Navigation

Changeset 1187:436e4342ecd0 in freeDiameter


Ignore:
Timestamp:
Jun 10, 2013, 1:04:50 PM (10 years ago)
Author:
Sebastien Decugis <sdecugis@freediameter.net>
Branch:
default
Phase:
public
Message:

Rollback to using TLS/SCTP in release 1.2.0. DTLS dev to happen in freeDiameter-dtls branch

Files:
5 edited

Legend:

Unmodified
Added
Removed

  • contrib/debian/changelog

    r1177 r1187  
    2828  * Upgraded SCTP code to comply with RFC 6458
    2929  * Using default secure Diameter port number 5658 as per RFC 6733
     30  * Updated TLS code for performance improvements with new GNU TLS.
    3031
    31  -- Sebastien Decugis <sdecugis@freediameter.net>  Mon, 03 Jun 2013 14:20:05 +0800
     32 -- Sebastien Decugis <sdecugis@freediameter.net>  Mon, 10 Jun 2013 12:03:59 +0800
    3233
    3334freediameter (1.1.6) UNRELEASED; urgency=low

  • doc/freediameter.conf.sample

    r1181 r1187  
    3131# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP).
    3232# See TLS_old_method for more information about TLS flavours.
     33# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter.
    3334# Default: 5658. Use 0 to disable.
    3435#SecPort = 5658;
    35 
    36 # freeDiameter 1.2.0 introduces the support of DTLS over SCTP (RFC6083) instead of TLS over SCTP (RFC3436),
    37 # as specified in RFC6733. If you need compatibility with older implementation that use TLS over SCTP, you
    38 # can open an additional SCTP server port using TLS/SCTP by specifying the following parameter.
    39 # Note that no TCP server is started on the following port.
    40 # Default: 0 (disabled). Use 3869 for compatibility with freeDiameter < 1.2.0.
    41 #SctpSec3436 = 0;
    4236
    4337# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed
     
    218212# Parameters that can be specified in the peer's parameter list:
    219213#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
    220 #  No_TLS;       # assume transparent security instead of TLS
    221 #  SctpSec3436;  # Use TLS/SCTP instead of DTLS/SCTP to protect SCTP associations with this peer.
     214#  No_TLS;       # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions).
    222215#  Port = 5658;  # The port to connect to
    223216#  TcTimer = 30;

  • libfdcore/fdd.l

    r1180 r1187  
    246246(?i:"Port")             { return PORT;          }
    247247(?i:"SecPort")          { return SECPORT;       }
    248 (?i:"SctpSec3436")      { return SEC3436;       }
     248        /* (?i:"SctpSec3436")   { return SEC3436;       } */
    249249(?i:"No_IPv6")          { return NOIP6;         }
    250250(?i:"No_IP")            { return NOIP;          }

  • libfdcore/p_cnx.c

    r1186 r1187  
    283283        if (nc->dotls) {
    284284                CHECK_FCT_DO( fd_cnx_handshake(cnx, GNUTLS_CLIENT,
    285                                                 (peer->p_hdr.info.config.pic_flags.sctpsec == PI_SCTPSEC_3436) ? ALGO_HANDSHAKE_3436 : ALGO_HANDSHAKE_DEFAULT,
     285                                                ALGO_HANDSHAKE_3436,
    286286                                                peer->p_hdr.info.config.pic_priority, NULL),
    287287                        {

  • libfdcore/server.c

    r1181 r1187  
    5454        struct cnxctx * conn;           /* server connection context (listening socket) */
    5555        int             proto;          /* IPPROTO_TCP or IPPROTO_SCTP */
    56         int             secur;          /* TLS is started immediatly after connection ? 0: no; 1: yes (TLS/TCP or DTLS/SCTP); 2: yes (TLS/TCP or TLS/SCTP) */
     56        int             secur;          /* TLS is started immediatly after connection ? 0: no; 2: yes (TLS/TCP or TLS/SCTP) */
    5757       
    5858        pthread_t       thr;            /* The thread listening for new connections */
     
    361361                /* Create the server on secure port */
    362362                if (fd_g_config->cnf_port_tls) {
    363                         CHECK_MALLOC( s = new_serv(IPPROTO_SCTP, 1) );
     363                        CHECK_MALLOC( s = new_serv(IPPROTO_SCTP, 2 /* Change when DTLS is introduced */) );
    364364                        CHECK_MALLOC( s->conn = fd_cnx_serv_sctp(fd_g_config->cnf_port_tls, empty_conf_ep ? NULL : &fd_g_config->cnf_endpoints) );
    365365                        fd_list_insert_before( &FD_SERVERS, &s->chain );
     
    368368               
    369369                /* Create the other server on 3436 secure port */
    370                 if (fd_g_config->cnf_port_3436) {
     370                /*if (fd_g_config->cnf_port_3436) {
    371371                        CHECK_MALLOC( s = new_serv(IPPROTO_SCTP, 2) );
    372372                        CHECK_MALLOC( s->conn = fd_cnx_serv_sctp(fd_g_config->cnf_port_3436, empty_conf_ep ? NULL : &fd_g_config->cnf_endpoints) );
    373373                        fd_list_insert_before( &FD_SERVERS, &s->chain );
    374374                        CHECK_POSIX( pthread_create( &s->thr, NULL, serv_th, s ) );
    375                 }
     375                }*/
    376376               
    377377#endif /* DISABLE_SCTP */
Note: See TracChangeset for help on using the changeset viewer.