kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-29 18:19:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support for the ca_list_path option for PJSIP transports.

Browse Source 
This allows for a path to be specified that has a collection of CA
certificates in it.

ASTERISK-24575 #close
Reported by cloos
Patches:
	pj-ca-path-trunk.diff uploaded by cloos (License #5956)

Review: https://reviewboard.asterisk.org/r/4344
........

Merged revisions 430709 from http://svn.asterisk.org/svn/asterisk/branches/13


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@430713 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Mark Michelson
2015-01-16 21:46:09 +00:00
parent a8ea2f9287
commit 023fa0f9e8
8 changed files with 1428 additions and 1220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
res/res_pjsip.c
View File

@@ -832,6 +832,9 @@
<configOption name="ca_list_file">
<synopsis>File containing a list of certificates to read (TLS ONLY)</synopsis>
</configOption>
<configOption name="ca_list_path">
<synopsis>Path to directory containing a list of certificates to read (TLS ONLY)</synopsis>
</configOption>
<configOption name="cert_file">
<synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
<description><para>
@@ -1340,6 +1343,9 @@
<parameter name="CaListFile">
<para><xi:include xpointer="xpointer(/docs/configInfo[@name='res_pjsip']/configFile[@name='pjsip.conf']/configObject[@name='transport']/configOption[@name='ca_list_file']/synopsis/node())"/></para>
</parameter>
<parameter name="CaListPath">
<para><xi:include xpointer="xpointer(/docs/configInfo[@name='res_pjsip']/configFile[@name='pjsip.conf']/configObject[@name='transport']/configOption[@name='ca_list_path']/synopsis/node())"/></para>
</parameter>
<parameter name="CertFile">
<para><xi:include xpointer="xpointer(/docs/configInfo[@name='res_pjsip']/configFile[@name='pjsip.conf']/configObject[@name='transport']/configOption[@name='cert_file']/synopsis/node())"/></para>
</parameter>

9
res/res_pjsip/config_transport.c
View File

@@ -217,6 +217,14 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
res = pjsip_tcp_transport_start3(ast_sip_get_pjsip_endpoint(), &cfg, &transport->state->factory);
} else if (transport->type == AST_TRANSPORT_TLS) {
transport->tls.ca_list_file = pj_str((char*)transport->ca_list_file);
#ifdef HAVE_PJ_SSL_CERT_LOAD_FROM_FILES2
transport->tls.ca_list_path = pj_str((char*)transport->ca_list_path);
#else
if (!ast_strlen_zero(transport->ca_list_path)) {
ast_log(LOG_WARNING, "Asterisk has been built against a version of pjproject that does not "
"support the 'ca_list_path' option. Please upgrade to version 2.4 or later.\n");
}
#endif
transport->tls.cert_file = pj_str((char*)transport->cert_file);
transport->tls.privkey_file = pj_str((char*)transport->privkey_file);
transport->tls.password = pj_str((char*)transport->password);
@@ -743,6 +751,7 @@ int ast_sip_initialize_sorcery_transport(void)
ast_sorcery_object_field_register_custom(sorcery, "transport", "bind", "", transport_bind_handler, transport_bind_to_str, NULL, 0, 0);
ast_sorcery_object_field_register(sorcery, "transport", "async_operations", "1", OPT_UINT_T, 0, FLDSET(struct ast_sip_transport, async_operations));
ast_sorcery_object_field_register(sorcery, "transport", "ca_list_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, ca_list_file));
ast_sorcery_object_field_register(sorcery, "transport", "ca_list_path", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, ca_list_path));
ast_sorcery_object_field_register(sorcery, "transport", "cert_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, cert_file));
ast_sorcery_object_field_register(sorcery, "transport", "priv_key_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, privkey_file));
ast_sorcery_object_field_register(sorcery, "transport", "password", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, password));