diff options
author | Joshua Colp <jcolp@digium.com> | 2015-05-15 09:38:56 -0500 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2015-05-15 09:38:57 -0500 |
commit | 87470f7d812f1a5d5c1d966b3e1197c43f127aaf (patch) | |
tree | 251d500a3d161d3cf411ed62034ae50ff356f3ab /configs/samples | |
parent | 1ba7845851f5b5cf952276dd7f1f1591c1190b23 (diff) | |
parent | 8f3f414d8c8f80a2b0b23dd683a0adef25ddfa50 (diff) |
Merge "tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket."
Diffstat (limited to 'configs/samples')
-rw-r--r-- | configs/samples/pjsip.conf.sample | 8 | ||||
-rw-r--r-- | configs/samples/sip.conf.sample | 7 |
2 files changed, 13 insertions, 2 deletions
diff --git a/configs/samples/pjsip.conf.sample b/configs/samples/pjsip.conf.sample index 5e3757175..276e214e9 100644 --- a/configs/samples/pjsip.conf.sample +++ b/configs/samples/pjsip.conf.sample @@ -765,7 +765,13 @@ ; (default: "") ;cert_file= ; Certificate file for endpoint TLS ONLY ; Will read .crt or .pem file but only uses cert, - ; a .key file must be specified via priv_key_file + ; a .key file must be specified via priv_key_file. + ; Since PJProject version 2.5: If the file name ends in _rsa, + ; for example "asterisk_rsa.pem", the files "asterisk_dsa.pem" + ; and/or "asterisk_ecc.pem" are loaded (certificate, inter- + ; mediates, private key), to support multiple algorithms for + ; server authentication (RSA, DSA, ECDSA). If the chains are + ; different, at least OpenSSL 1.0.2 is required. ; (default: "") ;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "") ;domain= ; Domain the transport comes from (default: "") diff --git a/configs/samples/sip.conf.sample b/configs/samples/sip.conf.sample index e52fa6db2..71e3fb72b 100644 --- a/configs/samples/sip.conf.sample +++ b/configs/samples/sip.conf.sample @@ -561,7 +561,12 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ;------------------------ TLS settings ------------------------------------------------------------ ;tlscertfile=</path/to/certificate.pem> ; Certificate chain (*.pem format only) to use for TLS connections ; The certificates must be sorted starting with the subject's certificate - ; and followed by intermediate CA certificates if applicable. + ; and followed by intermediate CA certificates if applicable. If the + ; file name ends in _rsa, for example "asterisk_rsa.pem", the files + ; "asterisk_dsa.pem" and/or "asterisk_ecc.pem" are loaded + ; (certificate, intermediates, private key), to support multiple + ; algorithms for server authentication (RSA, DSA, ECDSA). If the chains + ; are different, at least OpenSSL 1.0.2 is required. ; Default is to look for "asterisk.pem" in current directory ;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections. |