Commit 23e553a2 authored by DanmeiChen's avatar DanmeiChen

Allow setting TLS cipher suites through Sofia-SIP API

parent 72bf23b3
......@@ -180,6 +180,12 @@ TPORT_DLL extern tag_typedef_t tptag_certificate;
TPORT_DLL extern tag_typedef_t tptag_certificate_ref;
#define TPTAG_CERTIFICATE_REF(x) tptag_certificate_ref, tag_str_vr(&(x))
TPORT_DLL extern tag_typedef_t tptag_tls_ciphers;
#define TPTAG_TLS_CIPHERS(x) tptag_tls_ciphers, tag_str_v((x))
TPORT_DLL extern tag_typedef_t tptag_tls_ciphers_ref;
#define TPTAG_TLS_CIPHERS_REF(x) tptag_tls_ciphers_ref, tag_str_vr(&(x))
TPORT_DLL extern tag_typedef_t tptag_tls_version;
#define TPTAG_TLS_VERSION(x) tptag_tls_version, tag_uint_v((x))
......
......@@ -276,6 +276,14 @@ tag_typedef_t tptag_certificate = STRTAG_TYPEDEF(certificate);
*/
tag_typedef_t tptag_compartment = PTRTAG_TYPEDEF(compartment);
/**@def TPTAG_TLS_CIPHERS(x)
*
* Sets the supported TLS cipher suites.
*
* Use with tport_tbind(), nua_create(), nta_agent_create(),
* nta_agent_add_tport(), nth_engine_create(), or initial nth_site_create().
*/
tag_typedef_t tptag_tls_ciphers = STRTAG_TYPEDEF(tls_ciphers);
/**@def TPTAG_TLS_VERSION(x)
*
......
......@@ -204,7 +204,7 @@ void tls_set_default(tls_issues_t *i)
i->cert = i->cert ? i->cert : "agent.pem";
i->key = i->key ? i->key : i->cert;
i->randFile = i->randFile ? i->randFile : "tls_seed.dat";
i->cipher = i->cipher ? i->cipher : "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
i->cipher = i->ciphers ? i->ciphers : "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
/* Default SIP cipher */
/* "RSA-WITH-AES-128-CBC-SHA"; */
/* RFC-2543-compatibility ciphersuite */
......@@ -448,7 +448,7 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
SSL_CTX_set_verify_depth(tls->ctx, ti->verify_depth);
SSL_CTX_set_verify(tls->ctx, verify, tls_verify_cb);
if (!SSL_CTX_set_cipher_list(tls->ctx, ti->cipher)) {
if (!SSL_CTX_set_cipher_list(tls->ctx, ti->ciphers)) {
SU_DEBUG_1(("%s: error setting cipher list\n", "tls_init_context"));
tls_log_errors(3, "tls_init_context", 0);
errno = EIO;
......
......@@ -60,7 +60,7 @@ typedef struct tls_issues_s {
char *randFile; /* Seed file for the PRNG (default: tls_seed.dat) */
char *CAfile; /* PEM file of CA's */
char *CApath; /* PEM file path of CA's */
char *cipher; /* Should be one of the above defined ciphers *
char *ciphers; /* Should be one of the above defined ciphers *
* or NULL (default: "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
*/
int version; /* For tls1, version is 1. When ssl3/ssl2 is
......
......@@ -206,6 +206,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
tl_gets(tags,
TPTAG_CERTIFICATE_REF(path),
TPTAG_TLS_CIPHERS_REF(tls_ciphers),
TPTAG_TLS_VERSION_REF(tls_version),
TPTAG_TLS_VERIFY_PEER_REF(tls_verify),
TPTAG_TLS_PASSPHRASE_REF(passphrase),
......@@ -252,6 +253,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
ti.passphrase = su_strdup(autohome, passphrase);
ti.cert = ti.key;
ti.CAfile = su_sprintf(autohome, "%s/%s", path, "cafile.pem");
if (tls_ciphers) ti.ciphers = su_strdup(autohome, tls_ciphers);
ti.version = tls_version;
ti.CApath = su_strdup(autohome, path);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment