From c8554be6dd41c6fe48eb6b09e9cfc0fb0064a7ff Mon Sep 17 00:00:00 2001
From: "tkchin@webrtc.org"
 <tkchin@webrtc.org@4adac7df-926f-26a2-2b94-8c16560cd09d>
Date: Thu, 7 Aug 2014 20:39:08 +0000
Subject: [PATCH] Support for TURN/TLS.

Wrap the socket in an SSL adapter, then simply call StartSSL() on the
SSLAdapter instance.

Cloned from: https://webrtc-codereview.appspot.com/21799004/

R=juberti@chromium.org, juberti@webrtc.org
BUG=

Review URL: https://webrtc-codereview.appspot.com/14059004

Patch from Manish Jethani <manish.jethani@gmail.com>.

git-svn-id: http://webrtc.googlecode.com/svn/trunk@6852 4adac7df-926f-26a2-2b94-8c16560cd09d
---
 talk/p2p/base/basicpacketsocketfactory.cc | 25 ++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/talk/p2p/base/basicpacketsocketfactory.cc b/talk/p2p/base/basicpacketsocketfactory.cc
index 75a7055366..b3575c0f98 100644
--- a/talk/p2p/base/basicpacketsocketfactory.cc
+++ b/talk/p2p/base/basicpacketsocketfactory.cc
@@ -34,6 +34,7 @@
 #include "webrtc/base/physicalsocketserver.h"
 #include "webrtc/base/scoped_ptr.h"
 #include "webrtc/base/socketadapters.h"
+#include "webrtc/base/ssladapter.h"
 #include "webrtc/base/thread.h"
 #include "talk/p2p/base/asyncstuntcpsocket.h"
 #include "talk/p2p/base/stun.h"
@@ -120,12 +121,6 @@ AsyncPacketSocket* BasicPacketSocketFactory::CreateClientTcpSocket(
     const SocketAddress& local_address, const SocketAddress& remote_address,
     const ProxyInfo& proxy_info, const std::string& user_agent, int opts) {
 
-  // Fail if TLS is required.
-  if (opts & PacketSocketFactory::OPT_TLS) {
-    LOG(LS_ERROR) << "TLS support currently is not available.";
-    return NULL;
-  }
-
   rtc::AsyncSocket* socket =
       socket_factory()->CreateAsyncSocket(local_address.family(), SOCK_STREAM);
   if (!socket) {
@@ -149,8 +144,24 @@ AsyncPacketSocket* BasicPacketSocketFactory::CreateClientTcpSocket(
         proxy_info.username, proxy_info.password);
   }
 
+  // If using TLS, wrap the socket in an SSL adapter.
+  if (opts & PacketSocketFactory::OPT_TLS) {
+    ASSERT(!(opts & PacketSocketFactory::OPT_SSLTCP));
+
+    rtc::SSLAdapter* ssl_adapter = rtc::SSLAdapter::Create(socket);
+    if (!ssl_adapter) {
+      return NULL;
+    }
+
+    socket = ssl_adapter;
+
+    if (ssl_adapter->StartSSL(remote_address.hostname().c_str(), false) != 0) {
+      delete ssl_adapter;
+      return NULL;
+    }
+
   // If using SSLTCP, wrap the TCP socket in a pseudo-SSL socket.
-  if (opts & PacketSocketFactory::OPT_SSLTCP) {
+  } else if (opts & PacketSocketFactory::OPT_SSLTCP) {
     ASSERT(!(opts & PacketSocketFactory::OPT_TLS));
     socket = new rtc::AsyncSSLSocket(socket);
   }