r3011 - in trunk: build.d libmcrypto libmcrypto/include/libmcrypto
libmcrypto/include/libmcrypto/openssl libmcrypto/m4
libmcrypto/source libmcrypto/source/openssl libminisip/source
libmnetutil libmnetutil/include
libmnetutil/include/libmnetutil libmnetutil/m4
libmnetutil/source libmnetutil/tests libmsip/source
mikma at minisip.org
mikma at minisip.org
Mon Dec 11 21:56:25 CET 2006
Author: mikma
Date: 2006-12-11 21:56:24 +0100 (Mon, 11 Dec 2006)
New Revision: 3011
Added:
trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h
trunk/libmcrypto/include/libmcrypto/TLSSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h
trunk/libmcrypto/include/libmcrypto/uninst_config.h
trunk/libmcrypto/source/openssl/TLSException.cxx
Removed:
trunk/libmnetutil/include/libmnetutil/TLSServerSocket.h
trunk/libmnetutil/include/libmnetutil/TLSSocket.h
trunk/libmnetutil/source/TLSServerSocket.cxx
trunk/libmnetutil/source/TLSSocket.cxx
Modified:
trunk/build.d/build.conf
trunk/libmcrypto/configure.ac
trunk/libmcrypto/include/libmcrypto/ZrtpDH.h
trunk/libmcrypto/include/libmcrypto/aes.h
trunk/libmcrypto/include/libmcrypto/cert.h
trunk/libmcrypto/include/libmcrypto/hmac.h
trunk/libmcrypto/include/libmcrypto/hmac256.h
trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am
trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h
trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h
trunk/libmcrypto/include/libmcrypto/sha256.h
trunk/libmcrypto/m4/libmcrypto.m4
trunk/libmcrypto/source/Makefile.am
trunk/libmcrypto/source/init.cxx
trunk/libmcrypto/source/openssl/Makefile.am
trunk/libmcrypto/source/openssl/TLSServerSocket.cxx
trunk/libmcrypto/source/openssl/TLSSocket.cxx
trunk/libminisip/source/Minisip.cxx
trunk/libmnetutil/Makefile.am
trunk/libmnetutil/configure.ac
trunk/libmnetutil/include/Makefile.am
trunk/libmnetutil/include/libmnetutil/NetworkException.h
trunk/libmnetutil/m4/libmnetutil.m4
trunk/libmnetutil/source/NetworkException.cxx
trunk/libmnetutil/tests/000_compile.cxx
trunk/libmsip/source/SipDialogConfig.cxx
trunk/libmsip/source/SipLayerTransport.cxx
trunk/libmsip/source/SipStackInternal.cxx
Log:
Move (openssl) TLS implementation to libmcrypto, and reverse
dependency between libmnetutil and libmcrypto.
Limiting use of openssl to libmcrypto will make an alternative gnutls
implementation cleaner.
Modified: trunk/build.d/build.conf
===================================================================
--- trunk/build.d/build.conf 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/build.d/build.conf 2006-12-11 20:56:24 UTC (rev 3011)
@@ -18,10 +18,10 @@
%dependencies = (
# core portability and platform libraries
libmutil => [ ],
- libmcrypto => [ 'libmutil' ],
+ libmcrypto => [ qw( libmutil libmnetutil ) ],
libzrtpcpp => [ 'libmutil' ],
- libmnetutil => [ qw( libmutil libmcrypto ) ],
+ libmnetutil => [ qw( libmutil ) ],
# IETF RFC standard libraries
libmstun => [ qw( libmutil libmcrypto libmnetutil ) ],
Modified: trunk/libmcrypto/configure.ac
===================================================================
--- trunk/libmcrypto/configure.ac 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/configure.ac 2006-12-11 20:56:24 UTC (rev 3011)
@@ -22,6 +22,7 @@
AM_LIBMCRYPTO_ENABLE_FAST_AES
AM_MINISIP_CHECK_LIBMUTIL([0.3.1])
+AM_MINISIP_CHECK_LIBMNETUTIL([0.3.1])
AM_MINISIP_CHECK_COMPLETE
dnl Checks for libraries.
Copied: trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h (from rev 2989, trunk/libmcrypto/include/libmcrypto/cert.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/cert.h 2006-12-04 11:07:18 UTC (rev 2989)
+++ trunk/libmcrypto/include/libmcrypto/TLSServerSocket.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -0,0 +1,36 @@
+/*
+ Copyright (C) 2006 Zachary T Welch
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Zachary T Welch <zach-minisip at splitstring.com>
+ */
+
+#ifndef MLIBMCRYPTO_TLSSERVERSOCKET_H
+#define MLIBMCRYPTO_TLSSERVERSOCKET_H
+
+// XXX: replace this forward compatibility layer with a Bridge interface
+#include<libmcrypto/uninst_config.h>
+
+#include<config.h>
+#ifdef HAVE_OPENSSL
+#include<libmcrypto/openssl/TLSServerSocket.h>
+#elif defined( HAVE_GNUTLS )
+#include<libmcrypto/gnutls/TLSServerSocket.h>
+#endif // HAVE_GNUTLS
+
+#endif // MLIBMCRYPTO_TLSSERVERSOCKET_H
Copied: trunk/libmcrypto/include/libmcrypto/TLSSocket.h (from rev 2989, trunk/libmcrypto/include/libmcrypto/cert.h)
===================================================================
--- trunk/libmcrypto/include/libmcrypto/cert.h 2006-12-04 11:07:18 UTC (rev 2989)
+++ trunk/libmcrypto/include/libmcrypto/TLSSocket.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -0,0 +1,36 @@
+/*
+ Copyright (C) 2006 Zachary T Welch
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Zachary T Welch <zach-minisip at splitstring.com>
+ */
+
+#ifndef MLIBMCRYPTO_TLSSOCKET_H
+#define MLIBMCRYPTO_TLSSOCKET_H
+
+// XXX: replace this forward compatibility layer with a Bridge interface
+#include<libmcrypto/uninst_config.h>
+
+#include<config.h>
+#ifdef HAVE_OPENSSL
+#include<libmcrypto/openssl/TLSSocket.h>
+#elif defined( HAVE_GNUTLS )
+#include<libmcrypto/gnutls/TLSSocket.h>
+#endif // HAVE_GNUTLS
+
+#endif // MLIBMCRYPTO_TLSSOCKET_H
Modified: trunk/libmcrypto/include/libmcrypto/ZrtpDH.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/ZrtpDH.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/ZrtpDH.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -25,13 +25,12 @@
#define MLIBMCRYPTO_DH_H
// XXX: replace this forward compatibility layer with a Bridge interface
-#define HAVE_OPENSSL
+#include<libmcrypto/uninst_config.h>
#include <config.h>
#ifdef HAVE_OPENSSL
#include<libmcrypto/openssl/ZrtpDH.h>
-#endif // HAVE_OPENSSL
-#ifdef HAVE_GNUTLS
+#elif defined( HAVE_GNUTLS )
#error "gnutls aes support is not complete"
#endif // HAVE_GNUTLS
Modified: trunk/libmcrypto/include/libmcrypto/aes.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/aes.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/aes.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -24,13 +24,12 @@
#define MLIBMCRYPTO_AES_H
// XXX: replace this forward compatibility layer with a Bridge interface
-#define HAVE_OPENSSL
+#include<libmcrypto/uninst_config.h>
#include<config.h>
#ifdef HAVE_OPENSSL
#include<libmcrypto/openssl/aes.h>
-#endif // HAVE_OPENSSL
-#ifdef HAVE_GNUTLS
+#elif defined(HAVE_GNUTLS)
#error "gnutls aes support is not complete"
#endif // HAVE_GNUTLS
Modified: trunk/libmcrypto/include/libmcrypto/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/cert.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/cert.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -24,16 +24,13 @@
#define MLIBMCRYPTO_CERT_H
// XXX: replace this forward compatibility layer with a Bridge interface
-#define HAVE_OPENSSL
+#include<libmcrypto/uninst_config.h>
#include<config.h>
#ifdef HAVE_OPENSSL
#include<libmcrypto/openssl/cert.h>
-#endif // HAVE_OPENSSL
-#ifdef HAVE_GNUTLS
+#elif defined( HAVE_GNUTLS )
#include<libmcrypto/gnutls/cert.h>
#endif // HAVE_GNUTLS
#endif // MLIBMCRYPTO_CERT_H
-
-
Modified: trunk/libmcrypto/include/libmcrypto/hmac.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/hmac.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/hmac.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -24,13 +24,12 @@
#define MLIBMCRYPTO_HMAC_H
// XXX: replace this forward compatibility layer with a Bridge interface
-#define HAVE_OPENSSL
+#include<libmcrypto/uninst_config.h>
#include<config.h>
#ifdef HAVE_OPENSSL
#include<libmcrypto/openssl/hmac.h>
-#endif // HAVE_OPENSSL
-#ifdef HAVE_GNUTLS
+#elif defined( HAVE_GNUTLS )
#error "gnutls hmac support is not complete"
#endif // HAVE_GNUTLS
Modified: trunk/libmcrypto/include/libmcrypto/hmac256.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/hmac256.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/hmac256.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -24,13 +24,12 @@
#define MLIBMCRYPTO_HMAC_SHA256_H
// XXX: replace this forward compatibility layer with a Bridge interface
-#define HAVE_OPENSSL
+#include<libmcrypto/uninst_config.h>
#include<config.h>
#ifdef HAVE_OPENSSL
#include<libmcrypto/openssl/hmac256.h>
-#endif // HAVE_OPENSSL
-#ifdef HAVE_GNUTLS
+#elif defined( HAVE_GNUTLS )
#error "gnutls hmac256 support is not complete"
#endif // HAVE_GNUTLS
Modified: trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/openssl/Makefile.am 2006-12-11 20:56:24 UTC (rev 3011)
@@ -10,6 +10,9 @@
cert.h \
ZrtpDH.h \
hmac.h \
+ TLSException.h \
+ TLSServerSocket.h \
+ TLSSocket.h \
$(OTHER_FILES)
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
Copied: trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h (from rev 2989, trunk/libmnetutil/include/libmnetutil/NetworkException.h)
===================================================================
--- trunk/libmnetutil/include/libmnetutil/NetworkException.h 2006-12-04 11:07:18 UTC (rev 2989)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSException.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -0,0 +1,61 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ */
+
+#ifndef TLS_EXCEPTION_H
+#define TLS_EXCEPTION_H
+
+#include<libmcrypto/config.h>
+#include<libmnetutil/NetworkException.h>
+
+#include<openssl/ssl.h>
+
+class LIBMCRYPTO_API TLSConnectFailed : public ConnectFailed{
+ public:
+ TLSConnectFailed( int errorNumber, SSL * ssl );
+ virtual ~TLSConnectFailed() throw(){}
+ virtual const char* what();
+
+ private:
+ SSL * ssl;
+ std::string msg;
+};
+
+class LIBMCRYPTO_API TLSInitFailed : public NetworkException{
+ public:
+ TLSInitFailed();
+ virtual ~TLSInitFailed() throw(){}
+ virtual const char *what();
+ private:
+ std::string msg;
+};
+
+class LIBMCRYPTO_API TLSContextInitFailed : public NetworkException{
+ public:
+ TLSContextInitFailed();
+ virtual ~TLSContextInitFailed() throw(){}
+ virtual const char*what();
+ private:
+ std::string msg;
+};
+
+#endif
Modified: trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSServerSocket.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -24,9 +24,9 @@
#ifndef TLSSERVERSOCKET_H
#define TLSSERVERSOCKET_H
-#include<libmnetutil/libmnetutil_config.h>
+#include<libmcrypto/config.h>
-#include<libmnetutil/TLSSocket.h>
+#include<libmcrypto/TLSSocket.h>
#include<libmnetutil/IP4ServerSocket.h>
#include<libmcrypto/cert.h>
Modified: trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/openssl/TLSSocket.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -24,7 +24,7 @@
#ifndef TLSSOCKET_H
#define TLSSOCKET_H
-#include<libmnetutil/libmnetutil_config.h>
+#include<libmcrypto/config.h>
#include<openssl/ssl.h>
Modified: trunk/libmcrypto/include/libmcrypto/sha256.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/sha256.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/sha256.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -25,13 +25,12 @@
#define MLIBMCRYPTO_SHA256_H
// XXX: replace this forward compatibility layer with a Bridge interface
-#define HAVE_OPENSSL
+#include<libmcrypto/uninst_config.h>
#include<config.h>
#ifdef HAVE_OPENSSL
#include<libmcrypto/openssl/sha256.h>
-#endif // HAVE_OPENSSL
-#ifdef HAVE_GNUTLS
+#elif defined( HAVE_GNUTLS )
#error "gnutls sha256 support is not complete"
#endif // HAVE_GNUTLS
Added: trunk/libmcrypto/include/libmcrypto/uninst_config.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/uninst_config.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/include/libmcrypto/uninst_config.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -0,0 +1 @@
+#define HAVE_OPENSSL
Property changes on: trunk/libmcrypto/include/libmcrypto/uninst_config.h
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Name: svn:eol-style
+ native
Modified: trunk/libmcrypto/m4/libmcrypto.m4
===================================================================
--- trunk/libmcrypto/m4/libmcrypto.m4 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/m4/libmcrypto.m4 2006-12-11 20:56:24 UTC (rev 3011)
@@ -54,6 +54,10 @@
AC_MSG_ERROR([Could not find libssl header files. Please install
the corresponding development package.])
])
+
+if test "x${HAVE_OPENSSL}" = "x1"; then
+ AC_DEFINE([HAVE_OPENSSL], 1, [Define to 1 if you have OpenSSL.])
+fi
AM_CONDITIONAL(HAVE_OPENSSL, test "x${HAVE_OPENSSL}" = "x1")
LIBS="${mcrypto_save_LIBS}"
@@ -73,8 +77,8 @@
AC_CHECK_HEADER(gnutls/x509.h)
AC_MSG_NOTICE([Sorry, but gnutls support is not complete.])
GNUTLS_LIBS="-lgnutls"
-dnl AC_DEFINE([HAVE_GNUTLS], 1, [Define to 1 if you have gnutls.])
-dnl HAVE_GNUTLS=yes
+ AC_DEFINE([HAVE_GNUTLS], 1, [Define to 1 if you have gnutls.])
+ HAVE_GNUTLS=yes
],[])
AM_CONDITIONAL(HAVE_GNUTLS, test "x${HAVE_GNUTLS}" = "xyes")
AC_SUBST(GNUTLS_LIBS)
@@ -85,7 +89,7 @@
# AM_MINISIP_CHECK_LIBMCRYPTO(VERSION)
# ------------------------------------
AC_DEFUN([AM_MINISIP_CHECK_LIBMCRYPTO],[
- AC_REQUIRE([AM_MINISIP_CHECK_LIBMUTIL]) dnl
+ AC_REQUIRE([AM_MINISIP_CHECK_LIBMNETUTIL]) dnl
dnl AC_REQUIRE([AM_MINISIP_CHECK_OPENSSL]) dnl
AC_MINISIP_WITH_ARG(MCRYPTO, mcrypto, libmcrypto, $1, [REQUIRED], [dnl
dnl if HAVE_OPENSSL
Modified: trunk/libmcrypto/source/Makefile.am
===================================================================
--- trunk/libmcrypto/source/Makefile.am 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/source/Makefile.am 2006-12-11 20:56:24 UTC (rev 3011)
@@ -3,11 +3,12 @@
if HAVE_OPENSSL
BUILD_DIRS += openssl
BUILD_LIBS += openssl/libmcopenssl.la
-endif
+else
if HAVE_GNUTLS
BUILD_DIRS += gnutls
BUILD_LIBS += gnutls/libmcgnutls.la
endif
+endif
SUBDIRS = $(BUILD_DIRS) uuid .
DIST_SUBDIRS = openssl gnutls uuid
Modified: trunk/libmcrypto/source/init.cxx
===================================================================
--- trunk/libmcrypto/source/init.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/source/init.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -33,12 +33,14 @@
void libmcryptoInit()
{
+#if 0
#ifdef HAVE_OPENSSL
OpensslThreadGuard::initialize();
#endif
#ifdef HAVE_GNUTLS
GnutlsThreadGuard::initialize();
#endif
+#endif
}
// ====================================================================
Modified: trunk/libmcrypto/source/openssl/Makefile.am
===================================================================
--- trunk/libmcrypto/source/openssl/Makefile.am 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/source/openssl/Makefile.am 2006-12-11 20:56:24 UTC (rev 3011)
@@ -15,6 +15,9 @@
ZrtpDH.cxx \
hmac.cxx \
rand.cxx \
+ TLSException.cxx \
+ TLSServerSocket.cxx \
+ TLSSocket.cxx \
$(OTHER_FILES)
libmcopenssl_la_LIBADD = $(OPENSSL_LIBS)
Copied: trunk/libmcrypto/source/openssl/TLSException.cxx (from rev 2989, trunk/libmnetutil/source/NetworkException.cxx)
===================================================================
--- trunk/libmnetutil/source/NetworkException.cxx 2006-12-04 11:07:18 UTC (rev 2989)
+++ trunk/libmcrypto/source/openssl/TLSException.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -0,0 +1,77 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+ Copyright (C) 2006 Mikael Magnusson
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson at it.kth.se>
+ * Johan Bilien <jobi at via.ecp.fr>
+ * Mikael Magnusson <mikma at users.sourceforge.net>
+*/
+
+
+#include<config.h>
+
+#include<libmcrypto/openssl/TLSException.h>
+
+using namespace std;
+
+TLSInitFailed::TLSInitFailed():NetworkException(){
+}
+
+TLSContextInitFailed::TLSContextInitFailed():NetworkException(){
+}
+
+const char *TLSInitFailed::what() {
+ msg = "TLS initialization failed.";
+ return msg.c_str();
+};
+
+const char* TLSContextInitFailed::what() {
+ msg = "TLS context initialization failed.";
+ return msg.c_str();
+};
+
+
+TLSConnectFailed::TLSConnectFailed( int errorNumber, SSL * ssl ):ConnectFailed(errorNumber),ssl(ssl){};
+
+const char *TLSConnectFailed::what(){
+
+ switch( SSL_get_error( ssl, errorNumber ) ){
+ case SSL_ERROR_NONE:
+ msg = "SSL Error: No error"; break;
+ case SSL_ERROR_ZERO_RETURN:
+ msg = "SSL Error: Connection was closed"; break;
+ case SSL_ERROR_WANT_READ:
+ msg = "SSL Error: Could not perform the read opearation on the underlying TCP connection" ; break;
+ case SSL_ERROR_WANT_WRITE:
+ msg = "SSL Error: Could not perform the write opearation on the underlying TCP connection"; break;
+ case SSL_ERROR_WANT_CONNECT:
+ msg = "SSL Error: The underlying TCP connection is not connected" ; break;
+#ifdef SSL_ERROR_WANT_ACCEPT
+ case SSL_ERROR_WANT_ACCEPT:
+ msg = "SSL Error: The underlying TCP connection is not accepted" ; break;
+#endif
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ msg = "SSL Error: Error in the X509 lookup" ; break;
+ case SSL_ERROR_SYSCALL:
+ msg = "SSL Error: I/O error" ; break;
+ case SSL_ERROR_SSL:
+ msg = "SSL Error: Error in the SSL protocol" ; break;
+ }
+ return msg.c_str();
+}
Modified: trunk/libmcrypto/source/openssl/TLSServerSocket.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/TLSServerSocket.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/source/openssl/TLSServerSocket.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -24,10 +24,12 @@
#include<config.h>
-#include<libmnetutil/TLSServerSocket.h>
+#include<libmcrypto/openssl/TLSServerSocket.h>
#ifdef WIN32
# include<winsock2.h>
+#else
+#include<sys/socket.h>
#endif
#ifndef _WIN32_WCE
Modified: trunk/libmcrypto/source/openssl/TLSSocket.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/TLSSocket.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmcrypto/source/openssl/TLSSocket.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -23,7 +23,7 @@
#include<config.h>
-#include<libmnetutil/TLSSocket.h>
+#include<libmcrypto/openssl/TLSSocket.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
@@ -43,7 +43,7 @@
#include<iostream>
-#include<libmnetutil/NetworkException.h>
+#include<libmcrypto/openssl/TLSException.h>
#include<libmutil/MemObject.h>
using namespace std;
Modified: trunk/libminisip/source/Minisip.cxx
===================================================================
--- trunk/libminisip/source/Minisip.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libminisip/source/Minisip.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -51,7 +51,6 @@
#include<libmnetutil/IP4Address.h>
#include<libmnetutil/UDPSocket.h>
#include<libmnetutil/NetworkFunctions.h>
-#include<libmnetutil/TLSServerSocket.h>
#include<libmnetutil/IP4ServerSocket.h>
#include<libmnetutil/NetUtil.h>
#include<libmnetutil/NetworkException.h>
Modified: trunk/libmnetutil/Makefile.am
===================================================================
--- trunk/libmnetutil/Makefile.am 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/Makefile.am 2006-12-11 20:56:24 UTC (rev 3011)
@@ -42,10 +42,8 @@
source/NetworkException.cxx \
source/NetworkFunctions.cxx \
source/ServerSocket.cxx \
- source/TLSServerSocket.cxx \
source/Socket.cxx \
source/TCPSocket.cxx \
- source/TLSSocket.cxx \
source/NetUtil.cxx \
source/UDPSocket.cxx \
source/DatagramSocket.cxx \
Modified: trunk/libmnetutil/configure.ac
===================================================================
--- trunk/libmnetutil/configure.ac 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/configure.ac 2006-12-11 20:56:24 UTC (rev 3011)
@@ -70,7 +70,6 @@
fi
AM_MINISIP_CHECK_LIBMUTIL([0.3.1])
-AM_MINISIP_CHECK_LIBMCRYPTO([0.3.1])
AM_MINISIP_CHECK_COMPLETE
AC_CHECK_FUNCS([poll])
Modified: trunk/libmnetutil/include/Makefile.am
===================================================================
--- trunk/libmnetutil/include/Makefile.am 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/include/Makefile.am 2006-12-11 20:56:24 UTC (rev 3011)
@@ -18,11 +18,9 @@
libmnetutil/NetworkException.h \
libmnetutil/NetworkFunctions.h \
libmnetutil/ServerSocket.h \
- libmnetutil/TLSServerSocket.h \
libmnetutil/Socket.h \
libmnetutil/StreamSocket.h \
libmnetutil/TCPSocket.h \
- libmnetutil/TLSSocket.h \
libmnetutil/NetUtil.h \
libmnetutil/UDPSocket.h \
libmnetutil/DatagramSocket.h \
Modified: trunk/libmnetutil/include/libmnetutil/NetworkException.h
===================================================================
--- trunk/libmnetutil/include/libmnetutil/NetworkException.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/include/libmnetutil/NetworkException.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -28,8 +28,6 @@
#include<string.h>
-#include<openssl/ssl.h>
-
#include<string>
#include<libmutil/Exception.h>
@@ -98,34 +96,5 @@
public:
GetSockNameFailed( int errorNumber );
};
-
-class LIBMNETUTIL_API TLSConnectFailed : public ConnectFailed{
- public:
- TLSConnectFailed( int errorNumber, SSL * ssl );
- virtual ~TLSConnectFailed() throw(){}
- virtual const char* what();
-
- private:
- SSL * ssl;
- std::string msg;
-};
-
-class LIBMNETUTIL_API TLSInitFailed : public NetworkException{
- public:
- TLSInitFailed();
- virtual ~TLSInitFailed() throw(){}
- virtual const char *what();
- private:
- std::string msg;
-};
-
-class LIBMNETUTIL_API TLSContextInitFailed : public NetworkException{
- public:
- TLSContextInitFailed();
- virtual ~TLSContextInitFailed() throw(){}
- virtual const char*what();
- private:
- std::string msg;
-};
#endif
Deleted: trunk/libmnetutil/include/libmnetutil/TLSServerSocket.h
===================================================================
--- trunk/libmnetutil/include/libmnetutil/TLSServerSocket.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/include/libmnetutil/TLSServerSocket.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -1,58 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef TLSSERVERSOCKET_H
-#define TLSSERVERSOCKET_H
-
-#include<libmnetutil/libmnetutil_config.h>
-
-#include<libmnetutil/TLSSocket.h>
-#include<libmnetutil/IP4ServerSocket.h>
-#include<libmcrypto/cert.h>
-
-class LIBMNETUTIL_API TLSServerSocket : public ServerSocket {
-
- public:
- TLSServerSocket( bool use_ipv6, int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db=NULL);
- TLSServerSocket( int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db=NULL);
- virtual std::string getMemObjectType() const {return "TLSServerSocket";}
-
- virtual MRef<StreamSocket *> accept();
-
- protected:
- virtual void init( bool use_ipv6, int32_t listen_port,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db);
-
- private:
- int32_t listen_port;
-
- SSL_CTX * ssl_ctx;
- SSL * ssl;
-
- /**
- CA db
- */
- MRef<ca_db *> cert_db;
-};
-#endif
Deleted: trunk/libmnetutil/include/libmnetutil/TLSSocket.h
===================================================================
--- trunk/libmnetutil/include/libmnetutil/TLSSocket.h 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/include/libmnetutil/TLSSocket.h 2006-12-11 20:56:24 UTC (rev 3011)
@@ -1,126 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#ifndef TLSSOCKET_H
-#define TLSSOCKET_H
-
-#include<libmnetutil/libmnetutil_config.h>
-
-#include<openssl/ssl.h>
-
-#include<libmnetutil/StreamSocket.h>
-
-#include<libmcrypto/cert.h>
-#include<libmutil/mtypes.h>
-
-#include<libmnetutil/IPAddress.h>
-
-#include<libmutil/MemObject.h>
-
-
-/**
- Various lists of ciphers. It includes the default list used,
- as well as a strong cipher list (AES+HIGH+MEDIUM:!aNULL);
- a testing list (with the null encryption ciphers).
- set this with TLSSocket::setSSLCiphers( int idx ), where
- idx = 1 is AES.HIGH.MEDIUM
- idx = 2 is TESTING
- all others DEFAULT
- */
-#define SSL_CIPHERS_DEFAULT "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5"
-#define SSL_CIPHERS_AES_HIGH_MEDIUM "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA"
-#define SSL_CIPHERS_TESTING "NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
-
-/**
- List of ciphers ... openssl ciphers 'ALL:eNULL:!LOW:!EXPORT'
- This is, all ciphers (included the null encryption ones) except the
- low security and export ones.
- eNULL ciphers are listed for testing purposes. DON't use in production environment!
-ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:\
-ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:\
-DHE-DSS-RC4-SHA:\
-EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:\
-RC4-SHA:RC4-MD5:\
-ADH-DES-CBC3-SHA:\
-ADH-RC4-MD5:\
-DES-CBC3-MD5:\
-RC2-CBC-MD5:RC4-MD5:\
-NULL-SHA:NULL-MD5
-*/
-
-//Okay - another MSVC thing. Looks like I must explicitely instantiate
-//the MRef template like this to avoid linking errors --Erik.
-//� In Microsoft Embedded VC 4.0 this causes a warning ... remove
-#ifdef _MSC_VER
-#ifndef _WIN32_WCE
-template class __declspec(dllexport) MRef<certificate*>;
-template class __declspec(dllexport) MRef<ca_db*>;
-#endif
-#endif
-
-class LIBMNETUTIL_API TLSSocket : public StreamSocket {
- public:
- TLSSocket(std::string addr, int32_t port, void * &ssl_ctx,
- MRef<certificate *> cert = NULL,
- MRef<ca_db *> cert_db=NULL );
-
- TLSSocket(IPAddress &addr, int32_t port, void * &ssl_ctx,
- MRef<certificate *> cert=NULL,
- MRef<ca_db *> cert_db=NULL );
-
- TLSSocket( MRef<StreamSocket *> sock, SSL_CTX * ssl_ctx );
-
- virtual ~TLSSocket();
-
- virtual std::string getMemObjectType() const {return "TLSSocket";};
-
- virtual int32_t write(std::string);
-
- virtual int32_t write(const void *buf, int32_t count);
-
- virtual int32_t read(void *buf, int32_t count);
- static int32_t setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx );
-
- /* Must be initialized ... now at Minisip.cxx::tls_server_thread*/
- static int8_t sslCipherListIndex;
-
- friend std::ostream& operator<<(std::ostream&, TLSSocket&);
-
- private:
- void TLSSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
- MRef<certificate *> cert, MRef<ca_db *> cert_db );
-
- MRef<StreamSocket *> sock;
-
- SSL_CTX* ssl_ctx;
-
- SSL* ssl;
-
- MRef<certificate *> peer_cert;
-
- /** CA db */
- MRef<ca_db *> cert_db;
-};
-
-TLSSocket& operator<<(TLSSocket& sock, std::string str);
-#endif
Modified: trunk/libmnetutil/m4/libmnetutil.m4
===================================================================
--- trunk/libmnetutil/m4/libmnetutil.m4 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/m4/libmnetutil.m4 2006-12-11 20:56:24 UTC (rev 3011)
@@ -34,7 +34,7 @@
# AM_MINISIP_CHECK_LIBMNETUTIL(VERSION)
# -------------------------------------
AC_DEFUN([AM_MINISIP_CHECK_LIBMNETUTIL],[
- AC_REQUIRE([AM_MINISIP_CHECK_LIBMCRYPTO]) dnl
+ AC_REQUIRE([AM_MINISIP_CHECK_LIBMUTIL]) dnl
AC_MINISIP_WITH_ARG(MNETUTIL, mnetutil, libmnetutil, $1, [REQUIRED])
AC_MINISIP_CHECK_LIBRARY(MNETUTIL, libmnetutil, libmnetutil_config.h, mnetutil)
])
Modified: trunk/libmnetutil/source/NetworkException.cxx
===================================================================
--- trunk/libmnetutil/source/NetworkException.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/source/NetworkException.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -80,54 +80,3 @@
msg = "Unknown address family: " + errorNumber;
return msg.c_str();
}
-
-
-TLSInitFailed::TLSInitFailed():NetworkException(){
-}
-
-TLSContextInitFailed::TLSContextInitFailed():NetworkException(){
-}
-
-const char *TLSInitFailed::what() {
- msg = "TLS initialization failed.";
- return msg.c_str();
-};
-
-const char* TLSContextInitFailed::what() {
- msg = "TLS context initialization failed.";
- return msg.c_str();
-};
-
-
-TLSConnectFailed::TLSConnectFailed( int errorNumber, SSL * ssl ):ConnectFailed(errorNumber),ssl(ssl){};
-
-const char *TLSConnectFailed::what(){
-
- switch( SSL_get_error( ssl, errorNumber ) ){
- case SSL_ERROR_NONE:
- msg = "SSL Error: No error"; break;
- case SSL_ERROR_ZERO_RETURN:
- msg = "SSL Error: Connection was closed"; break;
- case SSL_ERROR_WANT_READ:
- msg = "SSL Error: Could not perform the read opearation on the underlying TCP connection" ; break;
- case SSL_ERROR_WANT_WRITE:
- msg = "SSL Error: Could not perform the write opearation on the underlying TCP connection"; break;
- case SSL_ERROR_WANT_CONNECT:
- msg = "SSL Error: The underlying TCP connection is not connected" ; break;
-#ifdef SSL_ERROR_WANT_ACCEPT
- case SSL_ERROR_WANT_ACCEPT:
- msg = "SSL Error: The underlying TCP connection is not accepted" ; break;
-#endif
- case SSL_ERROR_WANT_X509_LOOKUP:
- msg = "SSL Error: Error in the X509 lookup" ; break;
- case SSL_ERROR_SYSCALL:
- msg = "SSL Error: I/O error" ; break;
- case SSL_ERROR_SSL:
- msg = "SSL Error: Error in the SSL protocol" ; break;
- }
- return msg.c_str();
-}
-
-
-
-
Deleted: trunk/libmnetutil/source/TLSServerSocket.cxx
===================================================================
--- trunk/libmnetutil/source/TLSServerSocket.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/source/TLSServerSocket.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -1,143 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-
-#include<config.h>
-
-#include<libmnetutil/TLSServerSocket.h>
-
-#ifdef WIN32
-# include<winsock2.h>
-#endif
-
-#ifndef _WIN32_WCE
-# include<openssl/err.h>
-#endif
-
-
-#include<libmutil/merror.h>
-#include<libmutil/massert.h>
-
-#ifdef DEBUG_OUTPUT
-#include<iostream>
-#endif
-
-using namespace std;
-
-#ifdef WIN32
-typedef int socklen_t;
-#endif
-
-
-TLSServerSocket::TLSServerSocket( int32_t listen_port, MRef<certificate *> cert, MRef<ca_db *> cert_db):ServerSocket(AF_INET, listen_port)
-{
- init(false, listen_port, cert, cert_db);
-}
-
-TLSServerSocket::TLSServerSocket( bool use_ipv6, int32_t listen_port,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db):ServerSocket(use_ipv6?AF_INET6:AF_INET, listen_port)
-{
- init(use_ipv6, listen_port, cert, cert_db);
-}
-
-void TLSServerSocket::init( bool use_ipv6, int32_t listen_port,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db)
-{
- int32_t backlog = 25;
- SSL_METHOD * meth;
- const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
-
- if( use_ipv6 )
- listen("::", listen_port, backlog);
- else
- listen("0.0.0.0", listen_port, backlog);
-
- SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
- meth = SSLv23_server_method();
- this->ssl_ctx = SSL_CTX_new( meth );
- this->cert_db = cert_db;
-
- if( ssl_ctx == NULL ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not initialize SSL context" << endl;
-#endif
-
- exit( 1 );
- }
-
- if( TLSSocket::sslCipherListIndex != 0 )
- TLSSocket::setSSLCTXCiphers ( this->ssl_ctx, TLSSocket::sslCipherListIndex );
- /* Set options: do not accept SSLv2*/
- SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
-
- SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
- //SSL_CTX_set_verify( ssl_ctx, SSL_VERIFY_NONE, 0);
- SSL_CTX_set_verify_depth( ssl_ctx, 5);
-
- //SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_BOTH );
- SSL_CTX_set_session_cache_mode( ssl_ctx, SSL_SESS_CACHE_SERVER );
- SSL_CTX_set_session_id_context( ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
-
- if( !cert_db.isNull() ){
- /* Use this database for the certificates check */
- SSL_CTX_set_cert_store( this->ssl_ctx, this->cert_db->get_db());
- }
-
-
- if( SSL_CTX_use_PrivateKey( ssl_ctx, cert->get_openssl_private_key() ) <= 0 ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not use the given private key" << endl;
-#endif
-
- ERR_print_errors_fp(stderr);
- exit( 1 );
- }
-
-
- if( SSL_CTX_use_certificate( ssl_ctx, cert->get_openssl_certificate() ) <= 0 ){
-#ifdef DEBUG_OUTPUT
- cerr << "Could not use the given certificate" << endl;
-#endif
-
- ERR_print_errors_fp(stderr);
- exit( 1 );
- }
-
- if( !SSL_CTX_check_private_key( ssl_ctx ) ){
-#ifdef DEBUG_OUTPUT
- cerr << "Given private key does not match the certificate"<<endl;
-#endif
-
- exit( 1 );
- }
-}
-
-MRef<StreamSocket *> TLSServerSocket::accept(){
- MRef<StreamSocket *> ssocket = ServerSocket::accept();
-
- return new TLSSocket( ssocket, ssl_ctx );
-}
-
Deleted: trunk/libmnetutil/source/TLSSocket.cxx
===================================================================
--- trunk/libmnetutil/source/TLSSocket.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/source/TLSSocket.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -1,258 +0,0 @@
-/*
- Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-/*
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-#include<config.h>
-
-#include<libmnetutil/TLSSocket.h>
-
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-#ifdef WIN32
-#include<winsock2.h>
-#elif defined HAVE_SYS_SOCKET_H
-#include<sys/types.h>
-#include<sys/socket.h>
-#endif
-
-#include<libmnetutil/IPAddress.h>
-#include<libmnetutil/TCPSocket.h>
-
-#include<iostream>
-
-#include<libmnetutil/NetworkException.h>
-#include<libmutil/MemObject.h>
-
-using namespace std;
-
-int8_t TLSSocket::sslCipherListIndex = 0; /* Set default value ... DEFAULT ciphers */
-
-
-// When created by a TLS Server
-TLSSocket::TLSSocket( MRef<StreamSocket *> tcp_socket, SSL_CTX * ssl_ctx ):
- sock(tcp_socket){
- type = SOCKET_TYPE_TLS;
- peerPort = tcp_socket->getPeerPort();
- peerAddress = tcp_socket->getPeerAddress()->clone();
-
- int error;
- // Copy the SSL parameters, since the server still needs them
- ssl = SSL_new( ssl_ctx );
- this->ssl_ctx = SSL_get_SSL_CTX( ssl );
-
- SSL_set_fd( ssl, tcp_socket->getFd() );
- fd = tcp_socket->getFd();
-
- error = SSL_accept( ssl );
- if( error <= 0 ){
- cerr << "Could not establish an incoming TLS connection" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSConnectFailed( error, ssl );
- }
-}
-
-
-TLSSocket::TLSSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db ){
- MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
- TLSSocket::TLSSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
-}
-
-TLSSocket::TLSSocket( string addr, int32_t port, void * &ssl_ctx,
- MRef<certificate *> cert,
- MRef<ca_db *> cert_db ){
- MRef<TCPSocket*> tcp_sock = new TCPSocket( addr, port );
- TLSSocket::TLSSocket_init( *tcp_sock, ssl_ctx, cert, cert_db);
-}
-
-/* Helper function ... simplify the maintenance of constructors ... */
-void TLSSocket::TLSSocket_init( MRef<StreamSocket*> ssock, void * &ssl_ctx,
- MRef<certificate *> cert, MRef<ca_db *> cert_db ){
- type = SOCKET_TYPE_TLS;
- const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
- SSLeay_add_ssl_algorithms();
- SSL_METHOD *meth = SSLv23_client_method();
- this->ssl_ctx = (SSL_CTX *)ssl_ctx;
- this->cert_db = cert_db;
- peerPort = ssock->getPeerPort();
-
- if( this->ssl_ctx == NULL ){
-#ifdef DEBUG_OUTPUT
- cerr << "Creating new SSL_CTX" << endl;
-#endif
- this->ssl_ctx = SSL_CTX_new( meth );
-
- if( this->ssl_ctx == NULL ){
- cerr << "Could not create SSL session" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSInitFailed();
- }
-
- if( sslCipherListIndex != 0 )
- setSSLCTXCiphers ( this->ssl_ctx, sslCipherListIndex );
- /* Set options: do not accept SSLv2*/
- long options = SSL_OP_NO_SSLv2 | SSL_OP_ALL;
-
-#if OPENSSL_VERSION_NUMBER >= 0x00908000
- // Disable SSL_OP_TLS_BLOCK_PADDING_BUG in 0.9.8, buggy
- options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
-#endif
- SSL_CTX_set_options(this->ssl_ctx, options);
-
- SSL_CTX_set_verify( this->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 0);
- SSL_CTX_set_verify_depth( this->ssl_ctx, 5);
-
- if( !cert.isNull() ){
- /* Add a client certificate */
- if( SSL_CTX_use_PrivateKey( this->ssl_ctx,
- cert->get_openssl_private_key() ) <= 0 ){
- cerr << "SSL: Could not use private key" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSContextInitFailed();
- }
- if( SSL_CTX_use_certificate( this->ssl_ctx,
- cert->get_openssl_certificate() ) <= 0 ){
- cerr << "SSL: Could not use certificate" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSContextInitFailed();
- }
- }
-
- if( !cert_db.isNull() ){
- /* Use this database for the certificates check */
- SSL_CTX_set_cert_store( this->ssl_ctx,
- cert_db->get_db());
- }
-
- //SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_BOTH );
- SSL_CTX_set_session_cache_mode( this->ssl_ctx, SSL_SESS_CACHE_SERVER );
- SSL_CTX_set_session_id_context( this->ssl_ctx, sid_ctx, (unsigned int)strlen( (const char *)sid_ctx ) );
-
- ssl_ctx = this->ssl_ctx;
- }
-
- sock = ssock;
- peerAddress = sock->getPeerAddress()->clone();
-
- ssl = SSL_new( this->ssl_ctx );
-
- //FIXME ... this client side cache works?? only if only one host to connect to
- if( this->ssl_ctx->session_cache_head != NULL )
- SSL_set_session( ssl, this->ssl_ctx->session_cache_head );
-
- //SSL_set_verify( this->ssl, SSL_VERIFY_PEER, NULL );
-
- SSL_set_fd( ssl, sock->getFd() );
- // FIXME
- fd = sock->getFd();
-
- int32_t err = SSL_connect( ssl );
-
- if( err <= 0 ){
- cerr << "SSL: connect failed" << endl;
- ERR_print_errors_fp(stderr);
- throw TLSConnectFailed( err, this->ssl );
- }
-
- try{
- peer_cert = new certificate( SSL_get_peer_certificate (ssl) );
- }
- catch( certificate_exception &){
- //FIXME
- cerr << "Could not get server certificate" << endl;
- peer_cert = NULL;
- }
-
-}
-
-
-TLSSocket::~TLSSocket(){
-#ifdef DEBUG_OUTPUT
- cerr << "TLS: Shutting down TLS Socket" << endl;
-#endif
- SSL_shutdown( ssl );
- SSL_free( ssl );
- //SSL_CTX_free( ssl_ctx );
- //delete tcp_socket;
- //delete peerAddress;
-}
-
-int32_t TLSSocket::write( string data ){
- return SSL_write( ssl, data.c_str(), (int)data.length() );
-}
-
-int32_t TLSSocket::write( const void *buf, int32_t count ){
- return SSL_write( ssl, buf, count );
-}
-
-TLSSocket& operator<<(TLSSocket& sock, string str){
- sock.write(str);
- return sock;
-}
-
-int32_t TLSSocket::read( void *buf, int32_t count ){
- //if( SSL_pending( ssl ) == 0 )
- // return -1;
- int ret;
- ret = SSL_read( ssl, buf, count );
- if( ret == 0 )
-// if( SSL_get_error( ssl, ret ) == SSL_ERROR_ZERO_RETURN )
- // Connection closed
- return 0;
-
-// else
-// return -1;
- else
- return ret;
-}
-
-int32_t TLSSocket::setSSLCTXCiphers ( SSL_CTX *_ctx, int8_t listIdx ) {
- char *ciphers;
-
-#ifdef DEBUG_OUTPUT
- cerr << "Modifying SSL_CTX ciphers list" << endl;
-#endif
-
- switch( listIdx ) {
- case 1:
- ciphers = SSL_CIPHERS_AES_HIGH_MEDIUM;
- break;
- case 2:
- ciphers = SSL_CIPHERS_TESTING;
- break;
- default:
- ciphers = SSL_CIPHERS_DEFAULT;
- break;
- }
- if( SSL_CTX_set_cipher_list(_ctx, ciphers) == 0 ) {
-#ifdef DEBUG_OUTPUT
- cerr << "ERROR: TLSSocket::setSSLCiphers: failed to set cipher list" << endl;
-#endif
- return 0;
- } else return 1;
-}
-
Modified: trunk/libmnetutil/tests/000_compile.cxx
===================================================================
--- trunk/libmnetutil/tests/000_compile.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmnetutil/tests/000_compile.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -13,8 +13,6 @@
#include<libmnetutil/Socket.h>
#include<libmnetutil/StreamSocket.h>
#include<libmnetutil/TCPSocket.h>
-#include<libmnetutil/TLSServerSocket.h>
-#include<libmnetutil/TLSSocket.h>
#include<libmnetutil/UDPSocket.h>
int main(int argc, char *argv[]) { }
Modified: trunk/libmsip/source/SipDialogConfig.cxx
===================================================================
--- trunk/libmsip/source/SipDialogConfig.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmsip/source/SipDialogConfig.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -85,7 +85,7 @@
uri.setPort(port);
}
- // Lose router
+ // Loose router
uri.setParameter( "lr", "true" );
}
Modified: trunk/libmsip/source/SipLayerTransport.cxx
===================================================================
--- trunk/libmsip/source/SipLayerTransport.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmsip/source/SipLayerTransport.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -44,7 +44,7 @@
#include<libmsip/SipHeaderContact.h>
#include<libmsip/SipHeaderTo.h>
-#include<libmnetutil/TLSSocket.h>
+#include<libmcrypto/TLSSocket.h>
#include<libmnetutil/ServerSocket.h>
#include<libmnetutil/NetworkException.h>
#include<libmnetutil/NetworkFunctions.h>
Modified: trunk/libmsip/source/SipStackInternal.cxx
===================================================================
--- trunk/libmsip/source/SipStackInternal.cxx 2006-12-11 20:06:31 UTC (rev 3010)
+++ trunk/libmsip/source/SipStackInternal.cxx 2006-12-11 20:56:24 UTC (rev 3011)
@@ -64,7 +64,7 @@
#include<libmsip/SipHeaderWWWAuthenticate.h>
#include<libmsip/SipCommandString.h>
#include<libmnetutil/UDPSocket.h>
-#include<libmnetutil/TLSServerSocket.h>
+#include<libmcrypto/TLSServerSocket.h>
#include<libmutil/massert.h>
More information about the Minisip-devel
mailing list