diff options
author | Sean Bright <sean.bright@gmail.com> | 2017-09-29 14:50:17 +0000 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2017-11-06 08:11:48 -0500 |
commit | 04d3785a798e984a5f5d43ec5f124a9b30a58b9e (patch) | |
tree | 06ac1ee5a7f04a5edf27e556e0825a31d9dd5c5f /CHANGES | |
parent | be5b7b2076a577c2a994e752b152c5242fb29ce7 (diff) |
dtls: Add support for ephemeral DTLS certificates.
This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.
Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.
ASTERISK-27395
Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -30,6 +30,14 @@ chan_sip --- Functionality changes from Asterisk 15.1.0 to Asterisk 15.2.0 ------------ ------------------------------------------------------------------------------ +res_rtp_asterisk +------------------ + * The X.509 certificate used for DTLS negotation can now be automatically + generated. This is supported by res_pjsip by specifying + "dtls_auto_generate_cert = yes" on a PJSIP endpoint. For chan_sip, you + would set "dtlsautogeneratecert = yes" either in the [general] section of + sip.conf or on a specific peer. + res_pjsip ------------------ * The "identify_by" on endpoints can now be set to "ip" to restrict an endpoint |