commit 4f085434b912060874d6697f17aaedd2adae7c49
author Diogo Real <diogor@google.com> Tue Sep 11 16:00:22 2018 -0700
committer Commit Bot <commit-bot@chromium.org> Tue Sep 11 23:28:46 2018 +0000
tree daf073cfd109077d224373f84d06016b7a101e4d
parent e0c8b230e7ede712a29802c51a8e0590224bfed1

Add SSLConfig object to IceServer.

This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020,
with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and
tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility.

Bug: webrtc:9662
Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5
Reviewed-on: https://webrtc-review.googlesource.com/98762
Commit-Queue: Diogo Real <diogor@google.com>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24696}

api/peerconnectioninterface.h

diff --git a/api/peerconnectioninterface.h b/api/peerconnectioninterface.h
index 1c32b69..c6e5a25 100644
--- a/api/peerconnectioninterface.h
+++ b/api/peerconnectioninterface.h
@@ -112,6 +112,7 @@
 #include "rtc_base/rtccertificate.h"
 #include "rtc_base/rtccertificategenerator.h"
 #include "rtc_base/socketaddress.h"
+#include "rtc_base/ssladapter.h"
 #include "rtc_base/sslcertificate.h"
 #include "rtc_base/sslstreamadapter.h"
 
@@ -187,6 +188,7 @@
     kIceConnectionMax,
   };
 
+  // Deprecated. TODO(diogor, webrtc:9673): Remove from API.
   // TLS certificate policy.
   enum TlsCertPolicy {
     // For TLS based protocols, ensure the connection is secure by not
@@ -211,23 +213,29 @@
     std::vector<std::string> urls;
     std::string username;
     std::string password;
+    // Deprecated. rtc::SSLConfig should be used instead.
     TlsCertPolicy tls_cert_policy = kTlsCertPolicySecure;
     // If the URIs in |urls| only contain IP addresses, this field can be used
     // to indicate the hostname, which may be necessary for TLS (using the SNI
     // extension). If |urls| itself contains the hostname, this isn't
     // necessary.
     std::string hostname;
+    // Deprecated. rtc::SSLConfig should be used instead.
     // List of protocols to be used in the TLS ALPN extension.
     std::vector<std::string> tls_alpn_protocols;
+    // Deprecated. rtc::SSLConfig should be used instead.
     // List of elliptic curves to be used in the TLS elliptic curves extension.
     std::vector<std::string> tls_elliptic_curves;
+    // SSL configuration options for any SSL/TLS connections to this IceServer.
+    rtc::SSLConfig ssl_config;
 
     bool operator==(const IceServer& o) const {
       return uri == o.uri && urls == o.urls && username == o.username &&
              password == o.password && tls_cert_policy == o.tls_cert_policy &&
              hostname == o.hostname &&
              tls_alpn_protocols == o.tls_alpn_protocols &&
-             tls_elliptic_curves == o.tls_elliptic_curves;
+             tls_elliptic_curves == o.tls_elliptic_curves &&
+             ssl_config == o.ssl_config;
     }
     bool operator!=(const IceServer& o) const { return !(*this == o); }
   };