1
/* $Id: sip_transport_tls.c 4146 2012-05-30 06:35:59Z nanang $ */
3
* Copyright (C) 2009-2011 Teluu Inc. (http://www.teluu.com)
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License as published by
7
* the Free Software Foundation; either version 2 of the License, or
8
* (at your option) any later version.
10
* This program is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
* GNU General Public License for more details.
15
* You should have received a copy of the GNU General Public License
16
* along with this program; if not, write to the Free Software
17
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20
#include <pjsip/sip_transport_tls.h>
21
#include <pjsip/sip_endpoint.h>
22
#include <pjsip/sip_errno.h>
23
#include <pj/compat/socket.h>
24
#include <pj/addr_resolv.h>
25
#include <pj/ssl_sock.h>
26
#include <pj/assert.h>
32
#include <pj/string.h>
34
#if defined(PJSIP_HAS_TLS_TRANSPORT) && PJSIP_HAS_TLS_TRANSPORT!=0
36
#define THIS_FILE "sip_transport_tls.c"
38
#define MAX_ASYNC_CNT 16
39
#define POOL_LIS_INIT 512
40
#define POOL_LIS_INC 512
41
#define POOL_TP_INIT 512
42
#define POOL_TP_INC 512
48
* Definition of TLS/SSL transport listener, and it's descendant of
53
pjsip_tpfactory factory;
54
pj_bool_t is_registered;
55
pjsip_endpoint *endpt;
59
pjsip_tls_setting tls_setting;
64
* This structure is used to keep delayed transmit operation in a list.
65
* A delayed transmission occurs when application sends tx_data when
66
* the TLS connect/establishment is still in progress. These delayed
67
* transmission will be "flushed" once the socket is connected (either
68
* successfully or with errors).
72
PJ_DECL_LIST_MEMBER(struct delayed_tdata);
73
pjsip_tx_data_op_key *tdata_op_key;
78
* TLS/SSL transport, and it's descendant of pjsip_transport.
86
pj_bool_t is_registered;
88
pj_status_t close_reason;
90
pj_bool_t has_pending_connect;
91
pj_bool_t verify_server;
93
/* Keep-alive timer. */
94
pj_timer_entry ka_timer;
95
pj_time_val last_activity;
96
pjsip_tx_data_op_key ka_op_key;
99
/* TLS transport can only have one rdata!
100
* Otherwise chunks of incoming PDU may be received on different
105
/* Pending transmission list. */
106
struct delayed_tdata delayed_list;
110
/****************************************************************************
114
/* This callback is called when pending accept() operation completes. */
115
static pj_bool_t on_accept_complete(pj_ssl_sock_t *ssock,
116
pj_ssl_sock_t *new_ssock,
117
const pj_sockaddr_t *src_addr,
120
/* Callback on incoming data */
121
static pj_bool_t on_data_read(pj_ssl_sock_t *ssock,
125
pj_size_t *remainder);
127
/* Callback when packet is sent */
128
static pj_bool_t on_data_sent(pj_ssl_sock_t *ssock,
129
pj_ioqueue_op_key_t *send_key,
132
/* This callback is called by transport manager to destroy listener */
133
static pj_status_t lis_destroy(pjsip_tpfactory *factory);
135
/* This callback is called by transport manager to create transport */
136
static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
138
pjsip_endpoint *endpt,
139
const pj_sockaddr *rem_addr,
141
pjsip_tx_data *tdata,
142
pjsip_transport **transport);
144
/* Common function to create and initialize transport */
145
static pj_status_t tls_create(struct tls_listener *listener,
147
pj_ssl_sock_t *ssock,
149
const pj_sockaddr_in *local,
150
const pj_sockaddr_in *remote,
151
const pj_str_t *remote_name,
152
struct tls_transport **p_tls);
155
static void tls_perror(const char *sender, const char *title,
158
char errmsg[PJ_ERR_MSG_SIZE];
160
pj_strerror(status, errmsg, sizeof(errmsg));
162
PJ_LOG(1,(sender, "%s: %s [code=%d]", title, errmsg, status));
166
static void sockaddr_to_host_port( pj_pool_t *pool,
167
pjsip_host_port *host_port,
168
const pj_sockaddr_in *addr )
170
host_port->host.ptr = (char*) pj_pool_alloc(pool, PJ_INET6_ADDRSTRLEN+4);
171
pj_sockaddr_print(addr, host_port->host.ptr, PJ_INET6_ADDRSTRLEN+4, 2);
172
host_port->host.slen = pj_ansi_strlen(host_port->host.ptr);
173
host_port->port = pj_sockaddr_get_port(addr);
177
static void tls_init_shutdown(struct tls_transport *tls, pj_status_t status)
179
pjsip_tp_state_callback state_cb;
181
if (tls->close_reason == PJ_SUCCESS)
182
tls->close_reason = status;
184
if (tls->base.is_shutdown)
187
/* Prevent immediate transport destroy by application, as transport
188
* state notification callback may be stacked and transport instance
189
* must remain valid at any point in the callback.
191
pjsip_transport_add_ref(&tls->base);
193
/* Notify application of transport disconnected state */
194
state_cb = pjsip_tpmgr_get_state_cb(tls->base.tpmgr);
196
pjsip_transport_state_info state_info;
197
pjsip_tls_state_info tls_info;
198
pj_ssl_sock_info ssl_info;
200
/* Init transport state info */
201
pj_bzero(&state_info, sizeof(state_info));
202
state_info.status = tls->close_reason;
205
pj_ssl_sock_get_info(tls->ssock, &ssl_info) == PJ_SUCCESS)
207
pj_bzero(&tls_info, sizeof(tls_info));
208
tls_info.ssl_sock_info = &ssl_info;
209
state_info.ext_info = &tls_info;
212
(*state_cb)(&tls->base, PJSIP_TP_STATE_DISCONNECTED, &state_info);
215
/* We can not destroy the transport since high level objects may
216
* still keep reference to this transport. So we can only
217
* instruct transport manager to gracefully start the shutdown
218
* procedure for this transport.
220
pjsip_transport_shutdown(&tls->base);
222
/* Now, it is ok to destroy the transport. */
223
pjsip_transport_dec_ref(&tls->base);
227
/****************************************************************************
228
* The TLS listener/transport factory.
232
* This is the public API to create, initialize, register, and start the
235
PJ_DEF(pj_status_t) pjsip_tls_transport_start (pjsip_endpoint *endpt,
236
const pjsip_tls_setting *opt,
237
const pj_sockaddr_in *local,
238
const pjsip_host_port *a_name,
240
pjsip_tpfactory **p_factory)
243
struct tls_listener *listener;
244
pj_ssl_sock_param ssock_param;
245
pj_sockaddr_in *listener_addr;
246
pj_bool_t has_listener;
250
PJ_ASSERT_RETURN(endpt && async_cnt, PJ_EINVAL);
252
/* Verify that address given in a_name (if any) is valid */
253
if (a_name && a_name->host.slen) {
256
status = pj_sockaddr_in_init(&tmp, &a_name->host,
257
(pj_uint16_t)a_name->port);
258
if (status != PJ_SUCCESS || tmp.sin_addr.s_addr == PJ_INADDR_ANY ||
259
tmp.sin_addr.s_addr == PJ_INADDR_NONE)
261
/* Invalid address */
266
pool = pjsip_endpt_create_pool(endpt, "tlslis", POOL_LIS_INIT,
268
PJ_ASSERT_RETURN(pool, PJ_ENOMEM);
270
listener = PJ_POOL_ZALLOC_T(pool, struct tls_listener);
271
listener->factory.pool = pool;
272
listener->factory.type = PJSIP_TRANSPORT_TLS;
273
listener->factory.type_name = "tls";
274
listener->factory.flag =
275
pjsip_transport_get_flag_from_type(PJSIP_TRANSPORT_TLS);
277
pj_ansi_strcpy(listener->factory.obj_name, "tlslis");
280
pjsip_tls_setting_copy(pool, &listener->tls_setting, opt);
282
pjsip_tls_setting_default(&listener->tls_setting);
284
status = pj_lock_create_recursive_mutex(pool, "tlslis",
285
&listener->factory.lock);
286
if (status != PJ_SUCCESS)
289
if (async_cnt > MAX_ASYNC_CNT)
290
async_cnt = MAX_ASYNC_CNT;
292
/* Build SSL socket param */
293
pj_ssl_sock_param_default(&ssock_param);
294
ssock_param.cb.on_accept_complete = &on_accept_complete;
295
ssock_param.cb.on_data_read = &on_data_read;
296
ssock_param.cb.on_data_sent = &on_data_sent;
297
ssock_param.async_cnt = async_cnt;
298
ssock_param.ioqueue = pjsip_endpt_get_ioqueue(endpt);
299
ssock_param.require_client_cert = listener->tls_setting.require_client_cert;
300
ssock_param.timeout = listener->tls_setting.timeout;
301
ssock_param.user_data = listener;
302
ssock_param.verify_peer = PJ_FALSE; /* avoid SSL socket closing the socket
303
* due to verification error */
304
if (ssock_param.send_buffer_size < PJSIP_MAX_PKT_LEN)
305
ssock_param.send_buffer_size = PJSIP_MAX_PKT_LEN;
306
if (ssock_param.read_buffer_size < PJSIP_MAX_PKT_LEN)
307
ssock_param.read_buffer_size = PJSIP_MAX_PKT_LEN;
308
ssock_param.ciphers_num = listener->tls_setting.ciphers_num;
309
ssock_param.ciphers = listener->tls_setting.ciphers;
310
ssock_param.qos_type = listener->tls_setting.qos_type;
311
ssock_param.qos_ignore_error = listener->tls_setting.qos_ignore_error;
312
pj_memcpy(&ssock_param.qos_params, &listener->tls_setting.qos_params,
313
sizeof(ssock_param.qos_params));
315
has_listener = PJ_FALSE;
317
switch(listener->tls_setting.method) {
318
case PJSIP_TLSV1_METHOD:
319
ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
321
case PJSIP_SSLV2_METHOD:
322
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
324
case PJSIP_SSLV3_METHOD:
325
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
327
case PJSIP_SSLV23_METHOD:
328
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL23;
331
ssock_param.proto = PJ_SSL_SOCK_PROTO_DEFAULT;
335
/* Create SSL socket */
336
status = pj_ssl_sock_create(pool, &ssock_param, &listener->ssock);
337
if (status != PJ_SUCCESS)
340
listener_addr = (pj_sockaddr_in*)&listener->factory.local_addr;
342
pj_sockaddr_cp((pj_sockaddr_t*)listener_addr,
343
(const pj_sockaddr_t*)local);
345
pj_sockaddr_in_init(listener_addr, NULL, 0);
348
/* Check if certificate/CA list for SSL socket is set */
349
if (listener->tls_setting.cert_file.slen ||
350
listener->tls_setting.ca_list_file.slen)
352
status = pj_ssl_cert_load_from_files(pool,
353
&listener->tls_setting.ca_list_file,
354
&listener->tls_setting.cert_file,
355
&listener->tls_setting.privkey_file,
356
&listener->tls_setting.password,
358
if (status != PJ_SUCCESS)
361
status = pj_ssl_sock_set_certificate(listener->ssock, pool,
363
if (status != PJ_SUCCESS)
367
/* Start accepting incoming connections. Note that some TLS/SSL backends
368
* may not support for SSL socket server.
370
has_listener = PJ_FALSE;
372
status = pj_ssl_sock_start_accept(listener->ssock, pool,
373
(pj_sockaddr_t*)listener_addr,
374
pj_sockaddr_get_len((pj_sockaddr_t*)listener_addr));
375
if (status == PJ_SUCCESS || status == PJ_EPENDING) {
376
pj_ssl_sock_info info;
377
has_listener = PJ_TRUE;
379
/* Retrieve the bound address */
380
status = pj_ssl_sock_get_info(listener->ssock, &info);
381
if (status == PJ_SUCCESS)
382
pj_sockaddr_cp(listener_addr, (pj_sockaddr_t*)&info.local_addr);
383
} else if (status != PJ_ENOTSUP) {
387
/* If published host/IP is specified, then use that address as the
388
* listener advertised address.
390
if (a_name && a_name->host.slen) {
391
/* Copy the address */
392
listener->factory.addr_name = *a_name;
393
pj_strdup(listener->factory.pool, &listener->factory.addr_name.host,
395
listener->factory.addr_name.port = a_name->port;
398
/* No published address is given, use the bound address */
400
/* If the address returns 0.0.0.0, use the default
401
* interface address as the transport's address.
403
if (listener_addr->sin_addr.s_addr == 0) {
406
status = pj_gethostip(pj_AF_INET(), &hostip);
407
if (status != PJ_SUCCESS)
410
listener_addr->sin_addr.s_addr = hostip.ipv4.sin_addr.s_addr;
413
/* Save the address name */
414
sockaddr_to_host_port(listener->factory.pool,
415
&listener->factory.addr_name, listener_addr);
418
/* If port is zero, get the bound port */
419
if (listener->factory.addr_name.port == 0) {
420
listener->factory.addr_name.port = pj_ntohs(listener_addr->sin_port);
423
pj_ansi_snprintf(listener->factory.obj_name,
424
sizeof(listener->factory.obj_name),
425
"tlslis:%d", listener->factory.addr_name.port);
427
/* Register to transport manager */
428
listener->endpt = endpt;
429
listener->tpmgr = pjsip_endpt_get_tpmgr(endpt);
430
listener->factory.create_transport2 = lis_create_transport;
431
listener->factory.destroy = lis_destroy;
432
listener->is_registered = PJ_TRUE;
433
status = pjsip_tpmgr_register_tpfactory(listener->tpmgr,
435
if (status != PJ_SUCCESS) {
436
listener->is_registered = PJ_FALSE;
441
PJ_LOG(4,(listener->factory.obj_name,
442
"SIP TLS listener is ready for incoming connections "
444
(int)listener->factory.addr_name.host.slen,
445
listener->factory.addr_name.host.ptr,
446
listener->factory.addr_name.port));
448
PJ_LOG(4,(listener->factory.obj_name, "SIP TLS is ready "
452
/* Return the pointer to user */
453
if (p_factory) *p_factory = &listener->factory;
458
lis_destroy(&listener->factory);
463
/* This callback is called by transport manager to destroy listener */
464
static pj_status_t lis_destroy(pjsip_tpfactory *factory)
466
struct tls_listener *listener = (struct tls_listener *)factory;
468
if (listener->is_registered) {
469
pjsip_tpmgr_unregister_tpfactory(listener->tpmgr, &listener->factory);
470
listener->is_registered = PJ_FALSE;
473
if (listener->ssock) {
474
pj_ssl_sock_close(listener->ssock);
475
listener->ssock = NULL;
478
if (listener->factory.lock) {
479
pj_lock_destroy(listener->factory.lock);
480
listener->factory.lock = NULL;
483
if (listener->factory.pool) {
484
pj_pool_t *pool = listener->factory.pool;
486
PJ_LOG(4,(listener->factory.obj_name, "SIP TLS listener destroyed"));
488
listener->factory.pool = NULL;
489
pj_pool_release(pool);
496
/***************************************************************************/
504
/* Called by transport manager to send message */
505
static pj_status_t tls_send_msg(pjsip_transport *transport,
506
pjsip_tx_data *tdata,
507
const pj_sockaddr_t *rem_addr,
510
pjsip_transport_callback callback);
512
/* Called by transport manager to shutdown */
513
static pj_status_t tls_shutdown(pjsip_transport *transport);
515
/* Called by transport manager to destroy transport */
516
static pj_status_t tls_destroy_transport(pjsip_transport *transport);
518
/* Utility to destroy transport */
519
static pj_status_t tls_destroy(pjsip_transport *transport,
522
/* Callback when connect completes */
523
static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,
526
/* TLS keep-alive timer callback */
527
static void tls_keep_alive_timer(pj_timer_heap_t *th, pj_timer_entry *e);
530
* Common function to create TLS transport, called when pending accept() and
531
* pending connect() complete.
533
static pj_status_t tls_create( struct tls_listener *listener,
535
pj_ssl_sock_t *ssock,
537
const pj_sockaddr_in *local,
538
const pj_sockaddr_in *remote,
539
const pj_str_t *remote_name,
540
struct tls_transport **p_tls)
542
struct tls_transport *tls;
543
const pj_str_t ka_pkt = PJSIP_TLS_KEEP_ALIVE_DATA;
547
PJ_ASSERT_RETURN(listener && ssock && local && remote && p_tls, PJ_EINVAL);
551
pool = pjsip_endpt_create_pool(listener->endpt, "tls",
552
POOL_TP_INIT, POOL_TP_INC);
553
PJ_ASSERT_RETURN(pool != NULL, PJ_ENOMEM);
557
* Create and initialize basic transport structure.
559
tls = PJ_POOL_ZALLOC_T(pool, struct tls_transport);
560
tls->is_server = is_server;
561
tls->verify_server = listener->tls_setting.verify_server;
562
pj_list_init(&tls->delayed_list);
563
tls->base.pool = pool;
565
pj_ansi_snprintf(tls->base.obj_name, PJ_MAX_OBJ_NAME,
566
(is_server ? "tlss%p" :"tlsc%p"), tls);
568
status = pj_atomic_create(pool, 0, &tls->base.ref_cnt);
569
if (status != PJ_SUCCESS) {
573
status = pj_lock_create_recursive_mutex(pool, "tls", &tls->base.lock);
574
if (status != PJ_SUCCESS) {
579
pj_strdup(pool, &tls->remote_name, remote_name);
581
tls->base.key.type = PJSIP_TRANSPORT_TLS;
582
pj_memcpy(&tls->base.key.rem_addr, remote, sizeof(pj_sockaddr_in));
583
tls->base.type_name = "tls";
584
tls->base.flag = pjsip_transport_get_flag_from_type(PJSIP_TRANSPORT_TLS);
586
tls->base.info = (char*) pj_pool_alloc(pool, 64);
587
pj_ansi_snprintf(tls->base.info, 64, "TLS to %s:%d",
588
pj_inet_ntoa(remote->sin_addr),
589
(int)pj_ntohs(remote->sin_port));
591
tls->base.addr_len = sizeof(pj_sockaddr_in);
592
tls->base.dir = is_server? PJSIP_TP_DIR_INCOMING : PJSIP_TP_DIR_OUTGOING;
594
/* Set initial local address */
595
if (!pj_sockaddr_has_addr(local)) {
596
pj_sockaddr_cp(&tls->base.local_addr,
597
&listener->factory.local_addr);
599
pj_sockaddr_cp(&tls->base.local_addr, local);
602
sockaddr_to_host_port(pool, &tls->base.local_name,
603
(pj_sockaddr_in*)&tls->base.local_addr);
604
if (tls->remote_name.slen) {
605
tls->base.remote_name.host = tls->remote_name;
606
tls->base.remote_name.port = pj_sockaddr_in_get_port(remote);
608
sockaddr_to_host_port(pool, &tls->base.remote_name, remote);
611
tls->base.endpt = listener->endpt;
612
tls->base.tpmgr = listener->tpmgr;
613
tls->base.send_msg = &tls_send_msg;
614
tls->base.do_shutdown = &tls_shutdown;
615
tls->base.destroy = &tls_destroy_transport;
619
/* Register transport to transport manager */
620
status = pjsip_transport_register(listener->tpmgr, &tls->base);
621
if (status != PJ_SUCCESS) {
625
tls->is_registered = PJ_TRUE;
627
/* Initialize keep-alive timer */
628
tls->ka_timer.user_data = (void*)tls;
629
tls->ka_timer.cb = &tls_keep_alive_timer;
630
pj_ioqueue_op_key_init(&tls->ka_op_key.key, sizeof(pj_ioqueue_op_key_t));
631
pj_strdup(tls->base.pool, &tls->ka_pkt, &ka_pkt);
633
/* Done setting up basic transport. */
636
PJ_LOG(4,(tls->base.obj_name, "TLS %s transport created",
637
(tls->is_server ? "server" : "client")));
642
tls_destroy(&tls->base, status);
647
/* Flush all delayed transmision once the socket is connected. */
648
static void tls_flush_pending_tx(struct tls_transport *tls)
650
pj_lock_acquire(tls->base.lock);
651
while (!pj_list_empty(&tls->delayed_list)) {
652
struct delayed_tdata *pending_tx;
653
pjsip_tx_data *tdata;
654
pj_ioqueue_op_key_t *op_key;
658
pending_tx = tls->delayed_list.next;
659
pj_list_erase(pending_tx);
661
tdata = pending_tx->tdata_op_key->tdata;
662
op_key = (pj_ioqueue_op_key_t*)pending_tx->tdata_op_key;
665
size = tdata->buf.cur - tdata->buf.start;
666
status = pj_ssl_sock_send(tls->ssock, op_key, tdata->buf.start,
669
if (status != PJ_EPENDING) {
670
on_data_sent(tls->ssock, op_key, size);
673
pj_lock_release(tls->base.lock);
677
/* Called by transport manager to destroy transport */
678
static pj_status_t tls_destroy_transport(pjsip_transport *transport)
680
struct tls_transport *tls = (struct tls_transport*)transport;
682
/* Transport would have been unregistered by now since this callback
683
* is called by transport manager.
685
tls->is_registered = PJ_FALSE;
687
return tls_destroy(transport, tls->close_reason);
691
/* Destroy TLS transport */
692
static pj_status_t tls_destroy(pjsip_transport *transport,
695
struct tls_transport *tls = (struct tls_transport*)transport;
697
if (tls->close_reason == 0)
698
tls->close_reason = reason;
700
if (tls->is_registered) {
701
tls->is_registered = PJ_FALSE;
702
pjsip_transport_destroy(transport);
704
/* pjsip_transport_destroy will recursively call this function
710
/* Mark transport as closing */
711
tls->is_closing = PJ_TRUE;
713
/* Stop keep-alive timer. */
714
if (tls->ka_timer.id) {
715
pjsip_endpt_cancel_timer(tls->base.endpt, &tls->ka_timer);
716
tls->ka_timer.id = PJ_FALSE;
719
/* Cancel all delayed transmits */
720
while (!pj_list_empty(&tls->delayed_list)) {
721
struct delayed_tdata *pending_tx;
722
pj_ioqueue_op_key_t *op_key;
724
pending_tx = tls->delayed_list.next;
725
pj_list_erase(pending_tx);
727
op_key = (pj_ioqueue_op_key_t*)pending_tx->tdata_op_key;
729
on_data_sent(tls->ssock, op_key, -reason);
732
if (tls->rdata.tp_info.pool) {
733
pj_pool_release(tls->rdata.tp_info.pool);
734
tls->rdata.tp_info.pool = NULL;
738
pj_ssl_sock_close(tls->ssock);
741
if (tls->base.lock) {
742
pj_lock_destroy(tls->base.lock);
743
tls->base.lock = NULL;
746
if (tls->base.ref_cnt) {
747
pj_atomic_destroy(tls->base.ref_cnt);
748
tls->base.ref_cnt = NULL;
751
if (tls->base.pool) {
754
if (reason != PJ_SUCCESS) {
755
char errmsg[PJ_ERR_MSG_SIZE];
757
pj_strerror(reason, errmsg, sizeof(errmsg));
758
PJ_LOG(4,(tls->base.obj_name,
759
"TLS transport destroyed with reason %d: %s",
764
PJ_LOG(4,(tls->base.obj_name,
765
"TLS transport destroyed normally"));
769
pool = tls->base.pool;
770
tls->base.pool = NULL;
771
pj_pool_release(pool);
779
* This utility function creates receive data buffers and start
780
* asynchronous recv() operations from the socket. It is called after
781
* accept() or connect() operation complete.
783
static pj_status_t tls_start_read(struct tls_transport *tls)
787
pj_sockaddr_in *rem_addr;
792
pool = pjsip_endpt_create_pool(tls->base.endpt,
794
PJSIP_POOL_RDATA_LEN,
795
PJSIP_POOL_RDATA_INC);
797
tls_perror(tls->base.obj_name, "Unable to create pool", PJ_ENOMEM);
801
tls->rdata.tp_info.pool = pool;
803
tls->rdata.tp_info.transport = &tls->base;
804
tls->rdata.tp_info.tp_data = tls;
805
tls->rdata.tp_info.op_key.rdata = &tls->rdata;
806
pj_ioqueue_op_key_init(&tls->rdata.tp_info.op_key.op_key,
807
sizeof(pj_ioqueue_op_key_t));
809
tls->rdata.pkt_info.src_addr = tls->base.key.rem_addr;
810
tls->rdata.pkt_info.src_addr_len = sizeof(pj_sockaddr_in);
811
rem_addr = (pj_sockaddr_in*) &tls->base.key.rem_addr;
812
pj_ansi_strcpy(tls->rdata.pkt_info.src_name,
813
pj_inet_ntoa(rem_addr->sin_addr));
814
tls->rdata.pkt_info.src_port = pj_ntohs(rem_addr->sin_port);
816
size = sizeof(tls->rdata.pkt_info.packet);
817
readbuf[0] = tls->rdata.pkt_info.packet;
818
status = pj_ssl_sock_start_read2(tls->ssock, tls->base.pool, size,
820
if (status != PJ_SUCCESS && status != PJ_EPENDING) {
821
PJ_LOG(4, (tls->base.obj_name,
822
"pj_ssl_sock_start_read() error, status=%d",
831
/* This callback is called by transport manager for the TLS factory
832
* to create outgoing transport to the specified destination.
834
static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
836
pjsip_endpoint *endpt,
837
const pj_sockaddr *rem_addr,
839
pjsip_tx_data *tdata,
840
pjsip_transport **p_transport)
842
struct tls_listener *listener;
843
struct tls_transport *tls;
845
pj_ssl_sock_t *ssock;
846
pj_ssl_sock_param ssock_param;
847
pj_sockaddr_in local_addr;
848
pj_str_t remote_name;
852
PJ_ASSERT_RETURN(factory && mgr && endpt && rem_addr &&
853
addr_len && p_transport, PJ_EINVAL);
855
/* Check that address is a sockaddr_in */
856
PJ_ASSERT_RETURN(rem_addr->addr.sa_family == pj_AF_INET() &&
857
addr_len == sizeof(pj_sockaddr_in), PJ_EINVAL);
860
listener = (struct tls_listener*)factory;
862
pool = pjsip_endpt_create_pool(listener->endpt, "tls",
863
POOL_TP_INIT, POOL_TP_INC);
864
PJ_ASSERT_RETURN(pool != NULL, PJ_ENOMEM);
866
/* Get remote host name from tdata */
868
remote_name = tdata->dest_info.name;
870
pj_bzero(&remote_name, sizeof(remote_name));
872
/* Build SSL socket param */
873
pj_ssl_sock_param_default(&ssock_param);
874
ssock_param.cb.on_connect_complete = &on_connect_complete;
875
ssock_param.cb.on_data_read = &on_data_read;
876
ssock_param.cb.on_data_sent = &on_data_sent;
877
ssock_param.async_cnt = 1;
878
ssock_param.ioqueue = pjsip_endpt_get_ioqueue(listener->endpt);
879
ssock_param.server_name = remote_name;
880
ssock_param.timeout = listener->tls_setting.timeout;
881
ssock_param.user_data = NULL; /* pending, must be set later */
882
ssock_param.verify_peer = PJ_FALSE; /* avoid SSL socket closing the socket
883
* due to verification error */
884
if (ssock_param.send_buffer_size < PJSIP_MAX_PKT_LEN)
885
ssock_param.send_buffer_size = PJSIP_MAX_PKT_LEN;
886
if (ssock_param.read_buffer_size < PJSIP_MAX_PKT_LEN)
887
ssock_param.read_buffer_size = PJSIP_MAX_PKT_LEN;
888
ssock_param.ciphers_num = listener->tls_setting.ciphers_num;
889
ssock_param.ciphers = listener->tls_setting.ciphers;
890
ssock_param.qos_type = listener->tls_setting.qos_type;
891
ssock_param.qos_ignore_error = listener->tls_setting.qos_ignore_error;
892
pj_memcpy(&ssock_param.qos_params, &listener->tls_setting.qos_params,
893
sizeof(ssock_param.qos_params));
895
switch(listener->tls_setting.method) {
896
case PJSIP_TLSV1_METHOD:
897
ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
899
case PJSIP_SSLV2_METHOD:
900
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
902
case PJSIP_SSLV3_METHOD:
903
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
905
case PJSIP_SSLV23_METHOD:
906
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL23;
909
ssock_param.proto = PJ_SSL_SOCK_PROTO_DEFAULT;
913
status = pj_ssl_sock_create(pool, &ssock_param, &ssock);
914
if (status != PJ_SUCCESS)
917
/* Apply SSL certificate */
918
if (listener->cert) {
919
status = pj_ssl_sock_set_certificate(ssock, pool, listener->cert);
920
if (status != PJ_SUCCESS)
924
/* Initially set bind address to PJ_INADDR_ANY port 0 */
925
pj_sockaddr_in_init(&local_addr, NULL, 0);
927
/* Create the transport descriptor */
928
status = tls_create(listener, pool, ssock, PJ_FALSE, &local_addr,
929
(pj_sockaddr_in*)rem_addr, &remote_name, &tls);
930
if (status != PJ_SUCCESS)
933
/* Set the "pending" SSL socket user data */
934
pj_ssl_sock_set_user_data(tls->ssock, tls);
936
/* Start asynchronous connect() operation */
937
tls->has_pending_connect = PJ_TRUE;
938
status = pj_ssl_sock_start_connect(tls->ssock, tls->base.pool,
939
(pj_sockaddr_t*)&local_addr,
940
(pj_sockaddr_t*)rem_addr,
942
if (status == PJ_SUCCESS) {
943
on_connect_complete(tls->ssock, PJ_SUCCESS);
944
} else if (status != PJ_EPENDING) {
945
tls_destroy(&tls->base, status);
949
if (tls->has_pending_connect) {
950
pj_ssl_sock_info info;
952
/* Update local address, just in case local address currently set is
953
* different now that asynchronous connect() is started.
956
/* Retrieve the bound address */
957
status = pj_ssl_sock_get_info(tls->ssock, &info);
958
if (status == PJ_SUCCESS) {
959
pj_uint16_t new_port;
961
new_port = pj_sockaddr_get_port((pj_sockaddr_t*)&info.local_addr);
963
if (pj_sockaddr_has_addr((pj_sockaddr_t*)&info.local_addr)) {
964
/* Update sockaddr */
965
pj_sockaddr_cp((pj_sockaddr_t*)&tls->base.local_addr,
966
(pj_sockaddr_t*)&info.local_addr);
967
} else if (new_port && new_port != pj_sockaddr_get_port(
968
(pj_sockaddr_t*)&tls->base.local_addr))
970
/* Update port only */
971
pj_sockaddr_set_port(&tls->base.local_addr,
975
sockaddr_to_host_port(tls->base.pool, &tls->base.local_name,
976
(pj_sockaddr_in*)&tls->base.local_addr);
979
PJ_LOG(4,(tls->base.obj_name,
980
"TLS transport %.*s:%d is connecting to %.*s:%d...",
981
(int)tls->base.local_name.host.slen,
982
tls->base.local_name.host.ptr,
983
tls->base.local_name.port,
984
(int)tls->base.remote_name.host.slen,
985
tls->base.remote_name.host.ptr,
986
tls->base.remote_name.port));
990
*p_transport = &tls->base;
997
* This callback is called by SSL socket when pending accept() operation
1000
static pj_bool_t on_accept_complete(pj_ssl_sock_t *ssock,
1001
pj_ssl_sock_t *new_ssock,
1002
const pj_sockaddr_t *src_addr,
1005
struct tls_listener *listener;
1006
struct tls_transport *tls;
1007
pj_ssl_sock_info ssl_info;
1008
char addr[PJ_INET6_ADDRSTRLEN+10];
1009
pjsip_tp_state_callback state_cb;
1010
pj_bool_t is_shutdown;
1013
PJ_UNUSED_ARG(src_addr_len);
1015
listener = (struct tls_listener*) pj_ssl_sock_get_user_data(ssock);
1017
PJ_ASSERT_RETURN(new_ssock, PJ_TRUE);
1019
PJ_LOG(4,(listener->factory.obj_name,
1020
"TLS listener %.*s:%d: got incoming TLS connection "
1022
(int)listener->factory.addr_name.host.slen,
1023
listener->factory.addr_name.host.ptr,
1024
listener->factory.addr_name.port,
1025
pj_sockaddr_print(src_addr, addr, sizeof(addr), 3),
1028
/* Retrieve SSL socket info, close the socket if this is failed
1029
* as the SSL socket info availability is rather critical here.
1031
status = pj_ssl_sock_get_info(new_ssock, &ssl_info);
1032
if (status != PJ_SUCCESS) {
1033
pj_ssl_sock_close(new_ssock);
1038
* Incoming connection!
1039
* Create TLS transport for the new socket.
1041
status = tls_create( listener, NULL, new_ssock, PJ_TRUE,
1042
(const pj_sockaddr_in*)&listener->factory.local_addr,
1043
(const pj_sockaddr_in*)src_addr, NULL, &tls);
1045
if (status != PJ_SUCCESS)
1048
/* Set the "pending" SSL socket user data */
1049
pj_ssl_sock_set_user_data(new_ssock, tls);
1051
/* Prevent immediate transport destroy as application may access it
1052
* (getting info, etc) in transport state notification callback.
1054
pjsip_transport_add_ref(&tls->base);
1056
/* If there is verification error and verification is mandatory, shutdown
1057
* and destroy the transport.
1059
if (ssl_info.verify_status && listener->tls_setting.verify_client) {
1060
if (tls->close_reason == PJ_SUCCESS)
1061
tls->close_reason = PJSIP_TLS_ECERTVERIF;
1062
pjsip_transport_shutdown(&tls->base);
1065
/* Notify transport state to application */
1066
state_cb = pjsip_tpmgr_get_state_cb(tls->base.tpmgr);
1068
pjsip_transport_state_info state_info;
1069
pjsip_tls_state_info tls_info;
1070
pjsip_transport_state tp_state;
1072
/* Init transport state info */
1073
pj_bzero(&tls_info, sizeof(tls_info));
1074
pj_bzero(&state_info, sizeof(state_info));
1075
tls_info.ssl_sock_info = &ssl_info;
1076
state_info.ext_info = &tls_info;
1078
/* Set transport state based on verification status */
1079
if (ssl_info.verify_status && listener->tls_setting.verify_client)
1081
tp_state = PJSIP_TP_STATE_DISCONNECTED;
1082
state_info.status = PJSIP_TLS_ECERTVERIF;
1084
tp_state = PJSIP_TP_STATE_CONNECTED;
1085
state_info.status = PJ_SUCCESS;
1088
(*state_cb)(&tls->base, tp_state, &state_info);
1091
/* Release transport reference. If transport is shutting down, it may
1092
* get destroyed here.
1094
is_shutdown = tls->base.is_shutdown;
1095
pjsip_transport_dec_ref(&tls->base);
1100
status = tls_start_read(tls);
1101
if (status != PJ_SUCCESS) {
1102
PJ_LOG(3,(tls->base.obj_name, "New transport cancelled"));
1103
tls_init_shutdown(tls, status);
1104
tls_destroy(&tls->base, status);
1106
/* Start keep-alive timer */
1107
if (PJSIP_TLS_KEEP_ALIVE_INTERVAL) {
1108
pj_time_val delay = {PJSIP_TLS_KEEP_ALIVE_INTERVAL, 0};
1109
pjsip_endpt_schedule_timer(listener->endpt,
1112
tls->ka_timer.id = PJ_TRUE;
1113
pj_gettimeofday(&tls->last_activity);
1122
* Callback from ioqueue when packet is sent.
1124
static pj_bool_t on_data_sent(pj_ssl_sock_t *ssock,
1125
pj_ioqueue_op_key_t *op_key,
1126
pj_ssize_t bytes_sent)
1128
struct tls_transport *tls = (struct tls_transport*)
1129
pj_ssl_sock_get_user_data(ssock);
1130
pjsip_tx_data_op_key *tdata_op_key = (pjsip_tx_data_op_key*)op_key;
1132
/* Note that op_key may be the op_key from keep-alive, thus
1133
* it will not have tdata etc.
1136
tdata_op_key->tdata = NULL;
1138
if (tdata_op_key->callback) {
1140
* Notify sip_transport.c that packet has been sent.
1142
if (bytes_sent == 0)
1143
bytes_sent = -PJ_RETURN_OS_ERROR(OSERR_ENOTCONN);
1145
tdata_op_key->callback(&tls->base, tdata_op_key->token, bytes_sent);
1147
/* Mark last activity time */
1148
pj_gettimeofday(&tls->last_activity);
1152
/* Check for error/closure */
1153
if (bytes_sent <= 0) {
1156
PJ_LOG(5,(tls->base.obj_name, "TLS send() error, sent=%d",
1159
status = (bytes_sent == 0) ? PJ_RETURN_OS_ERROR(OSERR_ENOTCONN) :
1162
tls_init_shutdown(tls, status);
1172
* This callback is called by transport manager to send SIP message
1174
static pj_status_t tls_send_msg(pjsip_transport *transport,
1175
pjsip_tx_data *tdata,
1176
const pj_sockaddr_t *rem_addr,
1179
pjsip_transport_callback callback)
1181
struct tls_transport *tls = (struct tls_transport*)transport;
1183
pj_bool_t delayed = PJ_FALSE;
1184
pj_status_t status = PJ_SUCCESS;
1187
PJ_ASSERT_RETURN(transport && tdata, PJ_EINVAL);
1189
/* Check that there's no pending operation associated with the tdata */
1190
PJ_ASSERT_RETURN(tdata->op_key.tdata == NULL, PJSIP_EPENDINGTX);
1192
/* Check the address is supported */
1193
PJ_ASSERT_RETURN(rem_addr && addr_len==sizeof(pj_sockaddr_in), PJ_EINVAL);
1198
tdata->op_key.tdata = tdata;
1199
tdata->op_key.token = token;
1200
tdata->op_key.callback = callback;
1202
/* If asynchronous connect() has not completed yet, just put the
1203
* transmit data in the pending transmission list since we can not
1204
* use the socket yet.
1206
if (tls->has_pending_connect) {
1209
* Looks like connect() is still in progress. Check again (this time
1210
* with holding the lock) to be sure.
1212
pj_lock_acquire(tls->base.lock);
1214
if (tls->has_pending_connect) {
1215
struct delayed_tdata *delayed_tdata;
1218
* connect() is still in progress. Put the transmit data to
1221
delayed_tdata = PJ_POOL_ALLOC_T(tdata->pool,
1222
struct delayed_tdata);
1223
delayed_tdata->tdata_op_key = &tdata->op_key;
1225
pj_list_push_back(&tls->delayed_list, delayed_tdata);
1226
status = PJ_EPENDING;
1228
/* Prevent pj_ioqueue_send() to be called below */
1232
pj_lock_release(tls->base.lock);
1237
* Transport is ready to go. Send the packet to ioqueue to be
1238
* sent asynchronously.
1240
size = tdata->buf.cur - tdata->buf.start;
1241
status = pj_ssl_sock_send(tls->ssock,
1242
(pj_ioqueue_op_key_t*)&tdata->op_key,
1243
tdata->buf.start, &size, 0);
1245
if (status != PJ_EPENDING) {
1246
/* Not pending (could be immediate success or error) */
1247
tdata->op_key.tdata = NULL;
1249
/* Shutdown transport on closure/errors */
1252
PJ_LOG(5,(tls->base.obj_name, "TLS send() error, sent=%d",
1255
if (status == PJ_SUCCESS)
1256
status = PJ_RETURN_OS_ERROR(OSERR_ENOTCONN);
1258
tls_init_shutdown(tls, status);
1268
* This callback is called by transport manager to shutdown transport.
1270
static pj_status_t tls_shutdown(pjsip_transport *transport)
1272
struct tls_transport *tls = (struct tls_transport*)transport;
1274
/* Stop keep-alive timer. */
1275
if (tls->ka_timer.id) {
1276
pjsip_endpt_cancel_timer(tls->base.endpt, &tls->ka_timer);
1277
tls->ka_timer.id = PJ_FALSE;
1285
* Callback from ioqueue that an incoming data is received from the socket.
1287
static pj_bool_t on_data_read(pj_ssl_sock_t *ssock,
1291
pj_size_t *remainder)
1293
enum { MAX_IMMEDIATE_PACKET = 10 };
1294
struct tls_transport *tls;
1295
pjsip_rx_data *rdata;
1297
PJ_UNUSED_ARG(data);
1299
tls = (struct tls_transport*) pj_ssl_sock_get_user_data(ssock);
1300
rdata = &tls->rdata;
1302
/* Don't do anything if transport is closing. */
1303
if (tls->is_closing) {
1308
/* Houston, we have packet! Report the packet to transport manager
1311
if (status == PJ_SUCCESS) {
1312
pj_size_t size_eaten;
1314
/* Mark this as an activity */
1315
pj_gettimeofday(&tls->last_activity);
1317
pj_assert((void*)rdata->pkt_info.packet == data);
1319
/* Init pkt_info part. */
1320
rdata->pkt_info.len = size;
1321
rdata->pkt_info.zero = 0;
1322
pj_gettimeofday(&rdata->pkt_info.timestamp);
1324
/* Report to transport manager.
1325
* The transport manager will tell us how many bytes of the packet
1326
* have been processed (as valid SIP message).
1329
pjsip_tpmgr_receive_packet(rdata->tp_info.transport->tpmgr,
1332
pj_assert(size_eaten <= (pj_size_t)rdata->pkt_info.len);
1334
/* Move unprocessed data to the front of the buffer */
1335
*remainder = size - size_eaten;
1336
if (*remainder > 0 && *remainder != size) {
1337
pj_memmove(rdata->pkt_info.packet,
1338
rdata->pkt_info.packet + size_eaten,
1344
/* Transport is closed */
1345
PJ_LOG(4,(tls->base.obj_name, "TLS connection closed"));
1347
tls_init_shutdown(tls, status);
1354
pj_pool_reset(rdata->tp_info.pool);
1361
* Callback from ioqueue when asynchronous connect() operation completes.
1363
static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,
1366
struct tls_transport *tls;
1367
pj_ssl_sock_info ssl_info;
1368
pj_sockaddr_in addr, *tp_addr;
1369
pjsip_tp_state_callback state_cb;
1370
pj_bool_t is_shutdown;
1372
tls = (struct tls_transport*) pj_ssl_sock_get_user_data(ssock);
1374
/* Check connect() status */
1375
if (status != PJ_SUCCESS) {
1377
tls_perror(tls->base.obj_name, "TLS connect() error", status);
1379
/* Cancel all delayed transmits */
1380
while (!pj_list_empty(&tls->delayed_list)) {
1381
struct delayed_tdata *pending_tx;
1382
pj_ioqueue_op_key_t *op_key;
1384
pending_tx = tls->delayed_list.next;
1385
pj_list_erase(pending_tx);
1387
op_key = (pj_ioqueue_op_key_t*)pending_tx->tdata_op_key;
1389
on_data_sent(tls->ssock, op_key, -status);
1395
/* Retrieve SSL socket info, shutdown the transport if this is failed
1396
* as the SSL socket info availability is rather critical here.
1398
status = pj_ssl_sock_get_info(tls->ssock, &ssl_info);
1399
if (status != PJ_SUCCESS)
1402
/* Update (again) local address, just in case local address currently
1403
* set is different now that the socket is connected (could happen
1404
* on some systems, like old Win32 probably?).
1406
tp_addr = (pj_sockaddr_in*)&tls->base.local_addr;
1407
pj_sockaddr_cp((pj_sockaddr_t*)&addr,
1408
(pj_sockaddr_t*)&ssl_info.local_addr);
1409
if (tp_addr->sin_addr.s_addr != addr.sin_addr.s_addr) {
1410
tp_addr->sin_addr.s_addr = addr.sin_addr.s_addr;
1411
tp_addr->sin_port = addr.sin_port;
1412
sockaddr_to_host_port(tls->base.pool, &tls->base.local_name,
1416
/* Server identity verification based on server certificate. */
1417
if (ssl_info.remote_cert_info->version) {
1418
pj_str_t *remote_name;
1419
pj_ssl_cert_info *serv_cert = ssl_info.remote_cert_info;
1420
pj_bool_t matched = PJ_FALSE;
1423
/* Remote name may be hostname or IP address */
1424
if (tls->remote_name.slen)
1425
remote_name = &tls->remote_name;
1427
remote_name = &tls->base.remote_name.host;
1429
/* Start matching remote name with SubjectAltName fields of
1430
* server certificate.
1432
for (i = 0; i < serv_cert->subj_alt_name.cnt && !matched; ++i) {
1433
pj_str_t *cert_name = &serv_cert->subj_alt_name.entry[i].name;
1435
switch (serv_cert->subj_alt_name.entry[i].type) {
1436
case PJ_SSL_CERT_NAME_DNS:
1437
case PJ_SSL_CERT_NAME_IP:
1438
matched = !pj_stricmp(remote_name, cert_name);
1440
case PJ_SSL_CERT_NAME_URI:
1441
if (pj_strnicmp2(cert_name, "sip:", 4) == 0 ||
1442
pj_strnicmp2(cert_name, "sips:", 5) == 0)
1447
p = pj_strchr(cert_name, ':') + 1;
1448
pj_strset(&host_part, p, cert_name->slen -
1449
(p - cert_name->ptr));
1450
matched = !pj_stricmp(remote_name, &host_part);
1458
/* When still not matched or no SubjectAltName fields in server
1459
* certificate, try with Common Name of Subject field.
1462
matched = !pj_stricmp(remote_name, &serv_cert->subject.cn);
1466
ssl_info.verify_status |= PJ_SSL_CERT_EIDENTITY_NOT_MATCH;
1469
/* Prevent immediate transport destroy as application may access it
1470
* (getting info, etc) in transport state notification callback.
1472
pjsip_transport_add_ref(&tls->base);
1474
/* If there is verification error and verification is mandatory, shutdown
1475
* and destroy the transport.
1477
if (ssl_info.verify_status && tls->verify_server) {
1478
if (tls->close_reason == PJ_SUCCESS)
1479
tls->close_reason = PJSIP_TLS_ECERTVERIF;
1480
pjsip_transport_shutdown(&tls->base);
1483
/* Notify transport state to application */
1484
state_cb = pjsip_tpmgr_get_state_cb(tls->base.tpmgr);
1486
pjsip_transport_state_info state_info;
1487
pjsip_tls_state_info tls_info;
1488
pjsip_transport_state tp_state;
1490
/* Init transport state info */
1491
pj_bzero(&state_info, sizeof(state_info));
1492
pj_bzero(&tls_info, sizeof(tls_info));
1493
state_info.ext_info = &tls_info;
1494
tls_info.ssl_sock_info = &ssl_info;
1496
/* Set transport state based on verification status */
1497
if (ssl_info.verify_status && tls->verify_server)
1499
tp_state = PJSIP_TP_STATE_DISCONNECTED;
1500
state_info.status = PJSIP_TLS_ECERTVERIF;
1502
tp_state = PJSIP_TP_STATE_CONNECTED;
1503
state_info.status = PJ_SUCCESS;
1506
(*state_cb)(&tls->base, tp_state, &state_info);
1509
/* Release transport reference. If transport is shutting down, it may
1510
* get destroyed here.
1512
is_shutdown = tls->base.is_shutdown;
1513
pjsip_transport_dec_ref(&tls->base);
1518
/* Mark that pending connect() operation has completed. */
1519
tls->has_pending_connect = PJ_FALSE;
1521
PJ_LOG(4,(tls->base.obj_name,
1522
"TLS transport %.*s:%d is connected to %.*s:%d",
1523
(int)tls->base.local_name.host.slen,
1524
tls->base.local_name.host.ptr,
1525
tls->base.local_name.port,
1526
(int)tls->base.remote_name.host.slen,
1527
tls->base.remote_name.host.ptr,
1528
tls->base.remote_name.port));
1530
/* Start pending read */
1531
status = tls_start_read(tls);
1532
if (status != PJ_SUCCESS)
1535
/* Flush all pending send operations */
1536
tls_flush_pending_tx(tls);
1538
/* Start keep-alive timer */
1539
if (PJSIP_TLS_KEEP_ALIVE_INTERVAL) {
1540
pj_time_val delay = { PJSIP_TLS_KEEP_ALIVE_INTERVAL, 0 };
1541
pjsip_endpt_schedule_timer(tls->base.endpt, &tls->ka_timer,
1543
tls->ka_timer.id = PJ_TRUE;
1544
pj_gettimeofday(&tls->last_activity);
1550
tls_init_shutdown(tls, status);
1556
/* Transport keep-alive timer callback */
1557
static void tls_keep_alive_timer(pj_timer_heap_t *th, pj_timer_entry *e)
1559
struct tls_transport *tls = (struct tls_transport*) e->user_data;
1567
tls->ka_timer.id = PJ_TRUE;
1569
pj_gettimeofday(&now);
1570
PJ_TIME_VAL_SUB(now, tls->last_activity);
1572
if (now.sec > 0 && now.sec < PJSIP_TLS_KEEP_ALIVE_INTERVAL) {
1573
/* There has been activity, so don't send keep-alive */
1574
delay.sec = PJSIP_TLS_KEEP_ALIVE_INTERVAL - now.sec;
1577
pjsip_endpt_schedule_timer(tls->base.endpt, &tls->ka_timer,
1579
tls->ka_timer.id = PJ_TRUE;
1583
PJ_LOG(5,(tls->base.obj_name, "Sending %d byte(s) keep-alive to %.*s:%d",
1584
(int)tls->ka_pkt.slen, (int)tls->base.remote_name.host.slen,
1585
tls->base.remote_name.host.ptr,
1586
tls->base.remote_name.port));
1589
size = tls->ka_pkt.slen;
1590
status = pj_ssl_sock_send(tls->ssock, &tls->ka_op_key.key,
1591
tls->ka_pkt.ptr, &size, 0);
1593
if (status != PJ_SUCCESS && status != PJ_EPENDING) {
1594
tls_perror(tls->base.obj_name,
1595
"Error sending keep-alive packet", status);
1597
tls_init_shutdown(tls, status);
1601
/* Register next keep-alive */
1602
delay.sec = PJSIP_TLS_KEEP_ALIVE_INTERVAL;
1605
pjsip_endpt_schedule_timer(tls->base.endpt, &tls->ka_timer,
1607
tls->ka_timer.id = PJ_TRUE;
1610
#endif /* PJSIP_HAS_TLS_TRANSPORT */