JiaNemo / idoubs

Automatically exported from code.google.com/p/idoubs
0 stars 0 forks source link

Need to have a possibility to request tsl keys from the app #98

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
a) Before posting your issue you MUST answer to the questions otherwise it
will be rejected (invalid status) by us
b) Please check the issue tacker to avoid duplication
c) Please provide network capture (wireshark) or Android log (DDMS output)
if you want quick response

What steps will reproduce the problem?
1. Look inside the code in file tnet_tls.c
2. Note that key files are taken the following way:
socket->tlsfile_ca = tsk_strdup(va_arg(*app, const char *));
socket->tlsfile_pvk = tsk_strdup(va_arg(*app, const char *));
socket->tlsfile_pbk = tsk_strdup(va_arg(*app, const char *));
socket->isClient = va_arg(*app, tsk_bool_t);

What is the expected output? What do you see instead?

We need to have a possibility to request keys from the app and make parameters, 
which are not file names, but the keys themselves.

What version of the product or source code revision are you using? On what
operating system?

iDoubs with Doubango v.2.0, iOS 5.0.1

Please provide any additional information below.

We were trying to setup the server to work with Doubango using tsl.

Original issue reported on code.google.com by maksa...@cs.ubc.ca on 10 Feb 2012 at 8:11

GoogleCodeExporter commented 9 years ago
It's possible but the question is why. The TLS certificates are binary files 
signed by a trusted company (e.g. VerySign).
Please note that TLS is disabled by default and you need OpenSSL binaries to 
enable it. 
The right way to set the TLS certificates from the objc/c++ code 
(iOS-Ngn-Stack) is by using "SipStack::setSSLCretificates(const char* privKey, 
const char* pubKey, const char* caKey);"

Original comment by boss...@yahoo.fr on 10 Feb 2012 at 9:54

GoogleCodeExporter commented 9 years ago
For information, TLS is now enabled on iOS (iPhone, iPad and iPod Touch) 
starting iDoubs r195 and Doubango r678. The implementation is based on OpenSSL.
To use TLS, just select "TLS" as transport in the network settings which will 
enable one-way authentication. 
To use mutual authentication, you have to set the SSL certificates (no UI) like 
this:

[[NgnEngine sharedInstance].configurationService 
setStringWithKey:SECURITY_SSL_FILE_KEY_CA andValue:@"<file path>"];
[[NgnEngine sharedInstance].configurationService 
setStringWithKey:SECURITY_SSL_FILE_KEY_PUB andValue:@"<file path>"];
[[NgnEngine sharedInstance].configurationService 
setStringWithKey:SECURITY_SSL_FILE_KEY_PRIV andValue:@"<file path>"];

Regards,

Original comment by boss...@yahoo.fr on 13 Feb 2012 at 9:14