diff --git a/daemon/src/sip/sipaccount.cpp b/daemon/src/sip/sipaccount.cpp index 03d02cbd5b206fe096796b44e552bcb88f7889ac..25cf904f7cd15e229f9ac02743d35f7b8c56f706 100644 --- a/daemon/src/sip/sipaccount.cpp +++ b/daemon/src/sip/sipaccount.cpp @@ -75,6 +75,7 @@ SIPAccount::SIPAccount(const std::string& accountID) , transportType_(PJSIP_TRANSPORT_UNSPECIFIED) , cred_() , tlsSetting_() + , ciphers(100) , contactHeader_() , contactUpdateEnabled_(false) , stunServerName_() @@ -189,7 +190,7 @@ void SIPAccount::serialize(Conf::YamlEmitter &emitter) ScalarNode tlsport(portstr.str()); ScalarNode certificate(tlsCertificateFile_); ScalarNode calist(tlsCaListFile_); - ScalarNode ciphers(tlsCiphers_); + ScalarNode ciphersNode(tlsCiphers_); ScalarNode tlsenabled(tlsEnable_); ScalarNode tlsmethod(tlsMethod_); ScalarNode timeout(tlsNegotiationTimeoutSec_); @@ -253,7 +254,7 @@ void SIPAccount::serialize(Conf::YamlEmitter &emitter) tlsmap.setKeyValue(TLS_PORT_KEY, &tlsport); tlsmap.setKeyValue(CERTIFICATE_KEY, &certificate); tlsmap.setKeyValue(CALIST_KEY, &calist); - tlsmap.setKeyValue(CIPHERS_KEY, &ciphers); + tlsmap.setKeyValue(CIPHERS_KEY, &ciphersNode); tlsmap.setKeyValue(TLS_ENABLE_KEY, &tlsenabled); tlsmap.setKeyValue(METHOD_KEY, &tlsmethod); tlsmap.setKeyValue(TIMEOUT_KEY, &timeout); @@ -723,6 +724,18 @@ pjsip_ssl_method SIPAccount::sslMethodStringToPjEnum(const std::string& method) void SIPAccount::initTlsConfiguration() { + pj_status_t status; + unsigned cipherNum; + + // Determine the cipher list supported on this machine + cipherNum = PJ_ARRAY_SIZE(ciphers); + status = pj_ssl_cipher_get_availables(&ciphers.front(), &cipherNum); + if (status != PJ_SUCCESS) { + ERROR("Could not determine cipher list on this system"); + } + + ciphers.resize(cipherNum); + // TLS listener is unique and should be only modified through IP2IP_PROFILE pjsip_tls_setting_default(&tlsSetting_); @@ -731,8 +744,8 @@ void SIPAccount::initTlsConfiguration() pj_cstr(&tlsSetting_.privkey_file, tlsPrivateKeyFile_.c_str()); pj_cstr(&tlsSetting_.password, tlsPassword_.c_str()); tlsSetting_.method = sslMethodStringToPjEnum(tlsMethod_); - pj_cstr(&tlsSetting_.ciphers, tlsCiphers_.c_str()); - pj_cstr(&tlsSetting_.server_name, tlsServerName_.c_str()); + tlsSetting_.ciphers_num = ciphers.size(); + tlsSetting_.ciphers = &ciphers.front(); tlsSetting_.verify_server = tlsVerifyServer_ ? PJ_TRUE: PJ_FALSE; tlsSetting_.verify_client = tlsVerifyClient_ ? PJ_TRUE: PJ_FALSE; @@ -740,6 +753,9 @@ void SIPAccount::initTlsConfiguration() tlsSetting_.timeout.sec = atol(tlsNegotiationTimeoutSec_.c_str()); tlsSetting_.timeout.msec = atol(tlsNegotiationTimeoutMsec_.c_str()); + + tlsSetting_.qos_type = PJ_QOS_TYPE_BEST_EFFORT; + tlsSetting_.qos_ignore_error = PJ_TRUE; } void SIPAccount::initStunConfiguration() diff --git a/daemon/src/sip/sipaccount.h b/daemon/src/sip/sipaccount.h index cb4292f3d0f334f4e8712fce4ed86dc114b9189c..7f5c2e43bcb6e68aa7fefeab070a74bb4d96b8a5 100644 --- a/daemon/src/sip/sipaccount.h +++ b/daemon/src/sip/sipaccount.h @@ -43,6 +43,8 @@ #include "pjsip-ua/sip_regc.h" #include "noncopyable.h" +typedef std::vector<pj_ssl_cipher> CipherArray; + namespace Conf { class YamlEmitter; class MappingNode; @@ -638,6 +640,11 @@ class SIPAccount : public Account { */ pjsip_tls_setting tlsSetting_; + /** + * Allocate a static array to be used by pjsip to store the supported ciphers on this system. + */ + CipherArray ciphers; + /** * The CONTACT header used for registration as provided by the registrar, this value could differ * from the host name in case the registrar is inside a subnetwork (such as a VPN).