--sha256, --sha384, --sha512 parameters retired.

ChangeLog

@@ -1,6 +1,7 @@
 4/9/2015 Oleg Moskalenko <mom040267@gmail.com>
 Version 4.4.5.1 'Ardee West':
 	- dual allocation adjusted according to the new TURN-bis draft;
+	- options sha256, sha384, sha512 retired as non-standard ones;
 	- C++ fixes;
 	- cosmetic fixes;
 

README.turnserver

@@ -236,17 +236,6 @@ Flags:
 --no-multicast-peers	Disallow peers on well-known broadcast addresses 
 			(224.0.0.0 and above, and FFXX:*).
 
---sha256		Require SHA256 digest function to be used for the message integrity.
-			By default, the server uses SHA1 hashes. With this option, the server 
-			requires the stronger SHA256 hashes. The client application must support
-			SHA256 hash function if this option is used. If the server obtains a message 
-			from the client with a weaker (SHA1) hash function then the server returns 
-			error code 426.
-
---sha384		Require SHA384 digest function to be used for the message integrity.
-
---sha512		Require SHA512 digest function to be used for the message integrity.
-			
 --mobility		Mobility with ICE (MICE) specs support.
 
 --no-cli		Turn OFF the CLI support. By default it is always ON.

examples/etc/turnserver.conf

@@ -557,18 +557,6 @@
 #
 #secure-stun
 
-# Require SHA256, or SHA384, or SHA512 digest function to be used for the message
-# integrity. By default, the server uses SHA1 (as per TURN standard specs). 
-# With this option, the server always requires the stronger SHA256, SHA384 or SHA512 
-# function. The client application must support SHA256, SHA384 or SHA512 hash function
-# if this option is used. If the server obtains 
-# a message from the client with a weaker (SHA1) hash function then the 
-# server returns error code 426.
-#
-#sha256
-#sha384
-#sha512
-
 # Mobility with ICE (MICE) specs support.
 #
 #mobility

man/man1/turnadmin.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "21 March 2015" "" ""
+.TH TURN 1 "10 April 2015" "" ""
 .SH GENERAL INFORMATION
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage 

man/man1/turnserver.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "21 March 2015" "" ""
+.TH TURN 1 "10 April 2015" "" ""
 .SH GENERAL INFORMATION
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
@@ -363,23 +363,6 @@ Disallow peers on well\-known broadcast addresses
 (224.0.0.0 and above, and FFXX:*).
 .TP
 .B
-\fB\-\-sha256\fP
-Require SHA256 digest function to be used for the message integrity.
-By default, the server uses SHA1 hashes. With this option, the server 
-requires the stronger SHA256 hashes. The client application must support
-SHA256 hash function if this option is used. If the server obtains a message 
-from the client with a weaker (SHA1) hash function then the server returns 
-error code 426.
-.TP
-.B
-\fB\-\-sha384\fP
-Require SHA384 digest function to be used for the message integrity.
-.TP
-.B
-\fB\-\-sha512\fP
-Require SHA512 digest function to be used for the message integrity.
-.TP
-.B
 \fB\-\-mobility\fP
 Mobility with ICE (MICE) specs support.
 .TP

man/man1/turnutils.1

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH TURN 1 "21 March 2015" "" ""
+.TH TURN 1 "10 April 2015" "" ""
 .SH GENERAL INFORMATION
 
 A set of turnutils_* programs provides some utility functionality to be used

src/apps/relay/dbdrivers/dbd_mongo.c

@@ -216,7 +216,7 @@ static int mongo_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
     if (mongoc_cursor_next(cursor, &item)) {
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "hmackey") && BSON_ITER_HOLDS_UTF8(&iter)) {
         value = bson_iter_utf8(&iter, &length);
-				size_t sz = get_hmackey_size(turn_params.shatype) * 2;
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT) * 2;
 				if(length < sz) {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: string length=%d (must be %d): user %s\n", (int)length, (int)sz, usname);
 				} else {

src/apps/relay/dbdrivers/dbd_mysql.c

@@ -315,7 +315,7 @@ static int mysql_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
 				if(row && row[0]) {
 					unsigned long *lengths = mysql_fetch_lengths(mres);
 					if(lengths) {
-						size_t sz = get_hmackey_size(turn_params.shatype)*2;
+						size_t sz = get_hmackey_size(SHATYPE_DEFAULT)*2;
 						if(lengths[0]<sz) {
 							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: string length=%d (must be %d): user %s\n",(int)lengths[0],(int)sz,usname);
 						} else {

src/apps/relay/dbdrivers/dbd_pgsql.c

@@ -133,7 +133,7 @@ static int pgsql_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
 			char *kval = PQgetvalue(res,0,0);
 			int len = PQgetlength(res,0,0);
 			if(kval) {
-				size_t sz = get_hmackey_size(turn_params.shatype);
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 				if(((size_t)len<sz*2)||(strlen(kval)<sz*2)) {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s, user %s\n",kval,usname);
 				} else if(convert_string_key_to_binary(kval, key, sz)<0) {

src/apps/relay/dbdrivers/dbd_redis.c

@@ -439,7 +439,7 @@ static int redis_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key) {
 				if (rget->type != REDIS_REPLY_NIL)
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", rget->type);
 			} else {
-				size_t sz = get_hmackey_size(turn_params.shatype);
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 				if(strlen(rget->str)<sz*2) {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s, user %s\n",rget->str,usname);
 				} else if(convert_string_key_to_binary(rget->str, key, sz)<0) {

src/apps/relay/dbdrivers/dbd_sqlite.c

@@ -266,7 +266,7 @@ static int sqlite_get_user_key(u08bits *usname, u08bits *realm, hmackey_t key)
 			int res = sqlite3_step(st);
 			if (res == SQLITE_ROW) {
 				char *kval = turn_strdup((const char*) sqlite3_column_text(st, 0));
-				size_t sz = get_hmackey_size(turn_params.shatype);
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 				if (convert_string_key_to_binary(kval, key, sz) < 0) {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key: %s, user %s\n", kval, usname);
 				} else {

src/apps/relay/mainrelay.c

@@ -117,7 +117,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"",
 /////////////// stop server ////////////////
 0,
 /////////////// MISC PARAMS ////////////////
-0,0,0,0,0,SHATYPE_SHA1,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0,
+0,0,0,0,0,':',0,0,TURN_CREDENTIALS_NONE,0,0,0,0,0,0,
 ///////////// Users DB //////////////
 { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL, {NULL,0}} },
 ///////////// CPUs //////////////////
@@ -562,15 +562,6 @@ static char Usage[] = "Usage: turnserver [options]\n"
 "						/var/tmp/turnserver.pid .\n"
 " --secure-stun					Require authentication of the STUN Binding request.\n"
 "						By default, the clients are allowed anonymous access to the STUN Binding functionality.\n"
-" --sha256					Require SHA256 digest function to be used for the message integrity.\n"
-"						By default, the server SHA1 (as per TURN standard specs).\n"
-"						With this option, the server\n"
-"						requires the stronger SHA256 function. The client application must\n"
-"						support SHA256 hash function if this option is used. If the server obtains\n"
-"						a message from the client with a weaker (SHA1) hash function then the server\n"
-"						returns error code 426.\n"
-" --sha384					Require SHA384 digest function to be used for the message integrity.\n"
-" --sha512					Require SHA512 digest function to be used for the message integrity.\n"
 " --proc-user <user-name>			User name to run the turnserver process.\n"
 "						After the initialization, the turnserver process\n"
 "						will make an attempt to change the current user ID to that user.\n"
@@ -645,10 +636,6 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
 #if !defined(TURN_NO_SQLITE) || !defined(TURN_NO_PQ) || !defined(TURN_NO_MYSQL) || !defined(TURN_NO_MONGO) || !defined(TURN_NO_HIREDIS)
 	"	-o, --origin			Origin\n"
 #endif
-	"	-H, --sha256			Use SHA256 digest function to be used for the message integrity.\n"
-	"					By default, the server SHA1 (as per TURN standard specs).\n"
-	"	-Y, --sha384			Use SHA384 digest function to be used for the message integrity.\n"
-	"	-K, --sha512			Use SHA512 digest function to be used for the message integrity.\n"
 	"	--max-bps			Set value of realm's max-bps parameter.\n"
 	"					Setting to zero value means removal of the option.\n"
 	"	--total-quota			Set value of realm's total-quota parameter.\n"
@@ -698,9 +685,6 @@ enum EXTRA_OPTS {
 	SECURE_STUN_OPT,
 	CA_FILE_OPT,
 	DH_FILE_OPT,
-	SHA256_OPT,
-	SHA384_OPT,
-	SHA512_OPT,
 	NO_STUN_OPT,
 	PROC_USER_OPT,
 	PROC_GROUP_OPT,
@@ -823,9 +807,6 @@ static const struct myoption long_options[] = {
 				{ "secure-stun", optional_argument, NULL, SECURE_STUN_OPT },
 				{ "CA-file", required_argument, NULL, CA_FILE_OPT },
 				{ "dh-file", required_argument, NULL, DH_FILE_OPT },
-				{ "sha256", optional_argument, NULL, SHA256_OPT },
-				{ "sha384", optional_argument, NULL, SHA384_OPT },
-				{ "sha512", optional_argument, NULL, SHA512_OPT },
 				{ "proc-user", required_argument, NULL, PROC_USER_OPT },
 				{ "proc-group", required_argument, NULL, PROC_GROUP_OPT },
 				{ "mobility", optional_argument, NULL, MOBILITY_OPT },
@@ -880,9 +861,6 @@ static const struct myoption admin_long_options[] = {
 				{ "user", required_argument, NULL, 'u' },
 				{ "realm", required_argument, NULL, 'r' },
 				{ "password", required_argument, NULL, 'p' },
-				{ "sha256", no_argument, NULL, 'H' },
-				{ "sha384", no_argument, NULL, 'Y' },
-				{ "sha512", no_argument, NULL, 'K' },
 				{ "add-origin", no_argument, NULL, 'O' },
 				{ "del-origin", no_argument, NULL, 'R' },
 				{ "list-origins", required_argument, NULL, 'I' },
@@ -1046,18 +1024,6 @@ static void set_option(int c, char *value)
 	case SECURE_STUN_OPT:
 		turn_params.secure_stun = get_bool_value(value);
 		break;
-	case SHA256_OPT:
-		if(get_bool_value(value))
-			turn_params.shatype = SHATYPE_SHA256;
-		break;
-	case SHA384_OPT:
-		if(get_bool_value(value))
-			turn_params.shatype = SHATYPE_SHA384;
-		break;
-	case SHA512_OPT:
-		if(get_bool_value(value))
-			turn_params.shatype = SHATYPE_SHA512;
-		break;
 	case NO_MULTICAST_PEERS_OPT:
 		turn_params.no_multicast_peers = get_bool_value(value);
 		break;
@@ -1592,18 +1558,6 @@ static int adminmain(int argc, char **argv)
 				exit(0);
 			}
 			break;
-		case 'H':
-			if(get_bool_value(optarg))
-				turn_params.shatype = SHATYPE_SHA256;
-			break;
-		case 'Y':
-			if(get_bool_value(optarg))
-				turn_params.shatype = SHATYPE_SHA384;
-			break;
-		case 'K':
-			if(get_bool_value(optarg))
-				turn_params.shatype = SHATYPE_SHA512;
-			break;
 		case 'h':
 			printf("\n%s\n", AdminUsage);
 			exit(0);

src/apps/relay/mainrelay.h

@@ -291,7 +291,6 @@ typedef struct _turn_params_ {
   vint secure_stun;
   int server_relay;
   int fingerprint;
-  SHATYPE shatype;
   char rest_api_separator;
   vint stale_nonce;
   vint mobility;

src/apps/relay/netengine.c

@@ -1642,7 +1642,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
 			 &turn_params.no_multicast_peers, &turn_params.no_loopback_peers,
 			 &turn_params.ip_whitelist, &turn_params.ip_blacklist,
 			 send_socket_to_relay,
-			 &turn_params.secure_stun, turn_params.shatype, &turn_params.mobility,
+			 &turn_params.secure_stun, &turn_params.mobility,
 			 turn_params.server_relay,
 			 send_turn_session_info,
 			 send_https_socket,

src/apps/relay/turn_admin_server.c

@@ -691,16 +691,6 @@ static void cli_print_configuration(struct cli_session* cs)
 		cli_print_str(cs,turn_params.cert_file,"Certificate file",0);
 		cli_print_str(cs,turn_params.pkey_file,"Private Key file",0);
 
-		if(turn_params.shatype == SHATYPE_SHA256)
-			cli_print_str(cs,"SHA256","SHA type",0);
-		else if(turn_params.shatype == SHATYPE_SHA384)
-			cli_print_str(cs,"SHA384","SHA type",0);
-		else if(turn_params.shatype == SHATYPE_SHA512)
-			cli_print_str(cs,"SHA512","SHA type",0);
-		else
-			cli_print_str(cs,"SHA1","SHA type",0);
-		myprintf(cs,"\n");
-
 		cli_print_str_array(cs,turn_params.listener.addrs,turn_params.listener.addrs_number,"Listener addr",0);
 
 		if(turn_params.listener_ifname[0])
@@ -1962,15 +1952,6 @@ static void write_pc_page(ioa_socket_handle s)
 				https_print_str(sb,turn_params.cert_file,"Certificate file",0);
 				https_print_str(sb,turn_params.pkey_file,"Private Key file",0);
 
-				if(turn_params.shatype == SHATYPE_SHA256)
-					https_print_str(sb,"SHA256","SHA type",0);
-				else if(turn_params.shatype == SHATYPE_SHA384)
-					https_print_str(sb,"SHA384","SHA type",0);
-				else if(turn_params.shatype == SHATYPE_SHA512)
-					https_print_str(sb,"SHA512","SHA type",0);
-				else
-					https_print_str(sb,"SHA1","SHA type",0);
-
 				https_print_empty_row(sb,2);
 
 				https_print_str_array(sb,turn_params.listener.addrs,turn_params.listener.addrs_number,"Listener addr");
@@ -2495,15 +2476,6 @@ static void write_users_page(ioa_socket_handle s, const u08bits *add_user, const
 			str_buffer_append(sb,"\"");
 			str_buffer_append(sb,"><br><br>\r\n");
 
-			if(turn_params.shatype == SHATYPE_SHA256)
-				str_buffer_append(sb,"SHA type: SHA256<br>\r\n");
-			else if(turn_params.shatype == SHATYPE_SHA384)
-				str_buffer_append(sb,"SHA type: SHA384<br>\r\n");
-			else if(turn_params.shatype == SHATYPE_SHA512)
-				str_buffer_append(sb,"SHA type: SHA512<br>\r\n");
-			else
-				str_buffer_append(sb,"SHA type: SHA1<br>\r\n");
-
 			str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add user\">");
 
 			str_buffer_append(sb,"</fieldset>\r\n");
@@ -3491,9 +3463,9 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
 										STRCPY(u,add_user);
 										STRCPY(r,add_realm);
 										STRCPY(p,pwd);
-										stun_produce_integrity_key_str(u, r, p, key, turn_params.shatype);
+										stun_produce_integrity_key_str(u, r, p, key, SHATYPE_DEFAULT);
 										size_t i = 0;
-										size_t sz = get_hmackey_size(turn_params.shatype);
+										size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 										int maxsz = (int) (sz * 2) + 1;
 										char *s = skey;
 										for (i = 0; (i < sz) && (maxsz > 2); i++) {

src/apps/relay/userdb.c

@@ -484,29 +484,10 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 
 					switch(dot.enc_block.key_length) {
 					case SHA1SIZEBYTES:
-						if(turn_params.shatype != SHATYPE_SHA1) {
-							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(1): %d\n",(int)dot.enc_block.key_length);
-							return -1;
-						}
 						break;
 					case SHA256SIZEBYTES:
-						if(turn_params.shatype != SHATYPE_SHA256) {
-							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(2): %d\n",(int)dot.enc_block.key_length);
-							return -1;
-						}
-						break;
 					case SHA384SIZEBYTES:
-						if(turn_params.shatype != SHATYPE_SHA384) {
-							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
-							return -1;
-						}
-						break;
 					case SHA512SIZEBYTES:
-						if(turn_params.shatype != SHATYPE_SHA512) {
-							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
-							return -1;
-						}
-						break;
 					default:
 						TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong size of the MAC key in oAuth token(3): %d\n",(int)dot.enc_block.key_length);
 						return -1;
@@ -518,7 +499,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 								ioa_network_buffer_get_size(nbh),
 								dot.enc_block.mac_key,
 								pwdtmp,
-								turn_params.shatype,NULL)>0) {
+								SHATYPE_DEFAULT)>0) {
 
 						turn_time_t lifetime = (turn_time_t)(dot.enc_block.lifetime);
 						if(lifetime) {
@@ -578,25 +559,11 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 			int sarlen = stun_attr_get_len(sar);
 			switch(sarlen) {
 			case SHA1SIZEBYTES:
-				if(turn_params.shatype != SHATYPE_SHA1)
-					return -1;
 				hmac_len = SHA1SIZEBYTES;
 				break;
 			case SHA256SIZEBYTES:
-				if(turn_params.shatype != SHATYPE_SHA256)
-					return -1;
-				hmac_len = SHA256SIZEBYTES;
-				break;
 			case SHA384SIZEBYTES:
-				if(turn_params.shatype != SHATYPE_SHA384)
-					return -1;
-				hmac_len = SHA384SIZEBYTES;
-				break;
 			case SHA512SIZEBYTES:
-				if(turn_params.shatype != SHATYPE_SHA512)
-					return -1;
-				hmac_len = SHA512SIZEBYTES;
-				break;
 			default:
 				return -1;
 			};
@@ -606,7 +573,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 				const char* secret = get_secrets_list_elem(&sl,sll);
 
 				if(secret) {
-					if(stun_calculate_hmac(usname, strlen((char*)usname), (const u08bits*)secret, strlen(secret), hmac, &hmac_len, turn_params.shatype)>=0) {
+					if(stun_calculate_hmac(usname, strlen((char*)usname), (const u08bits*)secret, strlen(secret), hmac, &hmac_len, SHATYPE_DEFAULT)>=0) {
 						size_t pwd_length = 0;
 						char *pwd = base64_encode(hmac,hmac_len,&pwd_length);
 
@@ -614,14 +581,14 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 							if(pwd_length<1) {
 								turn_free(pwd,strlen(pwd)+1);
 							} else {
-								if(stun_produce_integrity_key_str((u08bits*)usname, realm, (u08bits*)pwd, key, turn_params.shatype)>=0) {
+								if(stun_produce_integrity_key_str((u08bits*)usname, realm, (u08bits*)pwd, key, SHATYPE_DEFAULT)>=0) {
 
 									if(stun_check_message_integrity_by_key_str(TURN_CREDENTIALS_LONG_TERM,
 										ioa_network_buffer_data(nbh),
 										ioa_network_buffer_get_size(nbh),
 										key,
 										pwdtmp,
-										turn_params.shatype,NULL)>0) {
+										SHATYPE_DEFAULT)>0) {
 
 										ret = 0;
 									}
@@ -650,7 +617,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 	ur_string_map_unlock(turn_params.default_users_db.ram_db.static_accounts);
 
 	if(ret==0) {
-		size_t sz = get_hmackey_size(turn_params.shatype);
+		size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 		ns_bcopy(ukey,key,sz);
 		return 0;
 	}
@@ -762,7 +729,7 @@ int add_static_user_account(char *user)
 			hmackey_t *key = (hmackey_t*)turn_malloc(sizeof(hmackey_t));
 			if(strstr(s,"0x")==s) {
 				char *keysource = s + 2;
-				size_t sz = get_hmackey_size(turn_params.shatype);
+				size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 				if(strlen(keysource)<sz*2) {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong key format: %s\n",s);
 				} if(convert_string_key_to_binary(keysource, *key, sz)<0) {
@@ -773,7 +740,7 @@ int add_static_user_account(char *user)
 				}
 			} else {
 				//this is only for default realm
-				stun_produce_integrity_key_str((u08bits*)usname, (u08bits*)get_realm(NULL)->options.name, (u08bits*)s, *key, turn_params.shatype);
+				stun_produce_integrity_key_str((u08bits*)usname, (u08bits*)get_realm(NULL)->options.name, (u08bits*)s, *key, SHATYPE_DEFAULT);
 			}
 			{
 				ur_string_map_lock(turn_params.default_users_db.ram_db.static_accounts);
@@ -973,9 +940,9 @@ int adminuser(u08bits *user, u08bits *realm, u08bits *pwd, u08bits *secret, u08b
 		must_set_admin_pwd(pwd);
 
 		{
-			stun_produce_integrity_key_str(user, realm, pwd, key, turn_params.shatype);
+			stun_produce_integrity_key_str(user, realm, pwd, key, SHATYPE_DEFAULT);
 			size_t i = 0;
-			size_t sz = get_hmackey_size(turn_params.shatype);
+			size_t sz = get_hmackey_size(SHATYPE_DEFAULT);
 			int maxsz = (int) (sz * 2) + 1;
 			char *s = skey;
 			for (i = 0; (i < sz) && (maxsz > 2); i++) {

src/apps/uclient/mainuclient.c

@@ -84,7 +84,7 @@ int negative_protocol_test = 0;
 int dos = 0;
 int random_disconnect = 0;
 
-SHATYPE shatype = SHATYPE_SHA1;
+SHATYPE shatype = SHATYPE_DEFAULT;
 
 int mobility = 0;
 

src/apps/uclient/session.h

@@ -91,7 +91,6 @@ typedef struct {
   app_tcp_conn_info **tcp_conn;
   size_t tcp_conn_number;
   int is_peer;
-  SHATYPE shatype;
   char s_mobile_id[33];
 } app_ur_conn_info;
 

src/apps/uclient/startuclient.c

@@ -526,16 +526,6 @@ static int clnet_allocate(int verbose,
 									&err_code,err_msg,sizeof(err_msg),
 									clnet_info->realm,clnet_info->nonce,
 									clnet_info->server_name, &(clnet_info->oauth))) {
-						if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
-							clnet_info->shatype = SHATYPE_SHA256;
-							recalculate_restapi_hmac(clnet_info->shatype);
-						} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
-							clnet_info->shatype = SHATYPE_SHA384;
-							recalculate_restapi_hmac(clnet_info->shatype);
-						} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
-							clnet_info->shatype = SHATYPE_SHA512;
-							recalculate_restapi_hmac(clnet_info->shatype);
-						}
 						goto beg_allocate;
 					} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 
@@ -730,16 +720,6 @@ static int clnet_allocate(int verbose,
 										&err_code,err_msg,sizeof(err_msg),
 										clnet_info->realm,clnet_info->nonce,
 										clnet_info->server_name, &(clnet_info->oauth))) {
-						if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
-							clnet_info->shatype = SHATYPE_SHA256;
-							recalculate_restapi_hmac(clnet_info->shatype);
-						} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
-							clnet_info->shatype = SHATYPE_SHA384;
-							recalculate_restapi_hmac(clnet_info->shatype);
-						} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
-							clnet_info->shatype = SHATYPE_SHA512;
-							recalculate_restapi_hmac(clnet_info->shatype);
-						}
 						goto beg_refresh;
 					} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 						refresh_received = 1;
@@ -834,16 +814,6 @@ static int turn_channel_bind(int verbose, uint16_t *chn,
 										&err_code,err_msg,sizeof(err_msg),
 										clnet_info->realm,clnet_info->nonce,
 										clnet_info->server_name, &(clnet_info->oauth))) {
-					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
-						clnet_info->shatype = SHATYPE_SHA256;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
-						clnet_info->shatype = SHATYPE_SHA384;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
-						clnet_info->shatype = SHATYPE_SHA512;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					}
 					goto beg_bind;
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 					cb_received = 1;
@@ -948,16 +918,6 @@ static int turn_create_permission(int verbose, app_ur_conn_info *clnet_info,
 									&err_code,err_msg,sizeof(err_msg),
 									clnet_info->realm,clnet_info->nonce,
 									clnet_info->server_name, &(clnet_info->oauth))) {
-					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
-						clnet_info->shatype = SHATYPE_SHA256;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
-						clnet_info->shatype = SHATYPE_SHA384;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
-						clnet_info->shatype = SHATYPE_SHA512;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					}
 					goto beg_cp;
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 					cp_received = 1;
@@ -1533,16 +1493,6 @@ static int turn_tcp_connection_bind(int verbose, app_ur_conn_info *clnet_info, a
 										&err_code,err_msg,sizeof(err_msg),
 										clnet_info->realm,clnet_info->nonce,
 										clnet_info->server_name, &(clnet_info->oauth))) {
-					if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA1)) {
-						clnet_info->shatype = SHATYPE_SHA256;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA256)) {
-						clnet_info->shatype = SHATYPE_SHA384;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (clnet_info->shatype == SHATYPE_SHA384)) {
-						clnet_info->shatype = SHATYPE_SHA512;
-						recalculate_restapi_hmac(clnet_info->shatype);
-					}
 					goto beg_cb;
 				} else if (stun_is_error_response(&response_message, &err_code,err_msg,sizeof(err_msg))) {
 					cb_received = 1;

src/apps/uclient/uclient.c

@@ -119,7 +119,6 @@ static app_ur_session* init_app_session(app_ur_session *ss) {
   if(ss) {
     ns_bzero(ss,sizeof(app_ur_session));
     ss->pinfo.fd=-1;
-    ss->pinfo.shatype = shatype;
   }
   return ss;
 }
@@ -751,17 +750,6 @@ static int client_read(app_ur_session *elem, int is_tcp_data, app_tcp_conn_info
 							&err_code,err_msg,sizeof(err_msg),
 							clnet_info->realm,clnet_info->nonce,
 							clnet_info->server_name, &(clnet_info->oauth))) {
-			if(err_code == SHA_TOO_WEAK_ERROR_CODE && (elem->pinfo.shatype == SHATYPE_SHA1)) {
-				elem->pinfo.shatype = SHATYPE_SHA256;
-				recalculate_restapi_hmac(elem->pinfo.shatype);
-			} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (elem->pinfo.shatype == SHATYPE_SHA256)) {
-				elem->pinfo.shatype = SHATYPE_SHA384;
-				recalculate_restapi_hmac(elem->pinfo.shatype);
-			} else if(err_code == SHA_TOO_WEAK_ERROR_CODE && (elem->pinfo.shatype == SHATYPE_SHA384)) {
-				elem->pinfo.shatype = SHATYPE_SHA512;
-				recalculate_restapi_hmac(elem->pinfo.shatype);
-			}
-
 			if(is_TCP_relay() && (stun_get_method(&(elem->in_buffer)) == STUN_METHOD_CONNECT)) {
 				turn_tcp_connect(clnet_verbose, &(elem->pinfo), &(elem->pinfo.peer_addr));
 			} else if(stun_get_method(&(elem->in_buffer)) == STUN_METHOD_REFRESH) {
@@ -1008,7 +996,6 @@ static int start_client(const char *remote_address, int port,
   app_ur_conn_info clnet_info_probe; /* for load balancing probe */
   ns_bzero(&clnet_info_probe,sizeof(clnet_info_probe));
   clnet_info_probe.fd = -1;
-  clnet_info_probe.shatype = shatype;
 
   app_ur_conn_info *clnet_info=&(ss->pinfo);
   app_ur_conn_info *clnet_info_rtcp=NULL;
@@ -1103,7 +1090,6 @@ static int start_c2c(const char *remote_address, int port,
   app_ur_conn_info clnet_info_probe; /* for load balancing probe */
   ns_bzero(&clnet_info_probe,sizeof(clnet_info_probe));
   clnet_info_probe.fd = -1;
-  clnet_info_probe.shatype = shatype;
 
   app_ur_conn_info *clnet_info1=&(ss1->pinfo);
   app_ur_conn_info *clnet_info1_rtcp=NULL;
@@ -1652,7 +1638,7 @@ int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 			}
 
 			if(stun_attr_add_integrity_by_key_str(message->buf, (size_t*)&(message->len), (u08bits*)okey_array[cok].kid,
-					clnet_info->realm, clnet_info->key, clnet_info->nonce, clnet_info->shatype)<0) {
+					clnet_info->realm, clnet_info->key, clnet_info->nonce, shatype)<0) {
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO," Cannot add integrity to the message\n");
 				return -1;
 			}
@@ -1661,14 +1647,14 @@ int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 			{
 				password_t pwd;
 				if(stun_check_message_integrity_by_key_str(get_turn_credentials_type(),
-								message->buf, (size_t)(message->len), clnet_info->key, pwd, clnet_info->shatype, NULL)<1) {
+								message->buf, (size_t)(message->len), clnet_info->key, pwd, shatype)<1) {
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR," Self-test of integrity does not comple correctly !\n");
 					return -1;
 				}
 			}
 		} else {
 			if(stun_attr_add_integrity_by_user_str(message->buf, (size_t*)&(message->len), g_uname,
-					clnet_info->realm, g_upwd, clnet_info->nonce, clnet_info->shatype)<0) {
+					clnet_info->realm, g_upwd, clnet_info->nonce, shatype)<0) {
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO," Cannot add integrity to the message\n");
 				return -1;
 			}
@@ -1680,14 +1666,14 @@ int add_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 
 int check_integrity(app_ur_conn_info *clnet_info, stun_buffer *message)
 {
-	SHATYPE sht = clnet_info->shatype;
+	SHATYPE sht = shatype;
 
 	if(oauth && clnet_info->oauth) {
 
 		password_t pwd;
 
 		return stun_check_message_integrity_by_key_str(get_turn_credentials_type(),
-				message->buf, (size_t)(message->len), clnet_info->key, pwd, sht, NULL);
+				message->buf, (size_t)(message->len), clnet_info->key, pwd, sht);
 
 	} else {
 

src/client/ns_turn_msg.c

@@ -467,7 +467,7 @@ int stun_is_challenge_response_str(const u08bits* buf, size_t len, int *err_code
 {
 	int ret = stun_is_error_response_str(buf, len, err_code, err_msg, err_msg_size);
 
-	if(ret && (((*err_code) == 401) || ((*err_code) == 438) || ((*err_code) == SHA_TOO_WEAK_ERROR_CODE))) {
+	if(ret && (((*err_code) == 401) || ((*err_code) == 438) )) {
 
 		stun_attr_ref sar = stun_attr_get_first_by_type_str(buf,len,STUN_ATTRIBUTE_REALM);
 		if(sar) {
@@ -1801,7 +1801,7 @@ void print_hmac(const char *name, const void *s, size_t len)
 /*
  * Return -1 if failure, 0 if the integrity is not correct, 1 if OK
  */
-int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype, int *too_weak)
+int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype)
 {
 	int res = 0;
 	u08bits new_hmac[MAXSHASIZE];
@@ -1817,41 +1817,21 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *bu
 	switch(sarlen) {
 	case SHA256SIZEBYTES:
 		shasize = SHA256SIZEBYTES;
-		if(shatype > SHATYPE_SHA256) {
-			if(too_weak)
-				*too_weak = 1;
-				return -1;
-		}
 		if(shatype != SHATYPE_SHA256)
 			return -1;
 		break;
 	case SHA384SIZEBYTES:
 		shasize = SHA384SIZEBYTES;
-		if(shatype > SHATYPE_SHA384) {
-			if(too_weak)
-				*too_weak = 1;
-				return -1;
-		}
 		if(shatype != SHATYPE_SHA384)
 			return -1;
 		break;
 	case SHA512SIZEBYTES:
 		shasize = SHA512SIZEBYTES;
-		if(shatype > SHATYPE_SHA512) {
-			if(too_weak)
-				*too_weak = 1;
-				return -1;
-		}
 		if(shatype != SHATYPE_SHA512)
 			return -1;
 		break;
 	case SHA1SIZEBYTES:
 		shasize = SHA1SIZEBYTES;
-		if(shatype > SHATYPE_SHA1) {
-			if(too_weak)
-				*too_weak = 1;
-			return -1;
-		}
 		if(shatype != SHATYPE_SHA1)
 			return -1;
 		break;
@@ -1903,7 +1883,7 @@ int stun_check_message_integrity_str(turn_credential_type ct, u08bits *buf, size
 	else if (stun_produce_integrity_key_str(uname, realm, upwd, key, shatype) < 0)
 		return -1;
 
-	return stun_check_message_integrity_by_key_str(ct, buf, len, key, pwd, shatype, NULL);
+	return stun_check_message_integrity_by_key_str(ct, buf, len, key, pwd, shatype);
 }
 
 /* RFC 5780 */

src/client/ns_turn_msg.h

@@ -181,7 +181,7 @@ void print_bin_func(const char *name, size_t len, const void *s, const char *fun
 /*
  * Return -1 if failure, 0 if the integrity is not correct, 1 if OK
  */
-int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype, int *too_weak);
+int stun_check_message_integrity_by_key_str(turn_credential_type ct, u08bits *buf, size_t len, hmackey_t key, password_t pwd, SHATYPE shatype);
 int stun_check_message_integrity_str(turn_credential_type ct, u08bits *buf, size_t len, u08bits *uname, u08bits *realm, u08bits *upwd, SHATYPE shatype);
 int stun_attr_add_integrity_str(turn_credential_type ct, u08bits *buf, size_t *len, hmackey_t key, password_t pwd, SHATYPE shatype);
 int stun_attr_add_integrity_by_key_str(u08bits *buf, size_t *len, u08bits *uname, u08bits *realm, hmackey_t key, u08bits *nonce, SHATYPE shatype);

src/client/ns_turn_msg_defs_new.h

@@ -44,7 +44,7 @@
 
 /* <<== Bandwidth */
 
-/* SHA AGILITY ==>> */
+/* SHA ==>> */
 
 #define SHA1SIZEBYTES (20)
 #define SHA256SIZEBYTES (32)
@@ -66,10 +66,7 @@ typedef enum _SHATYPE SHATYPE;
 
 #define shatype_name(sht) ((sht == SHATYPE_SHA1) ? "SHA1" : ((sht == SHATYPE_SHA256) ? "SHA256" : ((sht == SHATYPE_SHA384) ? "SHA384" : "SHA512")))
 
-#define SHA_TOO_WEAK_ERROR_CODE (426)
-#define SHA_TOO_WEAK_ERROR_REASON ((const u08bits*)("credentials too weak"))
-
-/* <<== SHA AGILITY */
+/* <<== SHA */
 
 /* OAUTH TOKEN ENC ALG ==> */
 

src/server/ns_turn_server.c

@@ -1717,7 +1717,7 @@ static int handle_turn_refresh(turn_turnserver *server,
 										}
 
 										if(message_integrity) {
-											stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,server->shatype);
+											stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,SHATYPE_DEFAULT);
 											ioa_network_buffer_set_size(nbh,len);
 										}
 
@@ -1980,7 +1980,7 @@ static void tcp_peer_connection_completed_callback(int success, void *arg)
 		ioa_network_buffer_set_size(nbh,len);
 
 		if(need_stun_authentication(server, ss)) {
-			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,server->shatype);
+			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,SHATYPE_DEFAULT);
 			ioa_network_buffer_set_size(nbh,len);
 		}
 
@@ -2462,7 +2462,7 @@ int turnserver_accept_tcp_client_data_connection(turn_turnserver *server, tcp_co
 
 		if(message_integrity && ss) {
 			size_t len = ioa_network_buffer_get_size(nbh);
-			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,server->shatype);
+			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,SHATYPE_DEFAULT);
 			ioa_network_buffer_set_size(nbh,len);
 		}
 
@@ -3280,49 +3280,10 @@ static int check_stun_auth(turn_turnserver *server,
 
 		switch(sarlen) {
 		case SHA1SIZEBYTES:
-			if(server->shatype > SHATYPE_SHA1) {
-				*err_code = SHA_TOO_WEAK_ERROR_CODE;
-				*reason = SHA_TOO_WEAK_ERROR_REASON;
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-			}
-			if(server->shatype != SHATYPE_SHA1) {
-				*err_code = 401;
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-			}
 			break;
 		case SHA256SIZEBYTES:
-			if(server->shatype > SHATYPE_SHA256) {
-				*err_code = SHA_TOO_WEAK_ERROR_CODE;
-				*reason = SHA_TOO_WEAK_ERROR_REASON;
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-			}
-			if(server->shatype != SHATYPE_SHA256) {
-				*err_code = 401;
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-			}
-			break;
 		case SHA384SIZEBYTES:
-			if(server->shatype > SHATYPE_SHA384) {
-				*err_code = SHA_TOO_WEAK_ERROR_CODE;
-				*reason = SHA_TOO_WEAK_ERROR_REASON;
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-			}
-			if(server->shatype != SHATYPE_SHA384) {
-				*err_code = 401;
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-			}
-			break;
 		case SHA512SIZEBYTES:
-			if(server->shatype > SHATYPE_SHA512) {
-				*err_code = SHA_TOO_WEAK_ERROR_CODE;
-				*reason = SHA_TOO_WEAK_ERROR_REASON;
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-			}
-			if(server->shatype != SHATYPE_SHA512) {
-				*err_code = 401;
-				return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-			}
-			break;
 		default:
 			*err_code = 401;
 			return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
@@ -3446,22 +3407,11 @@ static int check_stun_auth(turn_turnserver *server,
 	}
 
 	/* Check integrity */
-	int too_weak = 0;
 	if(stun_check_message_integrity_by_key_str(server->ct,ioa_network_buffer_data(in_buffer->nbh),
 					  ioa_network_buffer_get_size(in_buffer->nbh),
 					  ss->hmackey,
 					  ss->pwd,
-					  server->shatype,
-					  &too_weak)<1) {
-
-		if(too_weak) {
-					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
-							"%s: user %s credentials are incorrect: SHA function is too weak\n",
-									__FUNCTION__, (char*)usname);
-					*err_code = SHA_TOO_WEAK_ERROR_CODE;
-					*reason = SHA_TOO_WEAK_ERROR_REASON;
-					return create_challenge_response(ss,tid,resp_constructed,err_code,reason,nbh,method);
-		}
+					  SHATYPE_DEFAULT)<1) {
 
 		if(can_resume) {
 			(server->userkeycb)(server->id, server->ct, server->oauth, &(ss->oauth), usname, realm, resume_processing_after_username_check, in_buffer, ss->id, postpone_reply);
@@ -3907,7 +3857,7 @@ static int handle_turn_command(turn_turnserver *server, ts_ur_super_session *ss,
 
 		if(message_integrity) {
 			size_t len = ioa_network_buffer_get_size(nbh);
-			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,server->shatype);
+			stun_attr_add_integrity_str(server->ct,ioa_network_buffer_data(nbh),&len,ss->hmackey,ss->pwd,SHATYPE_DEFAULT);
 			ioa_network_buffer_set_size(nbh,len);
 		}
 
@@ -4840,7 +4790,7 @@ void init_turn_server(turn_turnserver* server,
 		vintp no_multicast_peers, vintp no_loopback_peers,
 		ip_range_list_t* ip_whitelist, ip_range_list_t* ip_blacklist,
 		send_socket_to_relay_cb send_socket_to_relay,
-		vintp secure_stun, SHATYPE shatype, vintp mobility, int server_relay,
+		vintp secure_stun, vintp mobility, int server_relay,
 		send_turn_session_info_cb send_turn_session_info,
 		send_https_socket_cb send_https_socket,
 		allocate_bps_cb allocate_bps_func,
@@ -4864,7 +4814,6 @@ void init_turn_server(turn_turnserver* server,
 	server->no_multicast_peers = no_multicast_peers;
 	server->no_loopback_peers = no_loopback_peers;
 	server->secure_stun = secure_stun;
-	server->shatype = shatype;
 	server->mobility = mobility;
 	server->server_relay = server_relay;
 	server->send_turn_session_info = send_turn_session_info;

src/server/ns_turn_server.h

@@ -118,7 +118,6 @@ struct _turn_turnserver {
 	vintp stun_only;
 	vintp no_stun;
 	vintp secure_stun;
-	SHATYPE shatype;
 	turn_credential_type ct;
 	get_alt_addr_cb alt_addr_cb;
 	send_message_cb sm_cb;
@@ -197,7 +196,6 @@ void init_turn_server(turn_turnserver* server,
 				    ip_range_list_t* ip_blacklist,
 				    send_socket_to_relay_cb send_socket_to_relay,
 				    vintp secure_stun,
-				    SHATYPE shatype,
 				    vintp mobility,
 				    int server_relay,
 				    send_turn_session_info_cb send_turn_session_info,