert_file; 69 70 /** 71 * Optional private key of the endpoint certificate to be used. 72 */ 73 pj_str_t privkey_file; 74 75 /** 76 * Password to open private key. 77 */ 78 pj_str_t password; 79 80 /** 81 * TLS protocol method from #pjsip_ssl_method, which can be: 82 * - PJSIP_SSL_DEFAULT_METHOD(0): default (which will use SSLv23) 83 * - PJSIP_TLSV1_METHOD(1): TLSv1 84 * - PJSIP_SSLV2_METHOD(2): TLSv2 85 * - PJSIP_SSLV3_METHOD(3): TLSv3 86 * - PJSIP_SSLV23_METHOD(23): TLSv23 87 * 88 * Default is PJSIP_SSL_DEFAULT_METHOD (0), which will use SSLv23 89 * protocol method. 90 */ 91 int method; 92 93 /** 94 * TLS cipher list string in OpenSSL format. If empty, then default 95 * cipher list of the backend will be used. 96 */ 97 pj_str_t ciphers; 98 99 /** 100 * When PJSIP is acting as a client (outgoing TLS connections), 101 * it will always receive a certificate from the peer. 102 * If \a verify_server is disabled (set to zero), PJSIP will not 103 * verifiy the certificate and allows TLS connections to servers 104 * which do not present a valid certificate. 105 * If \a tls_verify_server is non-zero, PJSIP verifies the server 106 * certificate and will close the TLS connection if the server 107 * certificate is not valid. 108 * 109 * This setting corresponds to OpenSSL SSL_VERIFY_PEER flag. 110 * Default value is zero. 111 */ 112 pj_bool_t verify_server; 113 114 /** 115 * When acting as server (incoming TLS connections), setting 116 * \a verify_client to non-zero will cause the transport to activate 117 * peer verification upon receiving incoming TLS connection. 118 * 119 * This setting corresponds to OpenSSL SSL_VERIFY_PEER flag. 120 * Default value is zero. 121 */ 122 pj_bool_t verify_client; 123 124 /** 125 * When acting as server (incoming TLS connections), reject inocming 126 * connection if client doesn't have a valid certificate. 127 * 128 * This setting corresponds to SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. 129 * Default value is zero. 130 */ 131 pj_bool_t require_client_cert; 132 133 /** 134 * TLS negotiation timeout to be applied for both outgoing and 135 * incoming connection. If both sec and msec member is set to zero, 136 * the SSL negotiation doesn't have a timeout. 137 */ 138 pj_time_val timeout; 139 140 } pjsip_tls_setting; 141 142 143 /** 144 * Initialize TLS setting with default values. 145 * 146 * @param tls_opt The TLS setting to be initialized. 147 */ 148 PJ_INLINE(void) pjsip_tls_setting_default(pjsip_tls_setting *tls_opt) 149 { 150 pj_memset(tls_opt, 0, sizeof(*tls_opt)); 151 } 152 153 154 /** 155 * Copy TLS setting. 156 * 157 * @param pool The pool to duplicate strings etc. 158 * @param dst Destination structure. 159 * @param src Source structure. 160 */ 161 PJ_INLINE(void) pjsip_tls_setting_copy(pj_pool_t *pool, 162 pjsip_tls_setting *dst, 163 const pjsip_tls_setting *src) 164 { 165 pj_memcpy(dst, src, sizeof(*dst)); 166 pj_strdup_with_null(pool, &dst->ca_list_file, &src->ca_list_file); 167 pj_strdup_with_null(pool, &dst->cert_file, &src->cert_file); 168 pj_strdup_with_null(pool, &dst->privkey_file, &src->privkey_file); 169 pj_strdup_with_null(pool, &dst->password, &src->password); 170 pj_strdup_with_null(pool, &dst->ciphers, &src->ciphers); 171 } 172 173 40 174 /** 41 175 * Register support for SIP TLS transport by creating TLS listener on … … 45 179 * 46 180 * @param endpt The SIP endpoint. 47 * @param keyfile Path to keys and certificate file. 48 * @param password Password to open the private key. 49 * @param ca_list_file Path to Certificate of Authority file. 181 * @param opt Optional TLS settings. 50 182 * @param local Optional local address to bind, or specify the 51 183 * address to bind the server socket to. Both IP … … 72 204 */ 73 205 PJ_DECL(pj_status_t) pjsip_tls_transport_start(pjsip_endpoint *endpt, 74 const pj_str_t *keyfile, 75 const pj_str_t *password, 76 const pj_str_t *ca_list_file, 206 const pjsip_tls_setting *opt, 77 207 const pj_sockaddr_in *local, 78 208 const pjsip_host_port *a_name,
Note: See TracChangeset
for help on using the changeset viewer.