[Asterisk-code-review] config transport: Tell pjproject to allow all SSL/TLS proto... (asterisk[certified/13.8])
Anonymous Coward
asteriskteam at digium.com
Fri May 13 17:57:54 CDT 2016
Anonymous Coward #1000019 has submitted this change and it was merged.
Change subject: config_transport: Tell pjproject to allow all SSL/TLS protocols
......................................................................
config_transport: Tell pjproject to allow all SSL/TLS protocols
The default tls settings for pjproject only allow TLS 1, TLS 1.1 and TLS 1.2.
SSL is not allowed. So, even if you specify "sslv3" for a transport method,
it's silently ignored and one of the TLS protocols is used. This was a new
behavior of pjsip_tls_setting_default() in 2.4 (when tls.proto was added) that
we never caught.
Now we need to set tls.proto = 0 after we call pjsip_tls_setting_default().
This tells pjproject to set the socket protocol to match the method.
ASTERISK-26004 #close
Change-Id: Icfb55c1ebe921298dedb4b1a1d3bdc3ca41dd078
---
M res/res_pjsip/config_transport.c
1 file changed, 4 insertions(+), 0 deletions(-)
Approvals:
Kevin Harwell: Looks good to me, but someone else must approve
Anonymous Coward #1000019: Verified
Joshua Colp: Looks good to me, approved
diff --git a/res/res_pjsip/config_transport.c b/res/res_pjsip/config_transport.c
index d2c0874..3a5afb6 100644
--- a/res/res_pjsip/config_transport.c
+++ b/res/res_pjsip/config_transport.c
@@ -378,6 +378,10 @@
new_state->type = transport->type;
pjsip_tls_setting_default(&new_state->tls);
+#ifdef HAVE_PJSIP_TLS_TRANSPORT_PROTO
+ /* proto must be forced to 0 to enable all protocols otherwise only TLS will work */
+ new_state->tls.proto = 0;
+#endif
new_state->tls.ciphers = new_state->ciphers;
ao2_ref(new_state, +1);
--
To view, visit https://gerrit.asterisk.org/2830
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Icfb55c1ebe921298dedb4b1a1d3bdc3ca41dd078
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: certified/13.8
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
More information about the asterisk-code-review
mailing list