Hi all,
I took the time to upstream *some* of the patches about pjsip/pjproject
that are available inside GNU Ring release 20170524.2.745efce
([[http://dl.ring.cx/ring-release/tarballs/ring_20170524.2.745efce.tar.gz]],
at "ring-project/daemon/contrib/src/pjproject").
Here is a summary of the improvements:
- Add option to use GnuTLS (works around possible license violation
depending on how OpenSSL is linked:
[[http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/2017-April/019937.html]]).
- Disable tests applications.
- Enable IPv6.
- Fix TURN fallback.
- Configure ICE.
- Add DTLS transport.
Some of these fixes had to be checked manually because of different line
offsets or absense of items to remove or to refer to.
Please contact GNU Ring project for more information. I'm just a normal
user who wants to upstream patches so as to make work easier for everyone.
Respectfully, Adonay.
--
- [[https://libreplanet.org/wiki/User:Adfeno]]
- Palestrante e consultor sobre /software/ livre (não confundir com
gratis).
- "WhatsApp"? Ele não é livre, por isso não uso. Iguais a ele prefiro
GNU Ring, ou Tox. Quer outras formas de contato? Adicione o vCard
que está no endereço acima aos teus contatos.
- Pretende me enviar arquivos .doc, .ppt, .cdr, ou .mp3? OK, eu
aceito, mas não repasso. Entrego apenas em formatos favoráveis ao
/software/ livre. Favor entrar em contato em caso de dúvida.
Index: Makefile
===================================================================
--- Makefile (revision 5598)
+++ Makefile (working copy)
@@ -4,7 +4,7 @@
include version.mak
LIB_DIRS = pjlib/build pjlib-util/build pjnath/build third_party/build pjmedia/build pjsip/build
-DIRS = $(LIB_DIRS) pjsip-apps/build $(EXTRA_DIRS)
+DIRS = $(LIB_DIRS) $(EXTRA_DIRS)
ifdef MINSIZE
MAKE_FLAGS := MINSIZE=1
Index: aconfigure
===================================================================
--- aconfigure (revision 5598)
+++ aconfigure (working copy)
@@ -644,6 +644,8 @@
libcrypto_present
libssl_present
openssl_h_present
+libgnutls_present
+gnutls_h_present
ac_ssl_has_aes_gcm
ac_no_ssl
ac_openh264_ldflags
@@ -1494,8 +1496,8 @@
package and samples location using IPPROOT and
IPPSAMPLES env var or with --with-ipp and
--with-ipp-samples options
- --disable-ssl Exclude SSL support the build (default: autodetect)
-
+ --enable-ssl=backend Select 'gnutls' or 'openssl' (default) to provide
+ SSL support (autodetect)
--disable-opencore-amr Exclude OpenCORE AMR support from the build
(default: autodetect)
@@ -7811,33 +7813,160 @@
# Check whether --enable-ssl was given.
if test "${enable_ssl+set}" = set; then :
- enableval=$enable_ssl;
- if test "$enable_ssl" = "no"; then
- ac_no_ssl=1
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: Checking if SSL support is disabled... yes" >&5
+ enableval=$enable_ssl; if test "x$enableval" = "xgnutls"; then
+ ssl_backend="gnutls"
+ else
+ ssl_backend="openssl"
+
+ fi
+
+fi
+
+
+if test "x$enable_ssl" = "xno"; then
+ ac_no_ssl=1
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Checking if SSL support is disabled... yes" >&5
$as_echo "Checking if SSL support is disabled... yes" >&6; }
- fi
+else
+ if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
+ CFLAGS="$CFLAGS -I$with_ssl/include"
+ LDFLAGS="$LDFLAGS -L$with_ssl/lib"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using SSL prefix... $with_ssl" >&5
+$as_echo "Using SSL prefix... $with_ssl" >&6; }
+ fi
+ if test "x$ssl_backend" = "xgnutls"; then
+ for ac_prog in $host-pkg-config pkg-config "python pkgconfig.py"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_PKG_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$PKG_CONFIG"; then
+ ac_cv_prog_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_PKG_CONFIG="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+fi
+fi
+PKG_CONFIG=$ac_cv_prog_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for OpenSSL installations.." >&5
+
+ test -n "$PKG_CONFIG" && break
+done
+test -n "$PKG_CONFIG" || PKG_CONFIG="none"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for GnuTLS installations.." >&5
+$as_echo "checking for GnuTLS installations.." >&6; }
+
+
+ ac_fn_c_check_header_mongrel "$LINENO" "gnutls/gnutls.h" "ac_cv_header_gnutls_gnutls_h" "$ac_includes_default"
+if test "x$ac_cv_header_gnutls_gnutls_h" = xyes; then :
+ gnutls_h_present=1
+fi
+
+
+
+ if test "$PKG_CONFIG" != "none"; then
+ if $PKG_CONFIG --exists gnutls; then
+ LIBS="$LIBS `$PKG_CONFIG --libs gnutls`"
+ libgnutls_present=1
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gnutls_certificate_set_x509_system_trust in -lgnutls" >&5
+$as_echo_n "checking for gnutls_certificate_set_x509_system_trust in -lgnutls... " >&6; }
+if ${ac_cv_lib_gnutls_gnutls_certificate_set_x509_system_trust+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgnutls $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gnutls_certificate_set_x509_system_trust ();
+int
+main ()
+{
+return gnutls_certificate_set_x509_system_trust ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gnutls_gnutls_certificate_set_x509_system_trust=yes
+else
+ ac_cv_lib_gnutls_gnutls_certificate_set_x509_system_trust=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gnutls_gnutls_certificate_set_x509_system_trust" >&5
+$as_echo "$ac_cv_lib_gnutls_gnutls_certificate_set_x509_system_trust" >&6; }
+if test "x$ac_cv_lib_gnutls_gnutls_certificate_set_x509_system_trust" = xyes; then :
+ libgnutls_present=1 &&
+ LIBS="$LIBS -lgnutls"
+fi
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** Warning: neither pkg-config nor python is available, disabling gnutls. ***" >&5
+$as_echo "*** Warning: neither pkg-config nor python is available, disabling gnutls. ***" >&6; }
+ fi
+
+ if test "x$gnutls_h_present" = "x1" -a "x$libgnutls_present" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: GnuTLS library found, SSL support enabled" >&5
+$as_echo "GnuTLS library found, SSL support enabled" >&6; }
+ # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
+ #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
+ $as_echo "#define PJ_HAS_SSL_SOCK 1" >>confdefs.h
+
+ $as_echo "#define PJ_HAS_TLS_SOCK 1" >>confdefs.h
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** No GnuTLS libraries found, disabling SSL support **" >&5
+$as_echo "** No GnuTLS libraries found, disabling SSL support **" >&6; }
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for OpenSSL installations.." >&5
$as_echo "checking for OpenSSL installations.." >&6; }
- if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
- CFLAGS="$CFLAGS -I$with_ssl/include"
- LDFLAGS="$LDFLAGS -L$with_ssl/lib"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using SSL prefix... $with_ssl" >&5
-$as_echo "Using SSL prefix... $with_ssl" >&6; }
- fi
- ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"
+ ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"
if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :
openssl_h_present=1
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ERR_load_BIO_strings in -lcrypto" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ERR_load_BIO_strings in -lcrypto" >&5
$as_echo_n "checking for ERR_load_BIO_strings in -lcrypto... " >&6; }
if ${ac_cv_lib_crypto_ERR_load_BIO_strings+:} false; then :
$as_echo_n "(cached) " >&6
Index: aconfigure.ac
===================================================================
--- aconfigure.ac (revision 5598)
+++ aconfigure.ac (working copy)
@@ -1540,22 +1540,59 @@
AC_SUBST(ac_no_ssl)
AC_SUBST(ac_ssl_has_aes_gcm,0)
AC_ARG_ENABLE(ssl,
- AS_HELP_STRING([--disable-ssl],
- [Exclude SSL support the build (default: autodetect)])
- ,
- [
- if test "$enable_ssl" = "no"; then
- [ac_no_ssl=1]
- AC_MSG_RESULT([Checking if SSL support is disabled... yes])
- fi
- ],
- [
- AC_MSG_RESULT([checking for OpenSSL installations..])
- if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
- CFLAGS="$CFLAGS -I$with_ssl/include"
- LDFLAGS="$LDFLAGS -L$with_ssl/lib"
- AC_MSG_RESULT([Using SSL prefix... $with_ssl])
- fi
+ AS_HELP_STRING([--enable-ssl[=backend]],
+ [Select 'gnutls' or 'openssl' (default) to provide SSL support (autodetect)]),
+ [ if test "x$enableval" = "xgnutls"; then
+ [ssl_backend="gnutls"]
+ else
+ [ssl_backend="openssl"]
+
+ fi
+ ])
+
+if test "x$enable_ssl" = "xno"; then
+ [ac_no_ssl=1]
+ AC_MSG_RESULT([Checking if SSL support is disabled... yes])
+else
+ if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
+ CFLAGS="$CFLAGS -I$with_ssl/include"
+ LDFLAGS="$LDFLAGS -L$with_ssl/lib"
+ AC_MSG_RESULT([Using SSL prefix... $with_ssl])
+ fi
+ if test "x$ssl_backend" = "xgnutls"; then
+ AC_CHECK_PROGS(PKG_CONFIG,
+ $host-pkg-config pkg-config "python pkgconfig.py",
+ none)
+ AC_MSG_RESULT([checking for GnuTLS installations..])
+ AC_SUBST(gnutls_h_present)
+ AC_SUBST(libgnutls_present)
+ AC_CHECK_HEADER(gnutls/gnutls.h, [gnutls_h_present=1])
+
+ if test "$PKG_CONFIG" != "none"; then
+ if $PKG_CONFIG --exists gnutls; then
+ LIBS="$LIBS `$PKG_CONFIG --libs gnutls`"
+ libgnutls_present=1
+ else
+ AC_CHECK_LIB(gnutls,
+ gnutls_certificate_set_x509_system_trust,
+ [libgnutls_present=1 &&
+ LIBS="$LIBS -lgnutls"])
+ fi
+ else
+ AC_MSG_RESULT([*** Warning: neither pkg-config nor python is availa
+ fi
+
+ if test "x$gnutls_h_present" = "x1" -a "x$libgnutls_present" = "x1"; th
+ AC_MSG_RESULT([GnuTLS library found, SSL support enabled])
+ # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
+ #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
+ AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
+ AC_DEFINE(PJ_HAS_TLS_SOCK, 1)
+ else
+ AC_MSG_RESULT([** No GnuTLS libraries found, disabling SSL support
+ fi
+ else
+ AC_MSG_RESULT([checking for OpenSSL installations..])
AC_SUBST(openssl_h_present)
AC_SUBST(libssl_present)
AC_SUBST(libcrypto_present)
@@ -1584,7 +1621,8 @@
else
AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
fi
- ])
+ fi
+fi
dnl # Obsolete option --with-opencore-amrnb
AC_ARG_WITH(opencore-amrnb,
Index: pjlib/build/Makefile
===================================================================
--- pjlib/build/Makefile (revision 5598)
+++ pjlib/build/Makefile (working copy)
@@ -35,7 +35,7 @@
guid.o hash.o ip_helper_generic.o list.o lock.o log.o os_time_common.o \
os_info.o pool.o pool_buf.o pool_caching.o pool_dbg.o rand.o \
rbtree.o sock_common.o sock_qos_common.o \
- ssl_sock_common.o ssl_sock_ossl.o ssl_sock_dump.o \
+ ssl_sock_common.o ssl_sock_ossl.o ssl_sock_gtls.o ssl_sock_dump.o \
string.o timer.o types.o
export PJLIB_CFLAGS += $(_CFLAGS)
export PJLIB_CXXFLAGS += $(_CXXFLAGS)
@@ -56,7 +56,6 @@
export TEST_CFLAGS += $(_CFLAGS)
export TEST_CXXFLAGS += $(_CXXFLAGS)
export TEST_LDFLAGS += $(PJLIB_LDLIB) $(_LDFLAGS)
-export TEST_EXE := pjlib-test-$(TARGET_NAME)$(HOST_EXE)
export CC_OUT CC AR RANLIB HOST_MV HOST_RM HOST_RMDIR HOST_MKDIR OBJEXT LD LDOUT
Index: pjlib/include/pj/compat/os_auto.h.in
===================================================================
--- pjlib/include/pj/compat/os_auto.h.in (revision 5598)
+++ pjlib/include/pj/compat/os_auto.h.in (working copy)
@@ -219,6 +219,9 @@
#ifndef PJ_HAS_SSL_SOCK
#undef PJ_HAS_SSL_SOCK
#endif
+#ifndef PJ_HAS_TLS_SOCK
+#undef PJ_HAS_TLS_SOCK
+#endif
#endif /* __PJ_COMPAT_OS_AUTO_H__ */
Index: pjlib/include/pj/config.h
===================================================================
--- pjlib/include/pj/config.h (revision 5598)
+++ pjlib/include/pj/config.h (working copy)
@@ -607,7 +607,7 @@
* Default: 0 (disabled, for now)
*/
#ifndef PJ_HAS_IPV6
-# define PJ_HAS_IPV6 0
+# define PJ_HAS_IPV6 1
#endif
/**
@@ -915,7 +915,7 @@
/**
* Enable secure socket. For most platforms, this is implemented using
- * OpenSSL, so this will require OpenSSL to be installed. For Symbian
+ * OpenSSL, so this will require OpenSSL or GnuTLS to be installed. For Symbian
* platform, this is implemented natively using CSecureSocket.
*
* Default: 0 (for now)
@@ -922,6 +922,8 @@
*/
#ifndef PJ_HAS_SSL_SOCK
# define PJ_HAS_SSL_SOCK 0
+ // When set to 1 secure sockets will use the GnuTLS backend
+# define PJ_HAS_TLS_SOCK 0
#endif
Index: pjlib/include/pj/ssl_sock.h
===================================================================
--- pjlib/include/pj/ssl_sock.h (revision 5598)
+++ pjlib/include/pj/ssl_sock.h (working copy)
@@ -184,6 +184,11 @@
pj_str_t raw; /**< Raw certificate in PEM format, only
available for remote certificate. */
+ struct {
+ unsigned cnt; /**< # of entry */
+ pj_str_t* cert_raw;
+ } raw_chain;
+
} pj_ssl_cert_info;
Index: pjlib/src/pj/ioqueue_common_abs.c
===================================================================
--- pjlib/src/pj/ioqueue_common_abs.c (revision 5598)
+++ pjlib/src/pj/ioqueue_common_abs.c (working copy)
@@ -1047,7 +1047,8 @@
/*
* Check that address storage can hold the address parameter.
*/
- PJ_ASSERT_RETURN(addrlen <= (int)sizeof(pj_sockaddr_in), PJ_EBUG);
+ PJ_ASSERT_RETURN((((pj_sockaddr*)addr)->addr.sa_family == pj_AF_INET() && addrlen <= (int)sizeof(pj_sockaddr_in)) ||
+ (((pj_sockaddr*)addr)->addr.sa_family == pj_AF_INET6() && addrlen <= (int)sizeof(pj_sockaddr_in6)), PJ_EBUG);
/*
* Schedule asynchronous send.
Index: pjlib/src/pj/ioqueue_common_abs.h
===================================================================
--- pjlib/src/pj/ioqueue_common_abs.h (revision 5598)
+++ pjlib/src/pj/ioqueue_common_abs.h (working copy)
@@ -63,7 +63,7 @@
pj_size_t size;
pj_ssize_t written;
unsigned flags;
- pj_sockaddr_in rmt_addr;
+ pj_sockaddr rmt_addr;
int rmt_addrlen;
};
Index: pjlib/src/pj/ssl_sock_common.c
===================================================================
--- pjlib/src/pj/ssl_sock_common.c (revision 5598)
+++ pjlib/src/pj/ssl_sock_common.c (working copy)
@@ -35,7 +35,12 @@
param->async_cnt = 1;
param->concurrency = -1;
param->whole_data = PJ_TRUE;
+#if defined(PJ_HAS_TLS_SOCK) && PJ_HAS_TLS_SOCK == 1
+ // GnuTLS is allowed to send bigger chunks
+ param->send_buffer_size = 65536;
+#else
param->send_buffer_size = 8192;
+#endif
#if !defined(PJ_SYMBIAN) || PJ_SYMBIAN==0
param->read_buffer_size = 1500;
#endif
Index: pjlib/src/pj/ssl_sock_ossl.c
===================================================================
--- pjlib/src/pj/ssl_sock_ossl.c (revision 5598)
+++ pjlib/src/pj/ssl_sock_ossl.c (working copy)
@@ -32,8 +32,10 @@
#include <pj/timer.h>
-/* Only build when PJ_HAS_SSL_SOCK is enabled */
-#if defined(PJ_HAS_SSL_SOCK) && PJ_HAS_SSL_SOCK!=0
+/* Only build when PJ_HAS_SSL_SOCK is enabled and when PJ_HAS_TLS_SOCK is
+ * disabled (meaning GnuTLS is off) */
+#if defined(PJ_HAS_SSL_SOCK) && PJ_HAS_SSL_SOCK != 0 && \
+ defined(PJ_HAS_TLS_SOCK) && PJ_HAS_TLS_SOCK == 0
#define THIS_FILE "ssl_sock_ossl.c"
Index: pjlib-util/build/Makefile
===================================================================
--- pjlib-util/build/Makefile (revision 5598)
+++ pjlib-util/build/Makefile (working copy)
@@ -54,7 +54,6 @@
export UTIL_TEST_CFLAGS += $(_CFLAGS)
export UTIL_TEST_CXXFLAGS += $(_CXXFLAGS)
export UTIL_TEST_LDFLAGS += $(PJLIB_UTIL_LDLIB) $(PJLIB_LDLIB) $(_LDFLAGS)
-export UTIL_TEST_EXE:=pjlib-util-test-$(TARGET_NAME)$(HOST_EXE)
export CC_OUT CC AR RANLIB HOST_MV HOST_RM HOST_RMDIR HOST_MKDIR OBJEXT LD LDOUT
Index: pjmedia/build/Makefile
===================================================================
--- pjmedia/build/Makefile (revision 5598)
+++ pjmedia/build/Makefile (working copy)
@@ -166,7 +166,6 @@
$(PJLIB_UTIL_LDLIB) \
$(PJLIB_LDLIB) \
$(_LDFLAGS)
-export PJMEDIA_TEST_EXE:=pjmedia-test-$(TARGET_NAME)$(HOST_EXE)
export CC_OUT CC AR RANLIB HOST_MV HOST_RM HOST_RMDIR HOST_MKDIR OBJEXT LD LDOUT
Index: pjmedia/src/pjmedia/transport_srtp.c
===================================================================
--- pjmedia/src/pjmedia/transport_srtp.c (revision 5598)
+++ pjmedia/src/pjmedia/transport_srtp.c (working copy)
@@ -31,7 +31,8 @@
#if defined(PJMEDIA_HAS_SRTP) && (PJMEDIA_HAS_SRTP != 0)
-#if defined(PJ_HAS_SSL_SOCK) && (PJ_HAS_SSL_SOCK != 0)
+#if defined(PJ_HAS_SSL_SOCK) && PJ_HAS_SSL_SOCK != 0 && \
+ defined(PJ_HAS_TLS_SOCK) && PJ_HAS_TLS_SOCK == 0
# include <openssl/rand.h>
# include <openssl/opensslv.h>
Index: pjnath/build/Makefile
===================================================================
--- pjnath/build/Makefile (revision 5598)
+++ pjnath/build/Makefile (working copy)
@@ -54,7 +54,6 @@
export PJNATH_TEST_CFLAGS += $(_CFLAGS)
export PJNATH_TEST_CXXFLAGS += $(_CXXFLAGS)
export PJNATH_TEST_LDFLAGS += $(PJNATH_LDLIB) $(PJLIB_UTIL_LDLIB) $(PJLIB_LDLIB) $(_LDFLAGS)
-export PJNATH_TEST_EXE:=pjnath-test-$(TARGET_NAME)$(HOST_EXE)
###############################################################################
@@ -65,7 +64,6 @@
export PJTURN_CLIENT_CFLAGS += $(_CFLAGS)
export PJTURN_CLIENT_CXXFLAGS += $(_CXXFLAGS)
export PJTURN_CLIENT_LDFLAGS += $(PJNATH_LDLIB) $(PJLIB_UTIL_LDLIB) $(PJLIB_LDLIB) $(_LDFLAGS)
-export PJTURN_CLIENT_EXE:=pjturn-client-$(TARGET_NAME)$(HOST_EXE)
###############################################################################
# Defines for building TURN server application
@@ -76,7 +74,6 @@
export PJTURN_SRV_CFLAGS += $(_CFLAGS)
export PJTURN_SRV_CXXFLAGS += $(_CXXFLAGS)
export PJTURN_SRV_LDFLAGS += $(PJNATH_LDLIB) $(PJLIB_UTIL_LDLIB) $(PJLIB_LDLIB) $(_LDFLAGS)
-export PJTURN_SRV_EXE:=pjturn-srv-$(TARGET_NAME)$(HOST_EXE)
Index: pjnath/include/pjnath/config.h
===================================================================
--- pjnath/include/pjnath/config.h (revision 5598)
+++ pjnath/include/pjnath/config.h (working copy)
@@ -231,7 +231,7 @@
* Default: 16
*/
#ifndef PJ_ICE_MAX_CAND
-# define PJ_ICE_MAX_CAND 16
+# define PJ_ICE_MAX_CAND 32
#endif
@@ -252,7 +252,7 @@
* Default: 2
*/
#ifndef PJ_ICE_MAX_STUN
-# define PJ_ICE_MAX_STUN 2
+# define PJ_ICE_MAX_STUN 3
#endif
@@ -272,7 +272,7 @@
* the maximum number of components (PJ_ICE_MAX_COMP) value.
*/
#ifndef PJ_ICE_COMP_BITS
-# define PJ_ICE_COMP_BITS 1
+# define PJ_ICE_COMP_BITS 2
#endif
@@ -323,7 +323,7 @@
* Default: 32
*/
#ifndef PJ_ICE_MAX_CHECKS
-# define PJ_ICE_MAX_CHECKS 32
+# define PJ_ICE_MAX_CHECKS 150
#endif
Index: pjnath/include/pjnath/ice_strans.h
===================================================================
--- pjnath/include/pjnath/ice_strans.h (revision 5598)
+++ pjnath/include/pjnath/ice_strans.h (working copy)
@@ -933,6 +933,8 @@
int dst_addr_len);
+PJ_DECL(pj_ice_sess *) pj_ice_strans_get_ice_sess(pj_ice_strans *ice_st);
+
/**
* @}
*/
Index: pjnath/src/pjnath/ice_strans.c
===================================================================
--- pjnath/src/pjnath/ice_strans.c (revision 5598)
+++ pjnath/src/pjnath/ice_strans.c (working copy)
@@ -1195,7 +1195,12 @@
}
}
+PJ_DECL(pj_ice_sess *) pj_ice_strans_get_ice_sess( pj_ice_strans *ice_st )
+{
+ return ice_st->ice;
+}
+
/*
* Get the ICE username fragment and password of the ICE session.
*/
@@ -1342,6 +1347,9 @@
pj_sockaddr addrs[PJ_ICE_ST_MAX_CAND];
unsigned j, count=0;
+ if (!comp->turn[n].sock)
+ continue;
+
/* Gather remote addresses for this component */
for (j=0; j<rem_cand_cnt && count<PJ_ARRAY_SIZE(addrs); ++j) {
if (rem_cand[j].comp_id==i+1 &&
@@ -2104,6 +2112,39 @@
sess_init_update(comp->ice_st);
+ } else if ((old_state == PJ_TURN_STATE_RESOLVING || old_state == PJ_TURN_STATE_ALLOCATING) &&
+ new_state >= PJ_TURN_STATE_DEALLOCATING)
+ {
+ pj_ice_sess_cand *cand = NULL;
+ unsigned i;
+
+ /* DNS resolution has failed! */
+ ++comp->turn[tp_idx].err_cnt;
+
+ /* Unregister ourself from the TURN relay */
+ pj_turn_sock_set_user_data(turn_sock, NULL);
+ comp->turn[tp_idx].sock = NULL;
+
+ /* Wait until initialization completes */
+ pj_grp_lock_acquire(comp->ice_st->grp_lock);
+
+ /* Find relayed candidate in the component */
+ for (i=0; i<comp->cand_cnt; ++i) {
+ if (comp->cand_list[i].type == PJ_ICE_CAND_TYPE_RELAYED &&
+ comp->cand_list[i].transport_id == data->transport_id)
+ {
+ cand = &comp->cand_list[i];
+ break;
+ }
+ }
+ pj_assert(cand != NULL);
+
+ pj_grp_lock_release(comp->ice_st->grp_lock);
+
+ cand->status = old_state == PJ_TURN_STATE_RESOLVING ? PJ_ERESOLVE : PJ_EINVALIDOP;
+
+ sess_init_update(comp->ice_st);
+
} else if (new_state >= PJ_TURN_STATE_DEALLOCATING) {
pj_turn_session_info info;
Index: pjnath/src/pjnath/turn_session.c
===================================================================
--- pjnath/src/pjnath/turn_session.c (revision 5598)
+++ pjnath/src/pjnath/turn_session.c (working copy)
@@ -651,7 +651,7 @@
PJ_ASSERT_RETURN(default_port>0 && default_port<65536, PJ_EINVAL);
sess->default_port = (pj_uint16_t)default_port;
- cnt = PJ_TURN_MAX_DNS_SRV_CNT;
+ cnt = 1;
ai = (pj_addrinfo*)
pj_pool_calloc(sess->pool, cnt, sizeof(pj_addrinfo));
Index: pjsip/build/Makefile
===================================================================
--- pjsip/build/Makefile (revision 5598)
+++ pjsip/build/Makefile (working copy)
@@ -140,7 +140,7 @@
account.o endpoint.o json.o persistent.o types.o \
siptypes.o call.o presence.o media.o
export PJSUA2_LIB_CFLAGS += $(_CFLAGS) $(PJ_VIDEO_CFLAGS)
-export PJSUA2_LIB_CXXFLAGS = $(PJSUA2_LIB_CFLAGS)
+export PJSUA2_LIB_CXXFLAGS = $(_CXXFLAGS) $(PJ_VIDEO_CFLAGS)
export PJSUA2_LIB_LDFLAGS += $(PJSUA_LIB_LDLIB) \
$(PJSIP_UA_LDLIB) \
$(PJSIP_SIMPLE_LDLIB) \
@@ -165,7 +165,6 @@
export PJSUA2_TEST_CFLAGS += $(_CFLAGS) $(PJ_VIDEO_CFLAGS)
export PJSUA2_TEST_CXXFLAGS = $(PJSUA2_LIB_CFLAGS)
export PJSUA2_TEST_LDFLAGS += $(PJ_LDXXFLAGS) $(PJ_LDXXLIBS) $(LDFLAGS)
-export PJSUA2_TEST_EXE := pjsua2-test-$(TARGET_NAME)$(HOST_EXE)
export CC_OUT CC AR RANLIB HOST_MV HOST_RM HOST_RMDIR HOST_MKDIR OBJEXT LD LDOUT
@@ -195,7 +194,6 @@
$(PJNATH_LDLIB) \
$(PJLIB_LDLIB) \
$(_LDFLAGS)
-export TEST_EXE := pjsip-test-$(TARGET_NAME)$(HOST_EXE)
export CC_OUT CC AR RANLIB HOST_MV HOST_RM HOST_RMDIR HOST_MKDIR OBJEXT LD LDOUT
Index: pjsip/include/pjsip/sip_types.h
===================================================================
--- pjsip/include/pjsip/sip_types.h (revision 5598)
+++ pjsip/include/pjsip/sip_types.h (working copy)
@@ -73,6 +73,9 @@
/** TLS. */
PJSIP_TRANSPORT_TLS,
+ /** DTLS. */
+ PJSIP_TRANSPORT_DTLS,
+
/** SCTP. */
PJSIP_TRANSPORT_SCTP,
@@ -95,8 +98,11 @@
PJSIP_TRANSPORT_TCP6 = PJSIP_TRANSPORT_TCP + PJSIP_TRANSPORT_IPV6,
/** TLS over IPv6 */
- PJSIP_TRANSPORT_TLS6 = PJSIP_TRANSPORT_TLS + PJSIP_TRANSPORT_IPV6
+ PJSIP_TRANSPORT_TLS6 = PJSIP_TRANSPORT_TLS + PJSIP_TRANSPORT_IPV6,
+ /** DTLS over IPv6 */
+ PJSIP_TRANSPORT_DTLS6 = PJSIP_TRANSPORT_DTLS + PJSIP_TRANSPORT_IPV6
+
} pjsip_transport_type_e;
Index: pjsip/src/pjsip/sip_transport.c
===================================================================
--- pjsip/src/pjsip/sip_transport.c (revision 5598)
+++ pjsip/src/pjsip/sip_transport.c (working copy)
@@ -183,6 +183,13 @@
PJSIP_TRANSPORT_RELIABLE | PJSIP_TRANSPORT_SECURE
},
{
+ PJSIP_TRANSPORT_DTLS,
+ 5061,
+ {"DTLS", 4},
+ "DTLS transport",
+ PJSIP_TRANSPORT_SECURE
+ },
+ {
PJSIP_TRANSPORT_SCTP,
5060,
{"SCTP", 4},
@@ -224,6 +231,13 @@
"TLS IPv6 transport",
PJSIP_TRANSPORT_RELIABLE | PJSIP_TRANSPORT_SECURE
},
+ {
+ PJSIP_TRANSPORT_DTLS6,
+ 5061,
+ {"DTLS", 4},
+ "DTLS IPv6 transport",
+ PJSIP_TRANSPORT_SECURE
+ },
};
static void tp_state_callback(pjsip_transport *tp,
@@ -249,7 +263,7 @@
*/
PJ_DEF(pj_status_t) pjsip_transport_register_type( unsigned tp_flag,
const char *tp_name,
- int def_port,
+ int def_port,
int *p_tp_type)
{
unsigned i;
@@ -1277,22 +1291,22 @@
pj_lock_acquire(mgr->lock);
- /* Check that no factory with the same type has been registered. */
+ /* Check that no factory with the same type and bound address has been registered. */
status = PJ_SUCCESS;
for (p=mgr->factory_list.next; p!=&mgr->factory_list; p=p->next) {
- if (p->type == tpf->type) {
- status = PJSIP_ETYPEEXISTS;
- break;
- }
- if (p == tpf) {
- status = PJ_EEXISTS;
- break;
- }
+ if (p->type == tpf->type && !pj_sockaddr_cmp(&tpf->local_addr, &p->local_addr)) {
+ status = PJSIP_ETYPEEXISTS;
+ break;
+ }
+ if (p == tpf) {
+ status = PJ_EEXISTS;
+ break;
+ }
}
if (status != PJ_SUCCESS) {
- pj_lock_release(mgr->lock);
- return status;
+ pj_lock_release(mgr->lock);
+ return status;
}
pj_list_insert_before(&mgr->factory_list, tpf);
@@ -2076,13 +2090,11 @@
pj_memcpy(&key.rem_addr, remote, addr_len);
transport = (pjsip_transport*)
- pj_hash_get(mgr->table, &key, key_len, NULL);
-
+ pj_hash_get(mgr->table, &key, key_len, NULL);
+ unsigned flag = pjsip_transport_get_flag_from_type(type);
if (transport == NULL) {
- unsigned flag = pjsip_transport_get_flag_from_type(type);
const pj_sockaddr *remote_addr = (const pj_sockaddr*)remote;
-
/* Ignore address for loop transports. */
if (type == PJSIP_TRANSPORT_LOOP ||
type == PJSIP_TRANSPORT_LOOP_DGRAM)
@@ -2164,6 +2176,11 @@
}
} else {
+ /* Make sure we don't use another factory than the one given if secure flag is set */
+ if (flag & PJSIP_TRANSPORT_SECURE) {
+ TRACE_((THIS_FILE, "Can't create new TLS transport with no provided suitable TLS listener."));
+ return PJSIP_ETPNOTSUITABLE;
+ }
/* Find factory with type matches the destination type */
factory = mgr->factory_list.next;
_______________________________________________
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
