commit 4f085434b912060874d6697f17aaedd2adae7c49
author Diogo Real <diogor@google.com> Tue Sep 11 16:00:22 2018 -0700
committer Commit Bot <commit-bot@chromium.org> Tue Sep 11 23:28:46 2018 +0000
tree daf073cfd109077d224373f84d06016b7a101e4d
parent e0c8b230e7ede712a29802c51a8e0590224bfed1

Add SSLConfig object to IceServer.

This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020,
with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and
tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility.

Bug: webrtc:9662
Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5
Reviewed-on: https://webrtc-review.googlesource.com/98762
Commit-Queue: Diogo Real <diogor@google.com>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24696}

sdk/objc/api/peerconnection/RTCSSLConfig.h

diff --git a/sdk/objc/api/peerconnection/RTCSSLConfig.h b/sdk/objc/api/peerconnection/RTCSSLConfig.h
new file mode 100644
index 0000000..5421609
--- /dev/null
+++ b/sdk/objc/api/peerconnection/RTCSSLConfig.h
@@ -0,0 +1,56 @@
+/*
+ *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#import <Foundation/Foundation.h>
+
+#import <WebRTC/RTCMacros.h>
+
+typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
+  RTCTlsCertPolicySecure,
+  RTCTlsCertPolicyInsecureNoCheck
+};
+
+NS_ASSUME_NONNULL_BEGIN
+
+RTC_EXPORT
+@interface RTCSSLConfig : NSObject
+
+/** Indicates whether to enable OCSP stapling in TLS. */
+@property(nonatomic) BOOL enableOCSPStapling;
+
+/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
+@property(nonatomic) BOOL enableSignedCertTimestamp;
+
+/** Indicates whether to enable the TLS Channel ID extension. */
+@property(nonatomic) BOOL enableTlsChannelId;
+
+/** Indicates whether to enable the TLS GREASE extension. */
+@property(nonatomic) BOOL enableGrease;
+
+/** Indicates how to process TURN server certificates */
+@property(nonatomic) RTCTlsCertPolicy tlsCertPolicy;
+
+/** Highest supported SSL version, as defined in the supported_versions TLS extension. */
+@property(nonatomic, nullable) NSNumber *maxSSLVersion;
+
+/** List of protocols to be used in the TLS ALPN extension. */
+@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsALPNProtocols;
+
+/**
+ List of elliptic curves to be used in the TLS elliptic curves extension.
+ Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
+ */
+@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsEllipticCurves;
+
+- (instancetype)init;
+
+@end
+
+NS_ASSUME_NONNULL_END