kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-01 03:04:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e88beedd0845aa18a2f5594c6638d443399c93a9
asterisk/configs/samples/stir_shaken.conf.sample

56 lines
1.4 KiB
Plaintext
Raw Normal View History

res_stir_shaken: Added dialplan function and API call. Adds the "STIR_SHAKEN" dialplan function and an API call to add a STIR_SHAKEN verification result to a channel. This information will be held in a datastore on the channel that can later be queried through the "STIR_SHAKEN" dialplan funtion to get information on STIR_SHAKEN results including identity, attestation, and verify_result. Here are some examples: STIR_SHAKEN(count) STIR_SHAKEN(0, identity) STIR_SHAKEN(1, attestation) STIR_SHAKEN(2, verify_result) Getting the count can be used to iterate through the results and pull information by specifying the index and the field you want to retrieve. Change-Id: Ice6d52a3a7d6e4607c9c35b28a1f7c25f5284a82
2020-05-04 16:11:00 -05:00
;
; This file is used by the res_stir_shaken module to configure parameters
; used for STIR/SHAKEN.
;
;
; [general]
;
; File path to the certificate authority certificate
;ca_file=/etc/asterisk/stir/ca.crt
;
; File path to a chain of trust
;ca_path=/etc/asterisk/stir/ca
;
; Maximum size to use for caching public keys
;cache_max_size=1000
;
; Maximum time to wait to CURL certificates
;curl_timeout
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; A certificate store is used to examine, and load all certificates found in a
; given directory. When using this type the public key URL is generated based
; upon the filename, and variable substitution.
;[certificates]
;
; type must be "store"
;type=store
;
; Path to a directory containing certificates
;path=/etc/asterisk/stir
;
; URL to the public key(s). Must contain variable '${CERTIFICATE}' used for
; substitution
;public_key_url=http://mycompany.com/${CERTIFICATE}.pub
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; Individual certificates are declared by using the certificate type.
;[alice]
;
; type must be "certificate"
;type=certificate
;
; File path to a certificate
;path=/etc/asterisk/stir/alice.crt
;
; URL to the public key
;public_key_url=http://mycompany.com/alice.pub
res_stir_shaken: Add outbound INVITE support. Integrated STIR/SHAKEN support with outgoing INVITEs. When an INVITE is sent, the caller ID will be checked to see if there is a certificate that corresponds to it. If so, that information will be retrieved and an Identity header will be added to the SIP message. The format is: header.payload.signature;info=<public_key_url>alg=ES256;ppt=shaken Header, payload, and signature are all BASE64 encoded. The public key URL is retrieved from the certificate. Currently the algorithm and ppt are ES256 and shaken, respectively. This message is signed and can be used for verification on the receiving end. Two new configuration options have been added to the certificate object: attestation and origid. The attestation is required and must be A, B, or C. origid is the origination identifier. A new utility function has been added as well that takes a string, allocates space, BASE64 encodes it, then returns it, eliminating the need to calculate the size yourself. Change-Id: I1f84d6a5839cb2ed152ef4255b380cfc2de662b4
2020-06-02 09:04:23 -05:00
;
; Must have an attestation of A, B, or C
;attestation=C
;
; The origination identifier for the certificate
;origid=MyAsterisk
Reference in New Issue Copy Permalink