kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-02 11:58:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_stir_shaken: Add "ignore_sip_date_header" config option.

Browse Source 
UserNote: A new STIR/SHAKEN verification option "ignore_sip_date_header" has
been added that when set to true, will cause the verification process to
not consider a missing or invalid SIP "Date" header to be a failure.  This
will make the IAT the sole "truth" for Date in the verification process.
The option can be set in the "verification" and "profile" sections of
stir_shaken.conf.

Also fixed a bug in the port match logic.

Resolves: #1251
Resolves: #1271
This commit is contained in:
George Joseph
2025-06-15 14:43:13 -06:00
parent b5a04ed7ac
commit 6b107e90f3
8 changed files with 48 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
res/res_stir_shaken/verification_config.c
View File

@@ -46,6 +46,7 @@ static char DEFAULT_cert_cache_dir[PATH_MAX];
#define DEFAULT_relax_x5u_port_scheme_restrictions relax_x5u_port_scheme_restrictions_NO
#define DEFAULT_relax_x5u_path_restrictions relax_x5u_path_restrictions_NO
#define DEFAULT_load_system_certs load_system_certs_NO
#define DEFAULT_ignore_sip_date_header ignore_sip_date_header_NO
static struct verification_cfg *empty_cfg = NULL;
@@ -153,6 +154,7 @@ int vs_copy_cfg_common(const char *id, struct verification_cfg_common *cfg_dst,
cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_port_scheme_restrictions);
cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_path_restrictions);
cfg_enum_copy(cfg_dst, cfg_src, load_system_certs);
cfg_enum_copy(cfg_dst, cfg_src, ignore_sip_date_header);
if (cfg_src->acl) {
ast_free_acl_list(cfg_dst->acl);