pjsip logo pjsip.org
Open source SIP stack and media stack for presence, im/instant messaging, and multimedia communication

HOME

SIP/media Features
High Performance SIP
Small Footprint SIP
Symbian Port

FAQ

Documentation

Licensing

Download

Development (Trac)

Projects using pjsip

Mailing List

Open Source Links

About: PJLIB, PJLIB-UTIL, PJSIP, and PJMEDIA are created by: Benny Prijono
<bennylp@pjsip.org>

 

Home --> Documentations --> PJSIP Reference

pjsip_tls_setting Struct Reference
[TLS Transport]

#include <sip_transport_tls.h>

Detailed Description

TLS transport settings.

Data Fields

pj_str_t ca_list_file
pj_str_t cert_file
pj_str_t privkey_file
pj_str_t password
int method
pj_str_t ciphers
pj_str_t server_name
pj_bool_t verify_server
pj_bool_t verify_client
pj_bool_t require_client_cert
pj_time_val timeout

Field Documentation

pj_str_t pjsip_tls_setting::ca_list_file

Certificate of Authority (CA) list file.

pj_str_t pjsip_tls_setting::cert_file

Public endpoint certificate file, which will be used as client- side certificate for outgoing TLS connection, and server-side certificate for incoming TLS connection.

pj_str_t pjsip_tls_setting::privkey_file

Optional private key of the endpoint certificate to be used.

pj_str_t pjsip_tls_setting::password

Password to open private key.

int pjsip_tls_setting::method

TLS protocol method from pjsip_ssl_method, which can be:

  • PJSIP_SSL_UNSPECIFIED_METHOD(0): default (which will use PJSIP_SSL_DEFAULT_METHOD)
  • PJSIP_TLSV1_METHOD(1): TLSv1
  • PJSIP_SSLV2_METHOD(2): SSLv2
  • PJSIP_SSLV3_METHOD(3): SSL3
  • PJSIP_SSLV23_METHOD(23): SSL23

Default is PJSIP_SSL_UNSPECIFIED_METHOD (0), which in turn will use PJSIP_SSL_DEFAULT_METHOD, which default value is PJSIP_TLSV1_METHOD.

pj_str_t pjsip_tls_setting::ciphers

TLS cipher list string in OpenSSL format. If empty, then default cipher list of the backend will be used.

pj_str_t pjsip_tls_setting::server_name

Optionally specify the server name instance to be contacted when making outgoing TLS connection. This setting is useful when the server is hosting multiple domains for the same TLS listening socket.

Default: empty.

pj_bool_t pjsip_tls_setting::verify_server

When PJSIP is acting as a client (outgoing TLS connections), it will always receive a certificate from the peer. If verify_server is disabled (set to zero), PJSIP will not verifiy the certificate and allows TLS connections to servers which do not present a valid certificate. If tls_verify_server is non-zero, PJSIP verifies the server certificate and will close the TLS connection if the server certificate is not valid.

This setting corresponds to OpenSSL SSL_VERIFY_PEER flag. Default value is zero.

pj_bool_t pjsip_tls_setting::verify_client

When acting as server (incoming TLS connections), setting verify_client to non-zero will cause the transport to activate peer verification upon receiving incoming TLS connection.

This setting corresponds to OpenSSL SSL_VERIFY_PEER flag. Default value is zero.

pj_bool_t pjsip_tls_setting::require_client_cert

When acting as server (incoming TLS connections), reject inocming connection if client doesn't have a valid certificate.

This setting corresponds to SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. Default value is zero.

pj_time_val pjsip_tls_setting::timeout

TLS negotiation timeout to be applied for both outgoing and incoming connection. If both sec and msec member is set to zero, the SSL negotiation doesn't have a timeout.

The documentation for this struct was generated from the following file:

 

PJSIP Open Source, high performance, small footprint, and very very portable SIP stack
(C)2003-2008 Benny Prijono