mirror of
https://github.com/asterisk/asterisk.git
synced 2025-11-18 15:49:56 +00:00
Merge "pjsip: Clarify certificate configuration for Websocket." into 13
This commit is contained in:
Jenkins2
Gerrit Code Review
@@ -842,10 +842,13 @@
|
|||||||
;==========================TRANSPORT SECTION OPTIONS=========================
|
;==========================TRANSPORT SECTION OPTIONS=========================
|
||||||
;[transport]
|
;[transport]
|
||||||
; SYNOPSIS: SIP Transport
|
; SYNOPSIS: SIP Transport
|
||||||
|
;
|
||||||
;async_operations=1 ; Number of simultaneous Asynchronous Operations
|
;async_operations=1 ; Number of simultaneous Asynchronous Operations
|
||||||
; (default: "1")
|
; (default: "1")
|
||||||
;bind= ; IP Address and optional port to bind to for this transport (default:
|
;bind= ; IP Address and optional port to bind to for this transport (default:
|
||||||
; "")
|
; "")
|
||||||
|
; Note that for the Websocket transport the TLS configuration is configured
|
||||||
|
; in http.conf and is applied for all HTTPS traffic.
|
||||||
;ca_list_file= ; File containing a list of certificates to read TLS ONLY
|
;ca_list_file= ; File containing a list of certificates to read TLS ONLY
|
||||||
; (default: "")
|
; (default: "")
|
||||||
;ca_list_path= ; Path to directory containing certificates to read TLS ONLY.
|
;ca_list_path= ; Path to directory containing certificates to read TLS ONLY.
|
||||||
@@ -857,6 +860,13 @@
|
|||||||
; a .key file must be specified via priv_key_file
|
; a .key file must be specified via priv_key_file
|
||||||
; (default: "")
|
; (default: "")
|
||||||
;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "")
|
;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "")
|
||||||
|
;method= ; Method of SSL transport TLS ONLY (default: "")
|
||||||
|
;priv_key_file= ; Private key file TLS ONLY (default: "")
|
||||||
|
;verify_client= ; Require verification of client certificate TLS ONLY (default:
|
||||||
|
; "")
|
||||||
|
;verify_server= ; Require verification of server certificate TLS ONLY (default:
|
||||||
|
; "")
|
||||||
|
;require_client_cert= ; Require client certificate TLS ONLY (default: "")
|
||||||
;domain= ; Domain the transport comes from (default: "")
|
;domain= ; Domain the transport comes from (default: "")
|
||||||
;external_media_address= ; External IP address to use in RTP handling
|
;external_media_address= ; External IP address to use in RTP handling
|
||||||
; (default: "")
|
; (default: "")
|
||||||
@@ -864,17 +874,10 @@
|
|||||||
; "")
|
; "")
|
||||||
;external_signaling_port=0 ; External port for SIP signalling (default:
|
;external_signaling_port=0 ; External port for SIP signalling (default:
|
||||||
; "0")
|
; "0")
|
||||||
;method= ; Method of SSL transport TLS ONLY (default: "")
|
|
||||||
;local_net= ; Network to consider local used for NAT purposes (default: "")
|
;local_net= ; Network to consider local used for NAT purposes (default: "")
|
||||||
;password= ; Password required for transport (default: "")
|
;password= ; Password required for transport (default: "")
|
||||||
;priv_key_file= ; Private key file TLS ONLY (default: "")
|
|
||||||
;protocol=udp ; Protocol to use for SIP traffic (default: "udp")
|
;protocol=udp ; Protocol to use for SIP traffic (default: "udp")
|
||||||
;require_client_cert= ; Require client certificate TLS ONLY (default: "")
|
|
||||||
;type= ; Must be of type transport (default: "")
|
;type= ; Must be of type transport (default: "")
|
||||||
;verify_client= ; Require verification of client certificate TLS ONLY (default:
|
|
||||||
; "")
|
|
||||||
;verify_server= ; Require verification of server certificate TLS ONLY (default:
|
|
||||||
; "")
|
|
||||||
;tos=0 ; Enable TOS for the signalling sent over this transport (default: "0")
|
;tos=0 ; Enable TOS for the signalling sent over this transport (default: "0")
|
||||||
;cos=0 ; Enable COS for the signalling sent over this transport (default: "0")
|
;cos=0 ; Enable COS for the signalling sent over this transport (default: "0")
|
||||||
;websocket_write_timeout=100 ; Default write timeout to set on websocket
|
;websocket_write_timeout=100 ; Default write timeout to set on websocket
|
||||||
|
|||||||
@@ -1158,13 +1158,13 @@
|
|||||||
<synopsis>IP Address and optional port to bind to for this transport</synopsis>
|
<synopsis>IP Address and optional port to bind to for this transport</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="ca_list_file">
|
<configOption name="ca_list_file">
|
||||||
<synopsis>File containing a list of certificates to read (TLS ONLY)</synopsis>
|
<synopsis>File containing a list of certificates to read (TLS ONLY, not WSS)</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="ca_list_path">
|
<configOption name="ca_list_path">
|
||||||
<synopsis>Path to directory containing a list of certificates to read (TLS ONLY)</synopsis>
|
<synopsis>Path to directory containing a list of certificates to read (TLS ONLY, not WSS)</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="cert_file">
|
<configOption name="cert_file">
|
||||||
<synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
|
<synopsis>Certificate file for endpoint (TLS ONLY, not WSS)</synopsis>
|
||||||
<description><para>
|
<description><para>
|
||||||
A path to a .crt or .pem file can be provided. However, only
|
A path to a .crt or .pem file can be provided. However, only
|
||||||
the certificate is read from the file, not the private key.
|
the certificate is read from the file, not the private key.
|
||||||
@@ -1173,7 +1173,7 @@
|
|||||||
</para></description>
|
</para></description>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="cipher">
|
<configOption name="cipher">
|
||||||
<synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis>
|
<synopsis>Preferred cryptography cipher names (TLS ONLY, not WSS)</synopsis>
|
||||||
<description>
|
<description>
|
||||||
<para>Comma separated list of cipher names or numeric equivalents.
|
<para>Comma separated list of cipher names or numeric equivalents.
|
||||||
Numeric equivalents can be either decimal or hexadecimal (0xX).
|
Numeric equivalents can be either decimal or hexadecimal (0xX).
|
||||||
@@ -1205,7 +1205,7 @@
|
|||||||
<synopsis>External port for SIP signalling</synopsis>
|
<synopsis>External port for SIP signalling</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="method">
|
<configOption name="method">
|
||||||
<synopsis>Method of SSL transport (TLS ONLY)</synopsis>
|
<synopsis>Method of SSL transport (TLS ONLY, not WSS)</synopsis>
|
||||||
<description>
|
<description>
|
||||||
<enumlist>
|
<enumlist>
|
||||||
<enum name="default">
|
<enum name="default">
|
||||||
@@ -1232,7 +1232,7 @@
|
|||||||
<synopsis>Password required for transport</synopsis>
|
<synopsis>Password required for transport</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="priv_key_file">
|
<configOption name="priv_key_file">
|
||||||
<synopsis>Private key file (TLS ONLY)</synopsis>
|
<synopsis>Private key file (TLS ONLY, not WSS)</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="protocol" default="udp">
|
<configOption name="protocol" default="udp">
|
||||||
<synopsis>Protocol to use for SIP traffic</synopsis>
|
<synopsis>Protocol to use for SIP traffic</synopsis>
|
||||||
@@ -1247,16 +1247,16 @@
|
|||||||
</description>
|
</description>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="require_client_cert" default="false">
|
<configOption name="require_client_cert" default="false">
|
||||||
<synopsis>Require client certificate (TLS ONLY)</synopsis>
|
<synopsis>Require client certificate (TLS ONLY, not WSS)</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="type">
|
<configOption name="type">
|
||||||
<synopsis>Must be of type 'transport'.</synopsis>
|
<synopsis>Must be of type 'transport'.</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="verify_client" default="false">
|
<configOption name="verify_client" default="false">
|
||||||
<synopsis>Require verification of client certificate (TLS ONLY)</synopsis>
|
<synopsis>Require verification of client certificate (TLS ONLY, not WSS)</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="verify_server" default="false">
|
<configOption name="verify_server" default="false">
|
||||||
<synopsis>Require verification of server certificate (TLS ONLY)</synopsis>
|
<synopsis>Require verification of server certificate (TLS ONLY, not WSS)</synopsis>
|
||||||
</configOption>
|
</configOption>
|
||||||
<configOption name="tos" default="false">
|
<configOption name="tos" default="false">
|
||||||
<synopsis>Enable TOS for the signalling sent over this transport</synopsis>
|
<synopsis>Enable TOS for the signalling sent over this transport</synopsis>
|
||||||
|
|||||||
@@ -650,6 +650,9 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
|
|||||||
} else if ((transport->type == AST_TRANSPORT_WS) || (transport->type == AST_TRANSPORT_WSS)) {
|
} else if ((transport->type == AST_TRANSPORT_WS) || (transport->type == AST_TRANSPORT_WSS)) {
|
||||||
if (transport->cos || transport->tos) {
|
if (transport->cos || transport->tos) {
|
||||||
ast_log(LOG_WARNING, "TOS and COS values ignored for websocket transport\n");
|
ast_log(LOG_WARNING, "TOS and COS values ignored for websocket transport\n");
|
||||||
|
} else if (!ast_strlen_zero(transport->ca_list_file) || !ast_strlen_zero(transport->ca_list_path) ||
|
||||||
|
!ast_strlen_zero(transport->cert_file) || !ast_strlen_zero(transport->privkey_file)) {
|
||||||
|
ast_log(LOG_WARNING, "TLS certificate values ignored for websocket transport as they are configured in http.conf\n");
|
||||||
}
|
}
|
||||||
res = PJ_SUCCESS;
|
res = PJ_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user