SSL/secure socket abstraction and SIP TLS transport rewrite

[nanang]

Objective:

To create a portable SSL/secure socket abstraction in PJLIB and to rewrite the SIP TLS transport in PJSIP.

Specifications:

1. General:
   • supports client and server socket operations (note: Symbian's CSecureSocket only supports client sockets)
2. I/O:
   • asynchronous I/O API similar to PJLIB's ​Active Socket API
   • timeout setting for SSL negotiation
   • buffer size control
3. Options:
   • select SSL version to use (SSLv23, TLSv1, etc)
   • select ciphersuite to use
   • verify server's certificate (note: not available on Symbian)
   • server require client certificate (note: not available on Symbian)
   • verify client's certificate (note: not available on Symbian)
   • TLS server name extension to support connecting to multihosted TLS server (note: only available on recent OpenSSL versoins)
4. Certificate management (note: not available on Symbian):
   • specify which certificate to use
   • load the certificate, either from file(s) or OS's certificate store.
   • retrieve certificate infos.

Backends:

1. OpenSSL
2. CSecureSocket on Symbian

[nanang]

In r2913, initial version of TLS transport for Symbian, includes:

• Secure socket, generic abstraction and Symbian implementation (using CSecureSocket).
• Initial rewrite of SIP TLS transport.
• Updated symbian_ua.mmp to support SIP transport TLS (experimental).

[nanang]

In r2950:

• Added SSL socket abstraction with OpenSSL backend (source only, i.e: hasn't been integrated to build settings).
• Updated cipher data type and added cipher constants (Symbian SSL socket has also been updated).
• Updated SIP TLS transport to allow setting certificate/credential (via file).

[nanang]

In r2970:

• Added features in secure socket: handshake timeout timer, certificate info, renegotiation API.
• Added unit test for secure socket, along with testing purpose certificate & private key.
• Updated build configs for secure socket.

[nanang]

In r2971:

• Fixed SSL socket unit test issues (mostly on Linux platform): let OS manage the binding port (specify port to 0), use pj_sockaddr_get_len() instead of sizeof() for sockaddr size, DOS eol format for certificate and private key files.
• Temporary fix for SSL_CTX_use_certificate_chain_file() false error alarm (after previous OpenSSL handshake error), by clearing OpenSSL thread error queue in reset_ssl_sock_state().

[nanang]

In r2972:

• Removed DTLS proto in SSL socket with OpenSSL backend as it hasn't been really supported.

[nanang]

In r2973:

• Updated PJSIP_HAS_TLS_TRANSPORT default value to refer to PJ_HAS_SSL_SOCK.

[nanang]

In r2981:

• Added SSL socket performance test.
• Added incompatible SSL proto test.

[nanang]

In r2986:

• Applied workaround solution for getting local address problem with getsockname on win IOCP by using parent local address instead.
• Fixed SSL socket not to return PJ_FALSE in active socket accept callback, to keep accepting connections.
• Applied workaround solution for OpenSSL error mapping, as OpenSSL error codes are big numbers that won't fit pj_status_t.
• Minor updates, e.g: using pj_perror(), removing some logs, OpenSSL error print callback.
• Minor updates on SSL unit test, e.g: start_read() before start sending, additional ioqueue poll to cleanup sockets, add timeout feature to https client test.

[nanang]

In r2989:

• Workaround fix for SSL socket specific related to ticket #985.

[nanang]

In r2990:

• Updated Symbian PJLIB test build setting to enable SSL sock test.
• Fixed ciphers enumeration in Symbian SSL sock.
• Fixed OpenSSL SSL sock to avoid initializing OpenSSL multiple times.
• Fixed SSL unit test to avoid divide-by-zero in setting random seed.

[bennylp]

In r2994:

• updated pj_perror() with the new PJ_PERROR() API

[bennylp]

In r2998:

• added QoS options on PJLIB/PJLIB SSL/TLS socket/transport
• added demo in Symbian ua.cpp

[bennylp]

Reopened because of error in connecting to untrusted server in one of the handset

[bennylp]

In r2999:

• added missing servername setup in symbian_ua. Without this, TLS connection will fail with KErrAborted/Interrupted on some devices (it may succeed on some FP1 devices but not others)

[nanang]

In r3000:

• Fixed 0.0.0.0:0 address returned by SIP TLS client transport, which also caused 0.0.0.0:0 address in SIP via header.

[bennylp]

In r3008:

• exclude sip_transport_tls_ossl.c from VS6 (Release) build

[nanang]

In r3018:

• Updated SSL sock performance test to avoid false connected state problem caused by server listen backlog excess (problem examined on mac platform).

[nanang]

In r3020:

• Fixed compile error of incompatible param type (or bad type conversion) on Symbian 5th ed (and perhaps also on some GCC versions).
• Fixed on_connect_complete() to reset SSL sock state before callback when connection fails (OpenSSL impl).
• Fixed saving remote address before start connecting, so it won't miss remote address info when socket connection establishes immediately (OpenSSL impl).