wiki:TLS

Version 8 (modified by nanang, 15 years ago) (diff)

Few updates regarding ticket #957 about new secure socket abstraction and SIP TLS transport rewrite.

Configuring PJSIP with TLS

Requirements

The TLS support in PJSIP requires OpenSSL development kit (headers and libs) to be installed. Please see Getting Started page for more info.

Update (for PJSIP 1.5 onward):

TLS support on Symbian is implemented natively using CSecureSocket, hence it doesn't require OpenSSL development kit.

Build PJSIP with TLS Support

Add this in config_site.h:

#define PJSIP_HAS_TLS_TRANSPORT 1

And rebuild PJSIP.

Update (for PJSIP 1.5 onward):

SIP TLS transport is implemented based on the new PJLIB secure socket abstraction. Since then the setting needs to be added into config_site.h is only:

#define PJ_HAS_SSL_SOCK 1

as now PJSIP_HAS_TLS_TRANSPORT default value refers to PJ_HAS_SSL_SOCK setting.

Running pjsua as TLS Server

  1. You will need to have all three PEM files:
    1. The root certificate
    2. The server certificate
    3. The private key
  2. Run pjsua:
    $ ./pjsua --use-tls --tls-ca-file root.pem --tls-cert-file server-cert.pem --tls-privkey-file privkey.pem
    
    
  3. To see more TLS options, run ./pjsua --help.

Running pjsua as TLS Client

To make call to SERVER using TLS:

$ ./pjsua --use-tls <sip:SERVER;transport=tls>

To see more TLS options, run ./pjsua --help.