[Asterisk-code-review] config transport: Tell pjproject to allow all SSL/TLS proto... (asterisk[certified/13.8])

Anonymous Coward asteriskteam at digium.com
Fri May 13 17:57:54 CDT 2016


Anonymous Coward #1000019 has submitted this change and it was merged.

Change subject: config_transport:  Tell pjproject to allow all SSL/TLS protocols
......................................................................


config_transport:  Tell pjproject to allow all SSL/TLS protocols

The default tls settings for pjproject only allow TLS 1, TLS 1.1 and TLS 1.2.
SSL is not allowed.   So, even if you specify "sslv3" for a transport method,
it's silently ignored and one of the TLS protocols is used.  This was a new
behavior of pjsip_tls_setting_default() in 2.4 (when tls.proto was added) that
we never caught.

Now we need to set tls.proto = 0 after we call pjsip_tls_setting_default().
This tells pjproject to set the socket protocol to match the method.

ASTERISK-26004 #close

Change-Id: Icfb55c1ebe921298dedb4b1a1d3bdc3ca41dd078
---
M res/res_pjsip/config_transport.c
1 file changed, 4 insertions(+), 0 deletions(-)

Approvals:
  Kevin Harwell: Looks good to me, but someone else must approve
  Anonymous Coward #1000019: Verified
  Joshua Colp: Looks good to me, approved



diff --git a/res/res_pjsip/config_transport.c b/res/res_pjsip/config_transport.c
index d2c0874..3a5afb6 100644
--- a/res/res_pjsip/config_transport.c
+++ b/res/res_pjsip/config_transport.c
@@ -378,6 +378,10 @@
 	new_state->type = transport->type;
 
 	pjsip_tls_setting_default(&new_state->tls);
+#ifdef HAVE_PJSIP_TLS_TRANSPORT_PROTO
+	/* proto must be forced to 0 to enable all protocols otherwise only TLS will work */
+	new_state->tls.proto = 0;
+#endif
 	new_state->tls.ciphers = new_state->ciphers;
 
 	ao2_ref(new_state, +1);

-- 
To view, visit https://gerrit.asterisk.org/2830
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Icfb55c1ebe921298dedb4b1a1d3bdc3ca41dd078
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: certified/13.8
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>



More information about the asterisk-code-review mailing list