| | 1 | = SSL/TLS on Symbian = |
| | 2 | |
| | 3 | '''Table of Contents''' |
| | 4 | [[PageOutline(2-3,,inline)]] |
| | 5 | |
| | 6 | PJSIP provides SSL/TLS via secure socket abstraction, {{{pj_ssl_sock_*}}}, which can be used by the higher level applications, such as SSL/TLS SIP transport. On Symbian platforms, the secure socket implementation is done natively using {{{CSecureSocket}}} class. |
| | 7 | |
| | 8 | [[BR]] |
| | 9 | |
| | 10 | == Scope == |
| | 11 | Secure socket implementation on Symbian provides: |
| | 12 | 1. Transparent SSL/TLS operations, application uses the secure socket basically the same way as normal socket, e.g: when connection completion status is reported (via callback) as successful, it means that both the underlying socket connection and the SSL/TLS handshake are successful. |
| | 13 | 1. Active socket operations as provided by [[http://www.pjsip.org/pjlib/docs/html/group__PJ__ACTIVESOCK.htm Active Socket I/O]]. |
| | 14 | 1. List of trusted Certificate Authorities (CA) is based on Symbian Certificate Management, e.g: in E65, Main Menu > Tools > Settings > Security > Certificates Management. |
| | 15 | 1. Support for SSL 3.0 and TLS 1.0. |
| | 16 | |
| | 17 | == Limitations == |
| | 18 | 1. Only support for client mode ({{{CSecureSocket}}} limitation). |
| | 19 | 1. Specifying client credential (e.g: certificate and the corresponding private key) is not supported ({{{CSecureSocket}}} limitation), so secure socket may not be able to connect to server that requires client certificate. |
| | 20 | 1. Currently, server certificate verification is only done internally by {{{CSecureSocket}}}, further verification mechanism by application (e.g: via callback) is not supported. Note that untrusted server certificates result in a user dialog. |
| | 21 | 1. Managing (adding/editing/deleting) entry of trusted CA list should be handled by application. |
| | 22 | |
| | 23 | == Enable SIP transport SSL/TLS on {{{symbian_ua}}} sample application == |
| | 24 | 1. Modify transport setting in {{{ua.cpp}}}: |
| | 25 | {{{ |
| | 26 | #define ENABLE_SIP_TLS 1 // default is 0 |
| | 27 | }}} |
| | 28 | 1. Update other related configurations {{{ua.cpp}}} such as SIP account, e.g: |
| | 29 | {{{ |
| | 30 | #define HAS_SIP_ACCOUNT 1 |
| | 31 | #define SIP_DOMAIN "your_domain/realm" |
| | 32 | #define SIP_USER "your_userid" |
| | 33 | #define SIP_PASSWD "your_pass" |
| | 34 | #define SIP_PROXY "<sip:some_proxy;transport=tls;lr>" |
| | 35 | }}} |
| | 36 | Note that without registering an account into a registrar, symbian_ua will not be able to be contacted (e.g: receive calls), as the secure socket backend ({{{CSecureSocket}}}) can only work as client. |
| | 37 | |
| | 38 | == Building your own application using SSL/TLS on Symbian == |
| | 39 | 1. If the low level secure socket is needed, include {{{ssl_sock.h}}}: |
| | 40 | {{{ |
| | 41 | #include<pj/ssl_sock.h> |
| | 42 | }}} |
| | 43 | 1. When using PJSUA-LIB, SIP transport TLS can be enabled by instantiating SIP transport type {{{PJSIP_TRANSPORT_TLS}}}, e.g (captured from symbian_ua {{{ua.cpp}}}): |
| | 44 | {{{ |
| | 45 | pjsua_transport_config tcfg; |
| | 46 | pjsua_transport_id tid; |
| | 47 | |
| | 48 | pjsua_transport_config_default(&tcfg); |
| | 49 | tcfg.port = SIP_PORT; |
| | 50 | status = pjsua_transport_create(PJSIP_TRANSPORT_TLS, &tcfg, &tid); |
| | 51 | |
| | 52 | // then, specify "transport=tls" URI param in the proxy/registrar URI, |
| | 53 | // e.g: "<sip:some_proxy;transport=tls>" |
| | 54 | }}} |
| | 55 | 1. Link the application to {{{securesocket.lib}}}, by specifying the library in the application MMP: |
| | 56 | {{{ |
| | 57 | LIBRARY securesocket.lib |
| | 58 | }}} |
![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
