Commit Graph

183 Commits

Author SHA1 Message Date
Michael Giagnocavo 5e456fe9a6 FS-7966. First pass at moving to Visual Studio 2015.
The new C compiler breaks a lot of things. snprintf and timespec now exist, and redefining causes an error.
Many more things are warnings, so warnings-as-errors will fail - remove it from some projects for now.
V8: don't pass VS version to build batch file.
mod_sofia: Config has too-long if/elseif chain. Break this up to avoid "parser stack overflow; program too complex".
Add mod_conference.h to project and dir to includes.
2015-08-21 18:28:32 -04:00
Michael Jerris 69ea6a444a FS-7587: keep sofia-sip ws lib in sync 2015-06-01 15:27:45 -04:00
Alexander Traud 022fddbe6a Add Perfect Forward Secrecy (DHE PFS) to mod_sofia
Ephemeral ECDH (ECDHE) was supported already. This patch adds Ephemeral
DH (DHE). To enable it, add DH parameters into the private-key file of
your server (agent.pem). For example via:
openssl dhparam -out dh.pem 2048

FS-7561 #resolve
2015-06-01 12:45:19 -05:00
Michael Jerris d17edb59dc FS-7264: fix signed/unsigned warnings on windows building ws.c 2015-02-11 12:40:04 -05:00
Anthony Minessale 5187aaed79 FS-7117 #comment revert bf5210bf72 and implement it in ws.c please be sure to learn to use git commit hooks to properly associate commits with jiras 2015-01-07 17:17:28 -06:00
Anthony Minessale 6c1bc0e2f6 sync ws code 2015-01-07 02:12:29 -06:00
Anthony Minessale 0150c862a2 FS-6854 #comment try this patch 2014-09-30 20:35:19 +05:00
Brian West 7c89c21153 FS-6860 #resolve this was fixed once but was lost in the last sync 2014-09-26 09:00:09 -05:00
Anthony Minessale f7de058acd FS-6854 #resolve 2014-09-25 21:44:02 +05:00
Anthony Minessale 9e72c8477f fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto (missing code from last commit) 2014-09-24 01:09:44 +05:00
Anthony Minessale 59e71341db fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto 2014-09-23 20:17:20 +05:00
Jeff Lenk 571cf932dc fix VS2010 build warning 2014-08-16 18:22:41 -05:00
Anthony Minessale 24413bfa11 copy changes from verto ws.c to sofia 2014-08-16 00:43:25 +05:00
Anthony Minessale 2411550727 add homer capture line to websocket transport 2014-08-11 21:02:25 +05:00
Brian West 327146cecf Fix WS Compile on MSVC2012 2014-07-25 11:34:08 -05:00
Anthony Minessale 6c80281ce9 buffer websocket headers and body before sending to avoid fragmentation 2014-07-17 01:07:57 +05:00
Anthony Minessale cc75547672 merge ws.c change to sofia 2014-07-12 04:39:41 +05:00
Anthony Minessale 0685027bd8 FS-6574 --resolve 2014-06-09 14:29:08 -04:00
Michael Jerris b5a223cd1b CID:1215201 Explicit null dereferenced 2014-05-22 15:39:59 +00:00
Anthony Minessale f0aa0fc1d8 seek chain cert from wss.pem just cat together the cert, the key and the chain cert into wss.pem 2014-05-20 23:18:38 +05:00
Anthony Minessale 88ce7dae1c minor tweak to make ws code work in blocking mode properly when used outside sofia 2014-05-07 06:13:27 +05:00
Michael Jerris 906467b360 fix log message on sending tport ping over ws to log error in failure cases 2014-05-01 14:20:27 -04:00
Michael Jerris cfd8d28bc8 silence clang unused function warnings and get rid of some unused functions 2014-05-01 09:03:19 -04:00
Anthony Minessale 2cdae46b19 FS-6476 regression where sock would sometimes drop while reading logical frames 2014-04-29 18:25:05 -04:00
Anthony Minessale 61e22e8b50 FS-6476 --resolve 2014-04-22 23:25:41 +05:00
Anthony Minessale 7ea4acaece FS-6426 --resolve 2014-04-03 23:25:48 +05:00
Brian West 16577339be FS-6387 don't fail if your openssl package has been compiled without EC support...LOOKING AT YOU GENTOO 2014-03-20 08:07:53 -05:00
Brian West f6d9027282 FS-6375 ifdef for sun in this case 2014-03-18 17:43:46 -05:00
Travis Cross 19fc943f59 Mitigate the CRIME TLS flaw
If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.

This is CVE-2012-4929.

FS-6360 --resolve

Thanks-to: Brian West <brian@freeswitch.org>
2014-03-16 16:24:58 +00:00
Michael Jerris 2513388d8a clean up some bootstrap warnings 2014-03-07 18:36:26 -05:00
Travis Cross 1990d10057 Reword the websocket TLS cipher list
This generates an identical list of cipher suites, but this commit
restates the cipher spec to be more similar to the way we state it
elsewhere.
2014-03-05 21:37:30 +00:00
Travis Cross 6a3dcc9e0f Drop null-auth suites from our default TLS cipher list
Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites.  In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
2014-03-05 21:37:30 +00:00
Anthony Minessale 7cb91467e0 FS-5814 --resolve 2014-03-06 00:02:40 +05:00
Travis Cross d5760e0d6a Show TLS cipher suite selected in sofia debug
This shows the cipher name, TLS version, the number of cipher bits and
algorithm bits, and a description of the cipher in Sofia's debug
logging output on level 9.
2014-02-28 20:46:34 +00:00
Moises Silva 461f94870f Merge remote-tracking branch 'origin/master' into moy/tport-log-fix 2014-02-24 19:39:17 -05:00
Travis Cross 8b7d58ddf8 Rework handling of Linux TCP keepalives in Sofia
This separates out the Linux socket TCP keepalive timeout interval
from Sofia's internal mechanisms.  Earlier we tied these together.  In
retrospect this seems improper.

These two values can now be set separately.

You might, for example, want to keep the Sofia internal mechanism
disabled completely while enabling the platform-based mechanism if
your platform supports it.

We also here reform the default value of the socket TCP keepalive
parameter to 30 seconds.

This is what commit a0e9639a1f should
have been.

FS-6104
2014-02-11 06:27:20 +00:00
Travis Cross 2b064e6393 Add additional debugging output to keepalive handling 2014-02-11 05:40:41 +00:00
Travis Cross 3ae189ca3f Synchronize Sofia and Linux TCP keepalive timeout units
Sofia keeps the TCP keepalive timeout in milliseconds, but Linux
expects the value in seconds.  Before this change, it's unlikely the
TCP_KEEPIDLE and TCP_KEEPINTVL calls were having much effect as we
would have been passing them a huge value.

FS-6104
2014-02-11 05:33:25 +00:00
Travis Cross a96eefe8ee Add support for EECDH to Sofia-SIP
This adds support for the ephemeral elliptic curve Diffie-Hellman key
exchange, which provides for forward secrecy in the event that
long-term keys are compromised.

For the moment, we've hard-coded the curve as prime256v1.
2014-02-06 15:40:35 +00:00
Travis Cross c0101e2ce6 Allow setting TLS cipher suites through Sofia-SIP API
Previously there was no way to override the hard-coded cipher suite
specification of "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".

This commit does leave in place the hardcoded cipher spec for WebRTC
of "HIGH:!DSS:!aNULL@STRENGTH".
2014-02-06 06:04:02 +00:00
Travis Cross e3b353e911 Allow setting enabled TLS versions in Sofia-SIP
Previously if the TPTAG_TLS_VERSION was set to a non-zero value we
supported only TLSv1 (but not TLSv1.1 or TLSv1.2), and if was set to
zero we supported all versions of TLS and SSL (including the
ridiculous SSLv2).

Now we take an integer field where various bits can be set indicating
which versions of TLS we would like to support.
2014-02-06 02:17:13 +00:00
Anthony Minessale 0a3e18a308 FS-6174 --resolve after updating to this revision, put ca-bundle.crt in /usr/local/freeswitch/certs to get chain cert in place for both dtls and wss 2014-01-31 20:16:54 +05:00
Travis Cross a0e9639a1f Handle Linux TCP keepalives better in Sofia
Sofia accepts a value for the TCP keepalive timeout interval via
TPTAG_KEEPALIVE, however it fails to use this value for the Linux
keepalive socket options TCP_KEEPIDLE and TCP_KEEPINTVL.  In fact, on
Linux it enables the sending of TCP keepalives even if tpp_keepalive
is set to zero which would disable Sofia's internal keepalive
mechanisms.  Sofia then uses a hard coded value of 30 seconds for
these keepalive intervals which affects battery life on mobile
devices.

With this commit we harmonize the sending of TCP keepalives on Linux
with other platforms by using the value from TPTAG_KEEPALIVE and not
enabling the sending of TCP keepalives at all if the value of the
parameter is zero.

FS-6104 --resolve
2014-01-18 15:46:56 +00:00
Seven Du f5b18c0fdd FS-5642 --resolve add back the ETIMEDOUT check, needed on Mac 2013-12-13 11:46:14 +08:00
Moises Silva 713ddc4834 Fix tport_stamp in the sofia stack to use localtime for the timestamp 2013-10-29 12:17:55 -04:00
Anthony Minessale c8be999c34 FS-5911 --resolve 2013-10-25 23:51:43 +05:00
Jeff Lenk 88b2e96516 windows fix compiler errors 2013-10-22 23:23:48 -05:00
Anthony Minessale 20a55d3cc6 update 2013-10-22 16:27:15 -05:00
Anthony Minessale e2bdd78d55 FS-5896 --resolve 2013-10-22 20:33:13 +05:00
Anthony Minessale 3c2a5db225 add missing protos 2013-10-21 20:11:30 +05:00