wiki:TLS_on_Symbian

Version 1 (modified by nanang, 15 years ago) (diff)

Initial doc of SSL/TLS on Symbian

SSL/TLS on Symbian

Table of Contents

  1. Scope
  2. Limitations
  3. Enable SIP transport SSL/TLS on symbian_ua sample application
  4. Building your own application using SSL/TLS on Symbian

PJSIP provides SSL/TLS via secure socket abstraction, pj_ssl_sock_*, which can be used by the higher level applications, such as SSL/TLS SIP transport. On Symbian platforms, the secure socket implementation is done natively using CSecureSocket class.


Scope

Secure socket implementation on Symbian provides:

  1. Transparent SSL/TLS operations, application uses the secure socket basically the same way as normal socket, e.g: when connection completion status is reported (via callback) as successful, it means that both the underlying socket connection and the SSL/TLS handshake are successful.
  2. Active socket operations as provided by http://www.pjsip.org/pjlib/docs/html/group__PJ__ACTIVESOCK.htm Active Socket I/O.
  3. List of trusted Certificate Authorities (CA) is based on Symbian Certificate Management, e.g: in E65, Main Menu > Tools > Settings > Security > Certificates Management.
  4. Support for SSL 3.0 and TLS 1.0.

Limitations

  1. Only support for client mode (CSecureSocket limitation).
  2. Specifying client credential (e.g: certificate and the corresponding private key) is not supported (CSecureSocket limitation), so secure socket may not be able to connect to server that requires client certificate.
  3. Currently, server certificate verification is only done internally by CSecureSocket, further verification mechanism by application (e.g: via callback) is not supported. Note that untrusted server certificates result in a user dialog.
  4. Managing (adding/editing/deleting) entry of trusted CA list should be handled by application.

Enable SIP transport SSL/TLS on symbian_ua sample application

  1. Modify transport setting in ua.cpp:
    #define ENABLE_SIP_TLS	1 // default is 0
    
  2. Update other related configurations ua.cpp such as SIP account, e.g:
    #define HAS_SIP_ACCOUNT	1
    #define SIP_DOMAIN	"your_domain/realm"
    #define SIP_USER	"your_userid"
    #define SIP_PASSWD	"your_pass"
    #define SIP_PROXY	"<sip:some_proxy;transport=tls;lr>"
    

Note that without registering an account into a registrar, symbian_ua will not be able to be contacted (e.g: receive calls), as the secure socket backend (CSecureSocket) can only work as client.

Building your own application using SSL/TLS on Symbian

  1. If the low level secure socket is needed, include ssl_sock.h:
    #include<pj/ssl_sock.h>
    
  2. When using PJSUA-LIB, SIP transport TLS can be enabled by instantiating SIP transport type PJSIP_TRANSPORT_TLS, e.g (captured from symbian_ua ua.cpp):
    pjsua_transport_config tcfg;
    pjsua_transport_id tid;
    
    pjsua_transport_config_default(&tcfg);
    tcfg.port = SIP_PORT;
    status = pjsua_transport_create(PJSIP_TRANSPORT_TLS, &tcfg, &tid);
    
    // then, specify "transport=tls" URI param in the proxy/registrar URI,
    // e.g: "<sip:some_proxy;transport=tls>"
    
  3. Link the application to securesocket.lib, by specifying the library in the application MMP:
    LIBRARY securesocket.lib