Apple SSL backend using Network framework

[sauwming]

The current SSL backend using Secure Transport is deprecated in MacOS 10.15 and iOS 13.0, as specified in Apple's doc here. So we create a new SSL backend based on Network framework.

Requirement:

• MacOS 10.15+, iOS 13.0+
• How to use: add #define PJ_HAS_SSL_SOCK 1 and #define PJ_SSL_SOCK_IMP PJ_SSL_SOCK_IMP_APPLE in your config_site.h to use Apple's Network SSL backend. Add export LDFLAGS += -framework Network -framework Security to your user.mak and add the frameworks to your XCode app project as well.

SSL sock unit test fix in this PR:

• implement on_accept_complete2()
• fix bug that causes test to fail when pj_ssl_sock_send() returns PJ_EPENDING

Tests run and passed:

• pjlib-test Apple SSL
• pjlib-test Darwin SSL
• pjlib-test OpenSSL
• TLS registrations, calls
• Build and run on iOS 12.0 (it can run on iOS version 12 but there will be some features that won't be available, such as setting minimum and maximum TLS version).

Limitation:

• Currently can only select one SSL backend (Secure Transport or Network framework) and can't enable both.

[elfortitude]

Does it work? I have a crash when add .p12 certificate with password and execute pjsua_transport_create(): "Thread 1: EXC_BAD_ACCESS (code=1, address=...)"

[prabhatk]

for supporting macOS 10.0 and above I used PJ_SSL_SOCK_IMP_DARWIN instead of PJ_SSL_SOCK_IMP_APPLE, which is working fine for me. on 10.0 and above.Included
CFNetwork.framework and SecurityFoundation.framework

[khaled76413300]

Hello I Couldn't build after using this
I got this after make:

Undefined symbols for architecture arm64: "_SecCertificateCopySerialNumberData", referenced from: _get_cert_info in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecCertificateCopySubjectSummary", referenced from: _get_cert_info in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecCertificateCreateWithData", referenced from: _ssl_network_event_poll in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecCertificateGetTypeID", referenced from: _on_handshake_complete in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecCopyErrorMessageString", referenced from: _ssl_network_event_poll in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecPKCS12Import", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecTrustEvaluateWithError", referenced from: _ssl_network_event_poll in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecTrustGetCertificateAtIndex", referenced from: _on_handshake_complete in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecTrustGetCertificateCount", referenced from: _on_handshake_complete in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecTrustGetTrustResult", referenced from: _ssl_network_event_poll in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecTrustSetAnchorCertificates", referenced from: _ssl_network_event_poll in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_SecTrustSetAnchorCertificatesOnly", referenced from: _ssl_network_event_poll in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "__nw_content_context_default_message", referenced from: _flush_circ_buf_output in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "__nw_parameters_configure_protocol_default_configuration", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_kSecImportExportPassphrase", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_kSecImportItemIdentity", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_copy_current_path", referenced from: _get_localaddr in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_copy_endpoint", referenced from: ___network_start_accept_block_invoke_2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_copy_protocol_metadata", referenced from: ___network_setup_connection_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_create", referenced from: _pj_ssl_sock_start_connect2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_force_cancel", referenced from: _close_connection in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_receive", referenced from: _ssl_network_event_poll in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ___network_setup_connection_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ___network_start_read_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_send", referenced from: _flush_circ_buf_output in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_set_queue", referenced from: _network_setup_connection in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_set_state_changed_handler", referenced from: _network_setup_connection in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_connection_start", referenced from: _network_setup_connection in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_content_context_get_is_final", referenced from: ___network_start_read_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_endpoint_create_host", referenced from: _pj_ssl_sock_start_connect2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_endpoint_get_address", referenced from: _get_localaddr in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ___network_start_accept_block_invoke_2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_error_get_error_code", referenced from: ___network_send_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ___network_setup_connection_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ___network_start_read_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ___network_start_accept_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_ip_options_set_version", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_listener_cancel", referenced from: _ssl_destroy in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_listener_create", referenced from: _pj_ssl_sock_start_accept2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_listener_get_port", referenced from: ___network_start_accept_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_listener_set_new_connection_handler", referenced from: _pj_ssl_sock_start_accept2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _ssl_destroy in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_listener_set_queue", referenced from: _pj_ssl_sock_start_accept2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_listener_set_state_changed_handler", referenced from: _pj_ssl_sock_start_accept2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_listener_start", referenced from: _pj_ssl_sock_start_accept2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_parameters_copy_default_protocol_stack", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_parameters_create_secure_tcp", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_parameters_set_local_endpoint", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_parameters_set_reuse_local_address", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_path_copy_effective_local_endpoint", referenced from: _get_localaddr in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_protocol_copy_tls_definition", referenced from: ___network_setup_connection_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_protocol_stack_copy_internet_protocol", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_release", referenced from: _ssl_reset_sock_state in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _pj_ssl_sock_start_accept2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _pj_ssl_sock_start_connect2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _on_handshake_complete in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _ssl_destroy in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _close_connection in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _get_localaddr in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ... "_nw_retain", referenced from: _pj_ssl_sock_start_accept2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) _pj_ssl_sock_start_connect2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ___network_start_accept_block_invoke_2 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_tls_copy_sec_protocol_metadata", referenced from: ___network_setup_connection_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_nw_tls_copy_sec_protocol_options", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_identity_copy_certificates_ref", referenced from: _on_handshake_complete in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_identity_create", referenced from: _network_create_params in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_metadata_access_peer_certificate_chain", referenced from: ___network_setup_connection_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_metadata_get_negotiated_tls_ciphersuite", referenced from: ___network_setup_connection_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ___network_create_params_block_invoke_3 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_append_tls_ciphersuite", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_challenge_block", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_local_identity", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_max_tls_protocol_version", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_min_tls_protocol_version", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_peer_authentication_required", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_tls_renegotiation_enabled", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_tls_resumption_enabled", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_tls_server_name", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_protocol_options_set_verify_block", referenced from: ___network_create_params_block_invoke in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) "_sec_trust_copy_ref", referenced from: ___network_create_params_block_invoke_3 in libpj-arm64-apple-darwin_ios.a(ssl_sock_apple.o) ld: symbol(s) not found for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[2]: *** [../bin/pjlib-test-arm64-apple-darwin_ios] Error 1 make[1]: *** [pjlib-test-arm64-apple-darwin_ios] Error 2 make: *** [all] Error 1

is there some library should I add?

[henlund]

Have you configured user.mak like this?

export LDFLAGS += -framework Network -framework Security