Merge "dtls: Add support for ephemeral DTLS certificates."

author: Joshua Colp <jcolp@digium.com> 2017-11-06 12:22:38 -0600
committer: Gerrit Code Review <gerrit2@gerrit.digium.api> 2017-11-06 12:22:38 -0600
commit: 637b37fb980822f50966f5292a786d03a859cd89 (patch)
tree: 26cfbc1d25a421cf2ce7068e63d1c218a3e92ca2 /channels
parent: 3126c396b1d7468da79a3c6bb282217829a33c11 (diff)
parent: 04d3785a798e984a5f5d43ec5f124a9b30a58b9e (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index fd780b61f..bd68ec096 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -31946,6 +31946,14 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v_head
 			}
 		}
 
+		/* Validate DTLS configuration */
+		if (ast_rtp_dtls_cfg_validate(&peer->dtls_cfg)) {
+			sip_unref_peer(peer, "Removing peer due to bad DTLS configuration");
+			return NULL;
+		}
+
+		/* SRB */
+
 		/* Apply the encryption tag length to the DTLS configuration, in case DTLS is in use */
 		peer->dtls_cfg.suite = (ast_test_flag(&peer->flags[2], SIP_PAGE3_SRTP_TAG_32) ? AST_AES_CM_128_HMAC_SHA1_32 : AST_AES_CM_128_HMAC_SHA1_80);
 
@@ -33145,6 +33153,11 @@ static int reload_config(enum channelreloadreason reason)
 		}
 	}
 
+	/* Validate DTLS configuration */
+	if (ast_rtp_dtls_cfg_validate(&default_dtls_cfg)) {
+		return -1;
+	}
+
 	/* Override global defaults if setting found in general section */
 	ast_copy_flags(&global_flags[0], &setflags[0], mask[0].flags);
 	ast_copy_flags(&global_flags[1], &setflags[1], mask[1].flags);
author	Joshua Colp <jcolp@digium.com>	2017-11-06 12:22:38 -0600
committer	Gerrit Code Review <gerrit2@gerrit.digium.api>	2017-11-06 12:22:38 -0600
commit	637b37fb980822f50966f5292a786d03a859cd89 (patch)
tree	26cfbc1d25a421cf2ce7068e63d1c218a3e92ca2 /channels
parent	3126c396b1d7468da79a3c6bb282217829a33c11 (diff)
parent	04d3785a798e984a5f5d43ec5f124a9b30a58b9e (diff)