Hi, 
Guest
Pic
Sign In

pjsip@lists.pjsip.org

pjsip list

View all threads

TLS support

AS
Alexandre Savard
Mon, Mar 9, 2009 3:38 PM

Hi all,

I have 3 simple questions concerning TLS and pjsip.

  1. Is it possible to use the TLS without the pjsip-ua library?
    We are currently using GNU ccRTP for the RTP transport layer and we are
    using pjsip for sip signals. It works just fine with UDP.

  2. Is the TLS handshaking protocol actually occur while calling
    pjsip_tls_transport_start() or do I need to implement it manually?
    I'm initializing the transport as follow but no TLS related packet
    is sent to Asterisk (pbx server), only one TCP.

    pjsip_tls_setting tls_opt;

    pjsip_tls_setting_default(&tls_opt);

    status = pjsip_tls_transport_start(_endpt, &tls_opt, &bound_addr,
    &a_name, 1, &tpfactory);

    status = pj_sockaddr_in_init(&bound_addr,
    &tpfactory->addr_name.host ,(pj_uint16_t)tpfactory->addr_name.port);

    status = pjsip_endpt_acquire_transport(_endpt, PJSIP_TRANSPORT_TLS,
    &bound_addr, sizeof(bound_addr), NULL, &tls);

  3. Finally, I wan't to do a simple hanshaking, I configured Asterisk
    using an openssl self-signed certificate, everything works fine.
    Looking at pjsip code, it seems to me that pjsip_tls_setting_default()
    is sufficient to get it working. Am I right?

Thanks.

Hi all, I have 3 simple questions concerning TLS and pjsip. 1. Is it possible to use the TLS without the pjsip-ua library? We are currently using GNU ccRTP for the RTP transport layer and we are using pjsip for sip signals. It works just fine with UDP. 2. Is the TLS handshaking protocol actually occur while calling pjsip_tls_transport_start() or do I need to implement it manually? I'm initializing the transport as follow but no TLS related packet is sent to Asterisk (pbx server), only one TCP. pjsip_tls_setting tls_opt; pjsip_tls_setting_default(&tls_opt); status = pjsip_tls_transport_start(_endpt, &tls_opt, &bound_addr, &a_name, 1, &tpfactory); status = pj_sockaddr_in_init(&bound_addr, &tpfactory->addr_name.host ,(pj_uint16_t)tpfactory->addr_name.port); status = pjsip_endpt_acquire_transport(_endpt, PJSIP_TRANSPORT_TLS, &bound_addr, sizeof(bound_addr), NULL, &tls); 3. Finally, I wan't to do a simple hanshaking, I configured Asterisk using an openssl self-signed certificate, everything works fine. Looking at pjsip code, it seems to me that pjsip_tls_setting_default() is sufficient to get it working. Am I right? Thanks.
BP
Benny Prijono
Thu, Mar 12, 2009 5:37 PM

On Mon, Mar 9, 2009 at 3:38 PM, Alexandre Savard <
alexandre.savard@savoirfairelinux.com> wrote:

Hi all,

I have 3 simple questions concerning TLS and pjsip.

  1. Is it possible to use the TLS without the pjsip-ua library?
    We are currently using GNU ccRTP for the RTP transport layer and we are
    using pjsip for sip signals. It works just fine with UDP.

The TLS transport is part of pjsip-core, so no, it doesn't need pjsip-ua
library.

  1. Is the TLS handshaking protocol actually occur while calling
    pjsip_tls_transport_start() or do I need to implement it manually?
    I'm initializing the transport as follow but no TLS related packet
    is sent to Asterisk (pbx server), only one TCP.

The handshake will start as soon as you're sending the first request (hence
outgoing TLS connection will be initiated).

pjsip_tls_setting tls_opt;

pjsip_tls_setting_default(&tls_opt);

status = pjsip_tls_transport_start(_endpt, &tls_opt, &bound_addr,
&a_name, 1, &tpfactory);

status = pj_sockaddr_in_init(&bound_addr,
&tpfactory->addr_name.host ,(pj_uint16_t)tpfactory->addr_name.port);

status = pjsip_endpt_acquire_transport(_endpt, PJSIP_TRANSPORT_TLS,
&bound_addr, sizeof(bound_addr), NULL, &tls);

  1. Finally, I wan't to do a simple hanshaking, I configured Asterisk
    using an openssl self-signed certificate, everything works fine.
    Looking at pjsip code, it seems to me that pjsip_tls_setting_default()
    is sufficient to get it working. Am I right?

Yes that's pretty much it for a simple TLS encryption without
authentication.

cheers
Benny

Thanks.

On Mon, Mar 9, 2009 at 3:38 PM, Alexandre Savard < alexandre.savard@savoirfairelinux.com> wrote: > Hi all, > > I have 3 simple questions concerning TLS and pjsip. > > > 1. Is it possible to use the TLS without the pjsip-ua library? > We are currently using GNU ccRTP for the RTP transport layer and we are > using pjsip for sip signals. It works just fine with UDP. > > The TLS transport is part of pjsip-core, so no, it doesn't need pjsip-ua library. > > 2. Is the TLS handshaking protocol actually occur while calling > pjsip_tls_transport_start() or do I need to implement it manually? > I'm initializing the transport as follow but no TLS related packet > is sent to Asterisk (pbx server), only one TCP. > > The handshake will start as soon as you're sending the first request (hence outgoing TLS connection will be initiated). > pjsip_tls_setting tls_opt; > > pjsip_tls_setting_default(&tls_opt); > > status = pjsip_tls_transport_start(_endpt, &tls_opt, &bound_addr, > &a_name, 1, &tpfactory); > > status = pj_sockaddr_in_init(&bound_addr, > &tpfactory->addr_name.host ,(pj_uint16_t)tpfactory->addr_name.port); > > status = pjsip_endpt_acquire_transport(_endpt, PJSIP_TRANSPORT_TLS, > &bound_addr, sizeof(bound_addr), NULL, &tls); > > > 3. Finally, I wan't to do a simple hanshaking, I configured Asterisk > using an openssl self-signed certificate, everything works fine. > Looking at pjsip code, it seems to me that pjsip_tls_setting_default() > is sufficient to get it working. Am I right? > > Yes that's pretty much it for a simple TLS encryption without authentication. cheers Benny > Thanks. > > >
Next page
Empathy v1.0   2026 ©emwd.com
Documentation