kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
31,141 Commits 56 Branches 148 Tags 252 MiB
Commit Graph

196 Commits

Author SHA1 Message Date
Travis Cross 3ae189ca3f Synchronize Sofia and Linux TCP keepalive timeout units 
Sofia keeps the TCP keepalive timeout in milliseconds, but Linux
expects the value in seconds.  Before this change, it's unlikely the
TCP_KEEPIDLE and TCP_KEEPINTVL calls were having much effect as we
would have been passing them a huge value.

FS-6104
 2014-02-11 05:33:25 +00:00
Travis Cross a96eefe8ee Add support for EECDH to Sofia-SIP 
This adds support for the ephemeral elliptic curve Diffie-Hellman key
exchange, which provides for forward secrecy in the event that
long-term keys are compromised.

For the moment, we've hard-coded the curve as prime256v1.
 2014-02-06 15:40:35 +00:00
Travis Cross c0101e2ce6 Allow setting TLS cipher suites through Sofia-SIP API 
Previously there was no way to override the hard-coded cipher suite
specification of "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".

This commit does leave in place the hardcoded cipher spec for WebRTC
of "HIGH:!DSS:!aNULL@STRENGTH".
 2014-02-06 06:04:02 +00:00
Travis Cross e3b353e911 Allow setting enabled TLS versions in Sofia-SIP 
Previously if the TPTAG_TLS_VERSION was set to a non-zero value we
supported only TLSv1 (but not TLSv1.1 or TLSv1.2), and if was set to
zero we supported all versions of TLS and SSL (including the
ridiculous SSLv2).

Now we take an integer field where various bits can be set indicating
which versions of TLS we would like to support.
 2014-02-06 02:17:13 +00:00
Anthony Minessale 0a3e18a308 FS-6174 --resolve after updating to this revision, put ca-bundle.crt in /usr/local/freeswitch/certs to get chain cert in place for both dtls and wss 2014-01-31 20:16:54 +05:00
Travis Cross a0e9639a1f Handle Linux TCP keepalives better in Sofia 
Sofia accepts a value for the TCP keepalive timeout interval via
TPTAG_KEEPALIVE, however it fails to use this value for the Linux
keepalive socket options TCP_KEEPIDLE and TCP_KEEPINTVL.  In fact, on
Linux it enables the sending of TCP keepalives even if tpp_keepalive
is set to zero which would disable Sofia's internal keepalive
mechanisms.  Sofia then uses a hard coded value of 30 seconds for
these keepalive intervals which affects battery life on mobile
devices.

With this commit we harmonize the sending of TCP keepalives on Linux
with other platforms by using the value from TPTAG_KEEPALIVE and not
enabling the sending of TCP keepalives at all if the value of the
parameter is zero.

FS-6104 --resolve
 2014-01-18 15:46:56 +00:00
Seven Du f5b18c0fdd FS-5642 --resolve add back the ETIMEDOUT check, needed on Mac 2013-12-13 11:46:14 +08:00
Moises Silva 713ddc4834 Fix tport_stamp in the sofia stack to use localtime for the timestamp 2013-10-29 12:17:55 -04:00
Anthony Minessale c8be999c34 FS-5911 --resolve 2013-10-25 23:51:43 +05:00
Jeff Lenk 88b2e96516 windows fix compiler errors 2013-10-22 23:23:48 -05:00
Anthony Minessale 20a55d3cc6 update 2013-10-22 16:27:15 -05:00
Anthony Minessale e2bdd78d55 FS-5896 --resolve 2013-10-22 20:33:13 +05:00
Anthony Minessale 3c2a5db225 add missing protos 2013-10-21 20:11:30 +05:00
Michael Jerris bfcd1e07ca compile failure due to no newline at end of file 2013-10-21 10:54:23 -04:00
Anthony Minessale 0d19abfbdb FS-5887 --resolve 2013-10-19 00:00:28 +05:00
Michael Jerris 1aa8464114 FS-5819: don't assigne variable to itself 2013-09-30 13:28:47 -04:00
Anthony Minessale 8493c88f88 fix proto regression from last commit 2013-09-19 19:34:58 -04:00
Jeff Lenk b407732dcd fix for todays ws.* changes 2013-09-17 23:23:11 -05:00
Anthony Minessale f1d0357e92 minor fixes in ws.c 2013-09-18 05:13:46 +05:00
Anthony Minessale 50ea67b340 fix connection issue in websocket 2013-09-17 06:24:58 +05:00
Brian West 378648f2b1 similar fix to 53d17a1312 2013-09-12 16:56:07 -05:00
Anthony Minessale 53d17a1312 override the default 30 minute timeout on tport connections for websockets 2013-09-04 04:24:53 +05:00
Anthony Minessale b5ac54ecca FS-5738 --resolve 2013-08-28 23:18:41 +05:00
Anthony Minessale dbfde499a4 add val to debug message 2013-08-23 04:13:19 +05:00
Anthony Minessale da148c0dd4 remove call to close 2013-08-22 18:49:35 -04:00
Anthony Minessale bc851de200 FS-5642 FS-5556 --resolve I have not tested this yet for the connect but I fixed the seg for sure which was an outstanding issue in 5556 reopen 5642 if connect still doesnt work 2013-07-26 11:27:45 -05:00
Jeff Lenk 5fc2bc9993 FS-5588 --resolve windows compiler fixes 2013-07-09 07:53:56 -05:00
Anthony Minessale 94f3b90040 use static buffer and nonblocking socket in websocket client 2013-07-08 08:25:45 -05:00
Anthony Minessale b2e06346d4 some more ws transport tweaks 2013-06-27 14:04:13 -05:00
Anthony Minessale a26ab6e3e0 fix ssl connect race 2013-06-26 23:10:19 -04:00
Anthony Minessale afc18668f3 tweak sip ws code to avoid double free 2013-06-26 12:43:54 -04:00
Anthony Minessale da0c0c0e4a revert 02c329da33 and put proper fix 2013-06-24 08:31:06 -05:00
Jeff Lenk 02c329da33 fix compiler warning 2013-06-20 14:27:32 -05:00
Anthony Minessale a71b199de4 fix ref counting issue in tcp,tls,wss transports 2013-06-19 21:54:58 -05:00
Anthony Minessale 633dcd46b6 yay for bugs 2013-06-19 12:26:45 -05:00
Anthony Minessale 471b3d33fd add tcp keepalive where possible 2013-04-25 13:33:17 -05:00
Jeff Lenk ff9571e1e9 sofia windows compiler warnings 2013-04-02 17:25:10 -05:00
Ken Rice 23410558ff hust compiler warning 2013-04-01 17:24:52 -05:00
Anthony Minessale cc3e75fc62 omit weak ciphers to prevent hackage 2013-03-31 21:27:27 -05:00
Anthony Minessale 68055eab2b support tls dir options properly 2013-03-31 21:27:26 -05:00
Anthony Minessale c4b221c750 trying to get mozilla to work using sipml5, got stun/dtls/rtp flowing and its dead silent. c'mon guys... why do you have to do everything differently????? 2013-03-31 21:27:25 -05:00
Anthony Minessale a36bd797c6 fix shutdown seg 2013-03-31 21:27:24 -05:00
Anthony Minessale 52e7a63bbf fix for firefox secure websockets which for some reason writes only 1 byte first on secure ws frame 2013-03-31 21:27:24 -05:00
Anthony Minessale fa8ccff7c3 polish 2013-03-31 21:27:21 -05:00
Anthony Minessale 2ccc771825 fix cpu race on ws poll 2013-03-31 21:27:21 -05:00
Anthony Minessale e31c74b638 use cert dir from tls config to find wss certs 2013-03-31 21:27:21 -05:00
Anthony Minessale 668f4a6207 working mo better 2013-03-31 21:27:20 -05:00
Anthony Minessale 62e62e1e34 add websocket transport to sofia 2013-03-31 21:27:20 -05:00
Anthony Minessale 9b11dbe4b9 FS-4452 --resolve 2013-03-06 12:58:30 -06:00
Anthony Minessale 63e2044a7e modify sofia debug code to print file, line numbers and function name 2012-10-26 14:15:14 -05:00
Travis Cross c85c8d7bbd
Add mechanism to set OpenSSL session timeout 
In a sofia profile, you can now set the parameter tls-timeout to a
positive integer value which represents the maximum time in seconds
that OpenSSL will keep a TLS session (and its ephemeral keys) alive.

This value is passed to OpenSSL's SSL_CTX_set_timeout(3).

OpenSSL's default value is 300 seconds, but the relevant standard
(RFC 2246) suggests that much longer session lifetimes are
acceptable (it recommends values less than 24 hours).

Longer values can be useful for extending battery life on mobile
devices.

Signed-off-by: Travis Cross <tc@traviscross.com>
 2012-06-11 21:46:05 +00:00
Jeff Lenk 5e66db63f1 FS-3896 --resolve that sizeof was incorrect 2012-02-17 08:50:03 -06:00
Anthony Minessale 7938fd81cc FS-3813 --resolve this should be ok 2012-01-16 12:47:37 -06:00
Marc Olivier Chouinard f97a3266df FS-3071 I've commited the upstream passphrase backport 2011-12-18 11:04:59 -05:00
Anthony Minessale 032155c51e FS-3658 remember to date > libs/sofia-sip/.update when you patch sofia lib 2011-11-02 08:59:23 -05:00
Anthony Minessale bc177a4b28 FS-3475 --resolve 2011-08-02 13:51:57 -05:00
Anthony Minessale ed23847574 fix mac build 2011-08-01 10:01:50 -05:00
Jeff Lenk 02bb35148d trivial compiler warning 2011-08-01 10:39:11 -05:00
Jeff Lenk 2b6a4f97c3 trivial portability issues c89 2011-08-01 09:48:08 -05:00
Anthony Minessale 3e029f0dfb add capture hooks to libsofia 2011-07-31 18:36:05 -05:00
Marc Olivier Chouinard 626a99f994 sofia-lib: More Fix for -Wunused-but-set-variable required compiler. (Might need to be ported back to sofia) 2011-04-23 20:33:19 -04:00
Jeff Lenk bcd31ecaf3 correction to last patch 2010-09-29 16:00:09 -05:00
Jeff Lenk 45ecbc2f61 fix warnings on windows x64 builds src and mods projects - only libsofia included on the libs side 2010-09-29 15:47:58 -05:00
Brian West 4d3dac5b52 FSBUILD-249 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@16744 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2010-02-23 22:56:54 +00:00
Michael Jerris 8dd6f9c6e0 try to fix different const qualifiers in openssl 1.0 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@15782 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-12-04 01:41:58 +00:00
Michael Jerris 511132ac1e fix sofia build when -std=c99 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@15746 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-12-01 22:42:18 +00:00
Mathieu Rene 57169ef9fb fix sofia build with new openssl 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@15426 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-11-11 05:33:59 +00:00
Michael Jerris 780bce83a4 Mon Jun 29 07:52:27 CDT 2009 kai.k.samposalo@nokia.com 
* Symbian winscw build fix


git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@14193 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-07-10 00:54:04 +00:00
Michael Jerris fac4ab6d5d Wed Jun 3 12:25:35 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* tport_type_tls.c: added field names to tport_vtable_t initialization



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13985 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-06-26 19:54:39 +00:00
Michael Jerris dd22cf6876 Wed Jun 3 12:25:19 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* tport_type_udp.c: added field names to tport_vtable_t initialization

Wed Jun  3 12:25:52 CDT 2009  Pekka Pessi <first.last@nokia.com>
  * tport_type_tcp.c: added field names to tport_vtable_t initialization

Wed Jun  3 12:29:13 CDT 2009  Pekka Pessi <first.last@nokia.com>
  * tport_threadpool.c: added field names to tport_vtable_t initialization

Wed Jun  3 12:29:41 CDT 2009  Pekka Pessi <first.last@nokia.com>
  * tport_type_connect.c: added field names to tport_vtable_t initialization

Wed Jun  3 12:30:01 CDT 2009  Pekka Pessi <first.last@nokia.com>
  * tport_type_stun.c: added field names to tport_vtable_t initialization

Wed Jun  3 12:30:17 CDT 2009  Pekka Pessi <first.last@nokia.com>
  * tport_type_sctp.c: added field names to tport_vtable_t initialization



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13956 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-06-25 18:43:54 +00:00
Michael Jerris d073879155 Tue May 19 12:03:18 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* tport_tls.c: removed global tls_ex_data_idx, using static one



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13540 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-06-01 22:50:03 +00:00
Michael Jerris ed9ddb3c56 Tue May 19 12:00:30 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* su_uniqueid.c: Solaris misdefines PTHREAD_ONCE_INIT 
  Ignore-this: 9fe2247164d572901ed4a30b009353db
  
  Solaris defines pthread_once_t as a struct containing an array. The
  initializer PTHREAD_ONCE_INIT needs two levels of brackets it but only has
  one. Original patch from Mike Jerris <mike@jerris.com>.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13388 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-05-19 17:25:08 +00:00
Michael Jerris 6f7641f94a Wed May 13 05:14:56 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* tport.c: better checking of IP6 addresses
  Ignore-this: 49f502ccaaf771abed1e5b2d00eaa8b8
  
  Coverity issue.


git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13335 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-05-15 16:04:28 +00:00
Michael Jerris 61c7a110b2 Tue May 12 13:23:33 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* tport.c: do not use out-of-scope array in tport_deliver()
  Ignore-this: a651d5eb213850d9dfd317102a432f8e
  
  Coverity issue.


git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13331 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-05-15 16:01:31 +00:00
Michael Jerris 0106f699e6 Tue May 12 13:04:33 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* tport_type_udp.c: tport_check_trunc() cleaned code
  Ignore-this: b39558360afb657325a4615d0919baaa
  
  Coverity issue.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13327 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-05-15 15:54:54 +00:00
Michael Jerris 3f4f728974 Wed Apr 29 13:03:20 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* tport: close half-closed idle connections on windows, too



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13317 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-05-15 15:42:25 +00:00
Michael Jerris 123153d843 Wed Mar 11 11:52:58 CDT 2009 Pekka Pessi <first.last@nokia.com> 
* tport.c: silence VC warnings
  Ignore-this: b81c43b73fcefa2dd58dd3366dd60368


git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@12751 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-03-24 15:46:13 +00:00
Michael Jerris 094de86372 Tue Mar 3 07:56:30 CST 2009 Pekka Pessi <first.last@nokia.com> 
* tport.c: add TPTAG_LOG() and TPTAG_DUMP() to tport_get_params()
  
  Fixed return value from tport_set_params(), too.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@12374 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-03-03 17:19:09 +00:00
Michael Jerris 024c64420f sync to darcs 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@12313 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-26 19:29:50 +00:00
Michael Jerris b161d3f93d sync file to darcs 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@12312 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-26 19:21:46 +00:00
Michael Jerris 96e65ddec3 Thu Feb 12 12:02:48 CST 2009 Jarod Neuner <janeuner@networkharbor.com> 
* tport_tls: add/fix some tls init logging



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11964 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-12 21:30:05 +00:00
Michael Jerris 459bad1563 Thu Feb 12 14:56:11 CST 2009 Pekka Pessi <first.last@nokia.com> 
* tport_type_tls.c: fixed error logging in tport_tls_connect()



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11958 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-12 21:23:05 +00:00
Michael Jerris cbb7805d53 Thu Feb 12 07:17:08 CST 2009 Pekka Pessi <first.last@nokia.com> 
* tport.c: return correct errno from tport_connect()


git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11945 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-12 21:11:15 +00:00
Michael Jerris b5ef501d09 Thu Feb 12 07:17:31 CST 2009 Della Betta Filippo <filippo DOT dellabetta AT telecomitalia DOT it> 
* tport.c: return correct errno from tport_listen()



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11944 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-12 21:10:11 +00:00
Michael Jerris 613a5ebf86 Wed Feb 11 15:01:08 CST 2009 Della Betta Filippo <filippo DOT dellabetta AT telecomitalia DOT it> 
* tport.c: fixed tport_queuelen() when queue is full



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11942 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-12 21:08:29 +00:00
Raymond Chandler 8984a298a9 patch from FSBUILD-118 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11888 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 20:19:56 +00:00
Michael Jerris 38dabb3635 Thu Jan 15 09:50:45 CST 2009 Jarod Neuner <janeuner@networkharbor.com> 
* TLS Subject Checking in tport
  
  sofia-sip/tport.h:
  * tport_delivered_from_subjects() returns type (su_strlst_t const *)
  * Export tport_subject_search()
  
  sofia-sip/tport_tag.h + tport_tag.c:
  * Remove TPTAG_TLS_VERIFY_PEER()
    - Depreciated.  Use TPTAG_TLS_VERIFY_POLICY instead.
    - Binary Compatibility is preserved.
  * Add TPTAG_TLS_VERIFY_POLICY()
    - tport can verify incoming and/or outgoing connections, using:
      1) Certificate Signatures only - or - 
      2) Certificate Signatures and Certificate Subjects
  * Add TPTAG_TLS_VERIFY_DEPTH()
    - Restrict certificate chain verification to a set length.
  * Add TPTAG_TLS_VERIFY_DATE()
    - Disable notBefore/notAfter checking (application: embedded devices)
  * Add TPTAG_TLS_VERIFY_SUBJECTS()
    - Incoming connections must present client certificates with subjects
      that match an item in this list.
    - Intended Use: Proxy Authentication
  * Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
    - Commented out for future use.
    - Intended Use: SIP User Identities in Server Certificates.
  * Add appropriate doxygen documentation.
  
  tport.c
  * Add tport_subject_search()
    - Subject can be a hostname, IP Address, or a URI.
    - Valid subject examples include:
        example.com
        alice@example.com
        sip:alice@example.com
        sips:alice@example.com
  * tport_by_addrinfo() matches tpn_canon against the subject list
      of reusable TLS connections.
  
  tport_tls.h:
  * Add tls_init_secondary()
  * Remove tls_init_slave() & tls_init_client()
  
  tport_tls.c:
  * tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
  * tls_post_connection_check() verifies certificate subjects.
  * tls_init_secondary()
    - Replaces tls_init_slave(), tls_init_client(), and tls_clone().
  
  tport_type_tls.c:
  * Removed erroneous reference to tport_tls_deliver()
  * Fix a memory leak caused by duplicate calls to tls_clone().
  * Populate the (tport_t *)->tp_subjects field with peer certificate data for
    new secondary connections.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11830 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 17:03:59 +00:00
Michael Jerris 90311fbd2d Tue Jan 13 16:22:39 CST 2009 Pekka Pessi <first.last@nokia.com> 
* tport_type_tls.c, tport_tls.c: added Jarod Neuner as one of authors
  
  Cleaned whitespace, too.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11822 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 17:00:16 +00:00
Michael Jerris 8cb0c75279 Tue Jan 13 16:20:56 CST 2009 Pekka Pessi <first.last@nokia.com> 
* TPTAG_TLS_VERIFY_PEER() added in 1.12.10



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11820 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:59:20 +00:00
Michael Jerris 1ab22fe83c Thu Jan 8 15:00:46 CST 2009 Pekka Pessi <first.last@nokia.com> 
* tport: using <sofia-sip/su_string.h> functions



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11803 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:50:52 +00:00
Michael Jerris f92b45a9fa Mon Jan 5 06:43:24 CST 2009 Pekka Pessi <first.last@nokia.com> 
* tport_type_tls.c: no tport_tls_deliver() yet



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11774 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:15:05 +00:00
Michael Jerris 1d36053c74 Mon Jan 5 06:43:04 CST 2009 Pekka Pessi <first.last@nokia.com> 
* tport_tls.c: silences warnings on signedness



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11773 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:14:35 +00:00
Michael Jerris 0a07ac4b16 Mon Jan 5 06:42:09 CST 2009 Pekka Pessi <first.last@nokia.com> 
* tport_tls.c: su_home_new() already zeros the allocated memory



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11772 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:14:05 +00:00
Michael Jerris 52fa079b2b Tue Dec 16 16:19:37 CST 2008 Jarod Neuner <janeuner@networkharbor.com> 
* Early TLS Handshake and Verification
  
  tport_type_tls.c:
  * tport_tls_accept():
    - Replaces tport_accept for incoming TLS connections.
  * tport_tls_connect():
    - Replaces tport_base_connect() for outgoing TLS connections.
  
  tport_tls.c:
  * tls_t now use a memory home instead of malloc.
  * removed tls_check_hosts()
  * tls_connect():
    - Replaces tport_base_connect for TLS connection setup.
    - Completes TLS handshake and verifies peer certificates.
    - Destroys suspect TLS connections before sending/receiving payload.
    - Populates a su_strlst_t with subjects from the peer certificate.
  
  tport.c:
  * tport_is_verified()
    - true if peer certificate validated successfully
  * tport_delivered_from_subjects()
    - Certificate subjects listed in the peer certificate.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11769 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:11:33 +00:00
Michael Jerris ece5252042 Tue Dec 16 11:58:26 CST 2008 Jarod Neuner <janeuner@networkharbor.com> 
* Helper functions for vtp_connect and vtp_wakeup_pri.
  
  - Expose tport_setname() and tport_wakeup() via tport_internal.h
  - Add tport_register_secondary() for adding secondaries to a root, and
    to alleviate the need to export tprb_append.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11768 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:10:58 +00:00
Michael Jerris 470a963e03 Fri Dec 19 10:51:02 CST 2008 Pekka Pessi <first.last@nokia.com> 
* tport_logging.c: do not use stamp as format string
  
  Original patch by Mike Jerris.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11767 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:08:28 +00:00
Michael Jerris 6408a21cf2 SFSIP-112 sofia does not compile w/ gcc 4.3 x86 w/ -Werror 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@10877 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2008-12-18 23:24:19 +00:00
Michael Jerris 253c81bb45 Wed Nov 26 12:42:31 CST 2008 Paulo Pizarro <paulo DOT pizarro AT gmail DOT com> 
* tport: new tag TPTAG_TLS_VERIFY_PEER

  With this tag, the verification of certificates can be controlled:
  0: no verify certificates.
  1: on server mode, the certificate returned by client is checked and
     if fail the TLS/SSL handshake is immediately terminated.
  1: on client mode, the server certificate is verified and
     if fail the TLS/SSL handshake is immediately terminated.

  I added this tag, because I'd like that my application not connected to a
  server with a untrusted certificate.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@10824 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2008-12-16 20:26:19 +00:00
Michael Jerris 3294718a97 Wed Nov 26 12:38:03 CST 2008 Pekka Pessi <first.last@nokia.com> 
* tport.c: log real transport name by tport_vsend()



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@10823 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2008-12-16 20:22:09 +00:00
Michael Jerris 6470214c1f Fri Nov 28 09:00:01 CST 2008 Tiago Katcipis <katcipis AT inf DOT ufcs DOT br> 
* tport_tls.c: #include <sofia-sip/*> before <openssl/*>
  
  Avoid lossage in Win32.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@10811 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2008-12-16 19:48:45 +00:00