res_pjsip: Enable TLS v1.3 if present.

Fixes #221 UserNote: res_pjsip now allows TLS v1.3 to be enabled if supported by the underlying PJSIP library. The bundled version of PJSIP supports TLS v1.3. (cherry picked from commit b5762cd54e)
2025-09-04 20:04:50 +00:00 · 2023-08-02 09:56:49 -04:00
parent cbcde0624b
commit e05f51a8ae
6 changed files with 211 additions and 2 deletions
--- a/res/res_pjsip/config_transport.c
+++ b/res/res_pjsip/config_transport.c
@@ -1221,11 +1221,17 @@ static int transport_tls_method_handler(const struct aco_option *opt, struct ast
 		state->tls.method = PJSIP_SSL_UNSPECIFIED_METHOD;
 	} else if (!strcasecmp(var->value, "tlsv1")) {
 		state->tls.method = PJSIP_TLSV1_METHOD;
-#ifdef HAVE_PJSIP_TLS_TRANSPORT_PROTO
+#ifdef HAVE_PJSIP_TLS_1_1
 	} else if (!strcasecmp(var->value, "tlsv1_1")) {
 		state->tls.method = PJSIP_TLSV1_1_METHOD;
+#endif
+#ifdef HAVE_PJSIP_TLS_1_2
 	} else if (!strcasecmp(var->value, "tlsv1_2")) {
 		state->tls.method = PJSIP_TLSV1_2_METHOD;
+#endif
+#ifdef HAVE_PJSIP_TLS_1_3
+	} else if (!strcasecmp(var->value, "tlsv1_3")) {
+		state->tls.method = PJSIP_TLSV1_3_METHOD;
 #endif
 	} else if (!strcasecmp(var->value, "sslv2")) {
 		state->tls.method = PJSIP_SSLV2_METHOD;
@@ -1243,9 +1249,14 @@ static int transport_tls_method_handler(const struct aco_option *opt, struct ast
 static const char *tls_method_map[] = {
 	[PJSIP_SSL_UNSPECIFIED_METHOD] = "unspecified",
 	[PJSIP_TLSV1_METHOD] = "tlsv1",
-#ifdef HAVE_PJSIP_TLS_TRANSPORT_PROTO
+#ifdef HAVE_PJSIP_TLS_1_1
 	[PJSIP_TLSV1_1_METHOD] = "tlsv1_1",
+#endif
+#ifdef HAVE_PJSIP_TLS_1_2
 	[PJSIP_TLSV1_2_METHOD] = "tlsv1_2",
+#endif
+#ifdef HAVE_PJSIP_TLS_1_3
+	[PJSIP_TLSV1_3_METHOD] = "tlsv1_3",
 #endif
 	[PJSIP_SSLV2_METHOD] = "sslv2",
 	[PJSIP_SSLV3_METHOD] = "sslv3",
--- a/res/res_pjsip/pjsip_config.xml
+++ b/res/res_pjsip/pjsip_config.xml
@@ -1749,6 +1749,8 @@
 				<configOption name="method">
 					<synopsis>Method of SSL transport (TLS ONLY, not WSS)</synopsis>
 					<description>
+						<para>The availability of each of these options is dependent on the
+						version and configuration of the underlying PJSIP library.</para>
 						<enumlist>
 							<enum name="default">
 								<para>The default as defined by PJSIP. This is currently TLSv1, but may change with future releases.</para>
@@ -1759,6 +1761,7 @@
 							<enum name="tlsv1" />
 							<enum name="tlsv1_1" />
 							<enum name="tlsv1_2" />
+							<enum name="tlsv1_3" />
 							<enum name="sslv2" />
 							<enum name="sslv3" />
 							<enum name="sslv23" />