BLOG | DOCUMENTATION | TRAC

Home --> Documentations --> PJSIP Reference

pjsip_tls_setting Struct Reference

#include <sip_transport_tls.h>

Data Fields

pj_str_t ca_list_file
 
pj_str_t ca_list_path
 
pj_str_t cert_file
 
pj_str_t privkey_file
 
pj_ssl_cert_buffer ca_buf
 
pj_ssl_cert_buffer cert_buf
 
pj_ssl_cert_buffer privkey_buf
 
pj_str_t password
 
pjsip_ssl_method method
 
pj_uint32_t proto
 
unsigned ciphers_num
 
pj_ssl_cipherciphers
 
unsigned curves_num
 
pj_ssl_curvecurves
 
pj_str_t sigalgs
 
pj_ssl_entropy_t entropy_type
 
pj_str_t entropy_path
 
pj_bool_t verify_server
 
pj_bool_t verify_client
 
pj_bool_t require_client_cert
 
pj_time_val timeout
 
pj_bool_t reuse_addr
 
pj_qos_type qos_type
 
pj_qos_params qos_params
 
pj_bool_t qos_ignore_error
 
pj_sockopt_params sockopt_params
 
pj_bool_t sockopt_ignore_error
 
void(* on_accept_fail_cb )(const pjsip_tls_on_accept_fail_param *param)
 

Detailed Description

TLS transport settings.

Field Documentation

◆ ca_list_file

pj_str_t pjsip_tls_setting::ca_list_file

Certificate of Authority (CA) list file.

Referenced by pjsip_tls_setting_copy().

◆ ca_list_path

pj_str_t pjsip_tls_setting::ca_list_path

Certificate of Authority (CA) list directory path.

Referenced by pjsip_tls_setting_copy().

◆ cert_file

pj_str_t pjsip_tls_setting::cert_file

Public endpoint certificate file, which will be used as client- side certificate for outgoing TLS connection, and server-side certificate for incoming TLS connection.

Referenced by pjsip_tls_setting_copy().

◆ privkey_file

pj_str_t pjsip_tls_setting::privkey_file

Optional private key of the endpoint certificate to be used.

Referenced by pjsip_tls_setting_copy().

◆ ca_buf

pj_ssl_cert_buffer pjsip_tls_setting::ca_buf

Certificate of Authority (CA) buffer. If ca_list_file, ca_list_path, cert_file or privkey_file are set, this setting will be ignored.

Referenced by pjsip_tls_setting_copy().

◆ cert_buf

pj_ssl_cert_buffer pjsip_tls_setting::cert_buf

Public endpoint certificate buffer, which will be used as client- side certificate for outgoing TLS connection, and server-side certificate for incoming TLS connection. If ca_list_file, ca_list_path, cert_file or privkey_file are set, this setting will be ignored.

Referenced by pjsip_tls_setting_copy().

◆ privkey_buf

pj_ssl_cert_buffer pjsip_tls_setting::privkey_buf

Optional private key buffer of the endpoint certificate to be used. If ca_list_file, ca_list_path, cert_file or privkey_file are set, this setting will be ignored.

Referenced by pjsip_tls_setting_copy().

◆ password

pj_str_t pjsip_tls_setting::password

Password to open private key.

Referenced by pjsip_tls_setting_copy().

◆ method

pjsip_ssl_method pjsip_tls_setting::method

TLS protocol method from pjsip_ssl_method. In the future, this field might be deprecated in favor of proto field. For now, this field is only applicable only when proto field is set to zero.

Default is PJSIP_SSL_UNSPECIFIED_METHOD (0), which in turn will use PJSIP_SSL_DEFAULT_METHOD, which default value is PJSIP_TLSV1_METHOD.

◆ proto

pj_uint32_t pjsip_tls_setting::proto

TLS protocol type from pj_ssl_sock_proto. Use this field to enable specific protocol type. Use bitwise OR operation to combine the protocol type.

Default is PJSIP_SSL_DEFAULT_PROTO.

Referenced by pjsip_tls_setting_default().

◆ ciphers_num

unsigned pjsip_tls_setting::ciphers_num

Number of ciphers contained in the specified cipher preference. If this is set to zero, then default cipher list of the backend will be used.

Default: 0 (zero).

Referenced by pjsip_tls_setting_copy().

◆ ciphers

pj_ssl_cipher* pjsip_tls_setting::ciphers

Ciphers and order preference. The pj_ssl_cipher_get_availables() can be used to check the available ciphers supported by backend.

Referenced by pjsip_tls_setting_copy().

◆ curves_num

unsigned pjsip_tls_setting::curves_num

Number of curves contained in the specified curve preference. If this is set to zero, then default curve list of the backend will be used.

Default: 0 (zero).

Referenced by pjsip_tls_setting_copy().

◆ curves

pj_ssl_curve* pjsip_tls_setting::curves

Curves and order preference. The pj_ssl_curve_get_availables() can be used to check the available curves supported by backend.

Referenced by pjsip_tls_setting_copy().

◆ sigalgs

pj_str_t pjsip_tls_setting::sigalgs

The supported signature algorithms. Set the sigalgs string using this form: "<DIGEST>+<ALGORITHM>:<DIGEST>+<ALGORITHM>" Digests are: "RSA", "DSA" or "ECDSA" Algorithms are: "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512" Example: "ECDSA+SHA256:RSA+SHA256"

Referenced by pjsip_tls_setting_copy().

◆ entropy_type

pj_ssl_entropy_t pjsip_tls_setting::entropy_type

Reseed random number generator. For type #PJ_SSL_ENTROPY_FILE, parameter entropy_path must be set to a file. For type #PJ_SSL_ENTROPY_EGD, parameter entropy_path must be set to a socket.

Default value is PJ_SSL_ENTROPY_NONE.

◆ entropy_path

pj_str_t pjsip_tls_setting::entropy_path

When using a file/socket for entropy #PJ_SSL_ENTROPY_EGD or #PJ_SSL_ENTROPY_FILE, entropy_path must contain the path to entropy socket/file.

Default value is an empty string.

Referenced by pjsip_tls_setting_copy().

◆ verify_server

pj_bool_t pjsip_tls_setting::verify_server

Specifies TLS transport behavior on the server TLS certificate verification result:

  • If verify_server is disabled (set to PJ_FALSE), TLS transport will just notify the application via pjsip_tp_state_callback with state PJSIP_TP_STATE_CONNECTED regardless TLS verification result.
  • If verify_server is enabled (set to PJ_TRUE), TLS transport will be shutdown and application will be notified with state PJSIP_TP_STATE_DISCONNECTED whenever there is any TLS verification error, otherwise PJSIP_TP_STATE_CONNECTED will be notified.

In any cases, application can inspect pjsip_tls_state_info in the callback to see the verification detail.

Default value is PJ_FALSE.

◆ verify_client

pj_bool_t pjsip_tls_setting::verify_client

Specifies TLS transport behavior on the client TLS certificate verification result:

  • If verify_client is disabled (set to PJ_FALSE), TLS transport will just notify the application via pjsip_tp_state_callback with state PJSIP_TP_STATE_CONNECTED regardless TLS verification result.
  • If verify_client is enabled (set to PJ_TRUE), TLS transport will be shutdown and application will be notified with state PJSIP_TP_STATE_DISCONNECTED whenever there is any TLS verification error, otherwise PJSIP_TP_STATE_CONNECTED will be notified.

In any cases, application can inspect pjsip_tls_state_info in the callback to see the verification detail.

Default value is PJ_FALSE.

◆ require_client_cert

pj_bool_t pjsip_tls_setting::require_client_cert

When acting as server (incoming TLS connections), reject inocming connection if client doesn't supply a TLS certificate.

This setting corresponds to SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. Default value is PJ_FALSE.

◆ timeout

pj_time_val pjsip_tls_setting::timeout

TLS negotiation timeout to be applied for both outgoing and incoming connection. If both sec and msec member is set to zero, the SSL negotiation doesn't have a timeout.

◆ reuse_addr

pj_bool_t pjsip_tls_setting::reuse_addr

Should SO_REUSEADDR be used for the listener socket. Default value is PJSIP_TLS_TRANSPORT_REUSEADDR.

Referenced by pjsip_tls_setting_default().

◆ qos_type

pj_qos_type pjsip_tls_setting::qos_type

QoS traffic type to be set on this transport. When application wants to apply QoS tagging to the transport, it's preferable to set this field rather than qos_param fields since this is more portable.

Default value is PJ_QOS_TYPE_BEST_EFFORT.

Referenced by pjsip_tls_setting_default().

◆ qos_params

pj_qos_params pjsip_tls_setting::qos_params

Set the low level QoS parameters to the transport. This is a lower level operation than setting the qos_type field and may not be supported on all platforms.

By default all settings in this structure are disabled.

◆ qos_ignore_error

pj_bool_t pjsip_tls_setting::qos_ignore_error

Specify if the transport should ignore any errors when setting the QoS traffic type/parameters.

Default: PJ_TRUE

Referenced by pjsip_tls_setting_default().

◆ sockopt_params

pj_sockopt_params pjsip_tls_setting::sockopt_params

Specify options to be set on the transport.

By default there is no options.

◆ sockopt_ignore_error

pj_bool_t pjsip_tls_setting::sockopt_ignore_error

Specify if the transport should ignore any errors when setting the sockopt parameters.

Default: PJ_TRUE

Referenced by pjsip_tls_setting_default().

◆ on_accept_fail_cb

void(* pjsip_tls_setting::on_accept_fail_cb) (const pjsip_tls_on_accept_fail_param *param)

Callback to be called when a accept operation of the TLS listener fails.

Parameters
paramThe parameter to the callback.

The documentation for this struct was generated from the following file:

 


PJSIP Open Source, high performance, small footprint, and very very portable SIP stack
Copyright (C) 2006-2008 Teluu Inc.