Version 1 (modified by nanang, 15 years ago) (diff) |
---|
SSL/TLS on Symbian
Table of Contents
- Scope
- Limitations
- Enable SIP transport SSL/TLS on symbian_ua sample application
- Building your own application using SSL/TLS on Symbian
PJSIP provides SSL/TLS via secure socket abstraction, pj_ssl_sock_*, which can be used by the higher level applications, such as SSL/TLS SIP transport. On Symbian platforms, the secure socket implementation is done natively using CSecureSocket class.
Scope
Secure socket implementation on Symbian provides:
- Transparent SSL/TLS operations, application uses the secure socket basically the same way as normal socket, e.g: when connection completion status is reported (via callback) as successful, it means that both the underlying socket connection and the SSL/TLS handshake are successful.
- Active socket operations as provided by http://www.pjsip.org/pjlib/docs/html/group__PJ__ACTIVESOCK.htm Active Socket I/O.
- List of trusted Certificate Authorities (CA) is based on Symbian Certificate Management, e.g: in E65, Main Menu > Tools > Settings > Security > Certificates Management.
- Support for SSL 3.0 and TLS 1.0.
Limitations
- Only support for client mode (CSecureSocket limitation).
- Specifying client credential (e.g: certificate and the corresponding private key) is not supported (CSecureSocket limitation), so secure socket may not be able to connect to server that requires client certificate.
- Currently, server certificate verification is only done internally by CSecureSocket, further verification mechanism by application (e.g: via callback) is not supported. Note that untrusted server certificates result in a user dialog.
- Managing (adding/editing/deleting) entry of trusted CA list should be handled by application.
Enable SIP transport SSL/TLS on symbian_ua sample application
- Modify transport setting in ua.cpp:
#define ENABLE_SIP_TLS 1 // default is 0
- Update other related configurations ua.cpp such as SIP account, e.g:
#define HAS_SIP_ACCOUNT 1 #define SIP_DOMAIN "your_domain/realm" #define SIP_USER "your_userid" #define SIP_PASSWD "your_pass" #define SIP_PROXY "<sip:some_proxy;transport=tls;lr>"
Note that without registering an account into a registrar, symbian_ua will not be able to be contacted (e.g: receive calls), as the secure socket backend (CSecureSocket) can only work as client.
Building your own application using SSL/TLS on Symbian
- If the low level secure socket is needed, include ssl_sock.h:
#include<pj/ssl_sock.h>
- When using PJSUA-LIB, SIP transport TLS can be enabled by instantiating SIP transport type PJSIP_TRANSPORT_TLS, e.g (captured from symbian_ua ua.cpp):
pjsua_transport_config tcfg; pjsua_transport_id tid; pjsua_transport_config_default(&tcfg); tcfg.port = SIP_PORT; status = pjsua_transport_create(PJSIP_TRANSPORT_TLS, &tcfg, &tid); // then, specify "transport=tls" URI param in the proxy/registrar URI, // e.g: "<sip:some_proxy;transport=tls>"
- Link the application to securesocket.lib, by specifying the library in the application MMP:
LIBRARY securesocket.lib