diff options
author | Olle Johansson <oej@edvina.net> | 2008-10-17 08:42:44 +0000 |
---|---|---|
committer | Olle Johansson <oej@edvina.net> | 2008-10-17 08:42:44 +0000 |
commit | e3ea5c3c36cce95b9fc3c70c34a619a6daf3b1e5 (patch) | |
tree | c537575d256c6c5390c888df0e2df5de95e515c8 /channels | |
parent | 858a6baa76e0a898d7444ffde2bff3ba2009a85d (diff) |
Adding some additional thoughts on configuration changes to TCP/TLS
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@150510 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_sip.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 23ca9c90d..c3e6a39bd 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -35,18 +35,36 @@ * ******** TCP implementation changes needed * \todo Fix TCP/TLS handling in dialplan, SRV records, transfers and much more * \todo Save TCP/TLS sessions in registry + * If someone registers a SIPS uri, this forces us to set up a TLS connection back. * \todo Add TCP/TLS information to function SIPPEER and SIPCHANINFO * \todo If tcpenable=yes, we must open a TCP socket on the same address as the IP for UDP. * The tcpbindaddr config option should only be used to open ADDITIONAL ports + * So we should propably go back to + * bindaddr= the default address to bind to. If tcpenable=yes, then bind this to both udp and TCP + * if tlsenable=yes, open TLS port (provided we also have cert) + * tcpbindaddr = extra address for additional TCP connections + * tlsbindaddr = extra address for additional TCP/TLS connections + * udpbindaddr = extra address for additional UDP connections + * These three options should take multiple IP/port pairs + * Note: Since opening additional listen sockets is a *new* feature we do not have today + * the XXXbindaddr options needs to be disabled until we have support for it + * * \todo Be prepared for one outbound and another incoming socket per pvt. This applies * specially to communication with other peers (proxies). * \todo We need to test TCP sessions with SIP proxies and in regards * to the SIP outbound specs. * \todo transport=tls was deprecated in RFC3261 and should not be used at all. See section 22.2.2. + * * \todo If the message is smaller than the given Content-length, the request should get a 400 Bad request * message. If it's a response, it should be dropped. (RFC 3261, Section 18.3) * \todo Since we have had multidomain support in Asterisk for quite a while, we need to support * multiple domains in our TLS implementation, meaning one socket and one cert per domain + * \todo Selection of transport for a request needs to be done after we've parsed all route headers, + * also considering outbound proxy options. + * First request: Outboundproxy, routes, (reg contact or URI. If URI doesn't have port: DNS naptr, srv, AAA) + * Intermediate requests: Outboundproxy(only when forced), routes, contact/uri + * DNS naptr support is crucial. A SIP uri might lead to a TLS connection. + * Also note that due to outbound proxy settings, a SIPS uri might have to be sent on UDP (not to recommend though) * * * ******** General TODO:s |