dtls: Add support for ephemeral DTLS certificates.

This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.

Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.

ASTERISK-27395

Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4

1 files changed, 6 insertions, 4 deletions

diff --git a/configs/samples/pjsip.conf.sample b/configs/samples/pjsip.conf.sample
index 800ff0f44..302899a17 100644
--- a/configs/samples/pjsip.conf.sample
+++ b/configs/samples/pjsip.conf.sample
@@ -746,10 +746,12 @@
                 ; "no")
 ;dtls_rekey=0   ; Interval at which to renegotiate the TLS session and rekey
                 ; the SRTP session (default: "0")
-;dtls_cert_file=        ; Path to certificate file to present to peer (default:
-                        ; "")
-;dtls_private_key=      ; Path to private key for certificate file (default:
-                        ; "")
+;dtls_auto_generate_cert= ; Enable ephemeral DTLS certificate generation (default:
+                          ; "no")
+;dtls_cert_file=          ; Path to certificate file to present to peer (default:
+                          ; "")
+;dtls_private_key=        ; Path to private key for certificate file (default:
+                          ; "")
 ;dtls_cipher=   ; Cipher to use for DTLS negotiation (default: "")
 ;dtls_ca_file=  ; Path to certificate authority certificate (default: "")
 ;dtls_ca_path=  ; Path to a directory containing certificate authority