dtls: Add support for ephemeral DTLS certificates.

This mimics the behavior of Chrome and Firefox and creates an ephemeral X.509 certificate for each DTLS session. Currently, the only supported key type is ECDSA because of its faster generation time, but other key types can be added in the future as necessary. ASTERISK-27395 Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
author: Sean Bright <sean.bright@gmail.com> 2017-09-29 14:50:17 +0000
committer: Joshua Colp <jcolp@digium.com> 2017-11-06 08:11:48 -0500
commit: 04d3785a798e984a5f5d43ec5f124a9b30a58b9e (patch)
tree: 06ac1ee5a7f04a5edf27e556e0825a31d9dd5c5f /CHANGES
parent: be5b7b2076a577c2a994e752b152c5242fb29ce7 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 39b62d05c..12fe0fe42 100644
--- a/CHANGES
+++ b/CHANGES
@@ -30,6 +30,14 @@ chan_sip
 --- Functionality changes from Asterisk 15.1.0 to Asterisk 15.2.0 ------------
 ------------------------------------------------------------------------------
 
+res_rtp_asterisk
+------------------
+ * The X.509 certificate used for DTLS negotation can now be automatically
+   generated. This is supported by res_pjsip by specifying
+   "dtls_auto_generate_cert = yes" on a PJSIP endpoint. For chan_sip, you
+   would set "dtlsautogeneratecert = yes" either in the [general] section of
+   sip.conf or on a specific peer.
+
 res_pjsip
 ------------------
  * The "identify_by" on endpoints can now be set to "ip" to restrict an endpoint
author	Sean Bright <sean.bright@gmail.com>	2017-09-29 14:50:17 +0000
committer	Joshua Colp <jcolp@digium.com>	2017-11-06 08:11:48 -0500
commit	04d3785a798e984a5f5d43ec5f124a9b30a58b9e (patch)
tree	06ac1ee5a7f04a5edf27e556e0825a31d9dd5c5f /CHANGES
parent	be5b7b2076a577c2a994e752b152c5242fb29ce7 (diff)