Manualshelf

HP-UX C SIP Stack Programmer's Guide (Novembery 2007)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
331332333334335336337338339340
314 HP-UX C SIP Stack Programmers Guide
SIP Stack and TLS
TLS ENGINE A TLS engine is an entity that binds together several parameters needed for
TLS, such as SSL version, engine certificate, trusted root certificates authorities,
and so on. In most cases, a TLS engine will be constructed immediately after
SIP Stack initialization and will “live” for the entire duration of the SIP Stack’s
life. All TLS engines are destructed with the SIP Stack when it is destructed.
Using A TLS engine lets the application use similar TLS parameters on different
connections. In a “simple” client application that only wants to authenticate
servers, you will usually use one TLS engine with no certificate, and several
trusted root CAs.
When implementing a proxy, a TLS engine will most likely be associated with
one “leg” of the proxy. This way the proxy can present one TLS policy to its
local organization and a different TLS policy—perhaps one with a stronger
encryption—to an outside organization or the internet.
TLS ENGINE API A TLS engine is represented by the RvSipTransportTlsEngineHandle handle.
The following functions are for constructing a TLS engine and setting its
parameters:
RvSipTransportTlsEngineConstruct()
This function constructs a TLS engine.The RvSipTransportTlsEngineCfg
structure received by this function includes Engine configuration parameters.
The RvSipTransportTlsEngineCfg contains the following members:
RvSipTransportTlsMethod—indicates the version of SSL to
use: SSLv2, SSLv3 or TLS.
strPrivateKey, ePrivateKeyType, privateKeyLen—informs
the engine of its private key. The private key is given as a string.
strCert, certLen—defines the certificate that an engine will
present on TLS handshakes.
certDepth—defines the depth that an engine will consider legal
in a certificate chain to which it is presented.
This set of parameters cannot be changed after an engine has been initialized.
RvSipTransportTlsEngineCheckPrivateKey()
After an engine has been constructed, you may use this function to make sure
the certificate and the private key loaded into the engine match.