Cipher Settings for SSL/TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm using PJSIP 2.0-alpha2.

Does the functionality set the the cipher list (by setting the ciphers
field in the pjsip_tls_setting struct) work in this (or any recent)
version of PJSIP? In testing it doesn't appear to work for me.

pjsip/src/pjsip/sip_transport_tls_ossl.c does appear to have code to
implement this. However, it seems that this file isn't built. It's not
mentioned in any Makefile, nor do I get an object file for it when I
build the library. Further, it duplicates the function names (and,
apparently, the interface) from sip_transport_tls.c in the same directory,
which is built. (That file appears to use pjlib/src/pj/ssl_sock_ossl.c
to do the TLS work; it calls OpenSSL functions but does not appear to
support setting the cipher list.)

Is the file obsolete? I had thought it was until I looked back
through the commit log, which indicates several changes to it
(including bugfixes, e.g., ticket #1221) since revision 2970 when
the Makefile was changed to compile sip_transport_tls.c instead of
sip_transport_tls_ossl.c. Are these just changes that someone made
without testing them, or even looking to see if the code was used?

If sip_transport_tls_ossl.c is obsolete, it would be nice to remove it
so that it doesn't send people like me on wild goose chases.

Anyway, if the cipher list functionality does not currently work, that
would be good to document that in the API docs. I will also file a
ticket about this unless there's some reason for me not to do so.

Assuming this whole analysis is correct, is anybody planning to
re-implement the functionality that would let library users set the list
of ciphers to be used with TLS?

If not, since a project I am working on needs this functionality, I
might be willing to do this. Would someone familiar with the library be
willing to coach me a bit and/or review my changes in order to make a
patch that would be acceptable for inclusion in the PJSIP library?

Alternatively, if someone out there would be willing to do this work
for some sort of fee, contact me privatly and I'll see if I can get my
client to work something out with you.

cjs
-- 
Curt Sampson         <cjs at cynic.net>         +81 90 7737 2974
             http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
telephone.  --Bjarne Stroustrup
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux