Merge "tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket."

author: Joshua Colp <jcolp@digium.com> 2015-05-15 09:38:56 -0500
committer: Gerrit Code Review <gerrit2@gerrit.digium.api> 2015-05-15 09:38:57 -0500
commit: 87470f7d812f1a5d5c1d966b3e1197c43f127aaf (patch)
tree: 251d500a3d161d3cf411ed62034ae50ff356f3ab /configs/samples
parent: 1ba7845851f5b5cf952276dd7f1f1591c1190b23 (diff)
parent: 8f3f414d8c8f80a2b0b23dd683a0adef25ddfa50 (diff)
2 files changed, 13 insertions, 2 deletions
diff --git a/configs/samples/pjsip.conf.sample b/configs/samples/pjsip.conf.sample
index 5e3757175..276e214e9 100644
--- a/configs/samples/pjsip.conf.sample
+++ b/configs/samples/pjsip.conf.sample
@@ -765,7 +765,13 @@
                 ; (default: "")
 ;cert_file=     ; Certificate file for endpoint TLS ONLY
                 ; Will read .crt or .pem file but only uses cert,
-                ; a .key file must be specified via priv_key_file
+                ; a .key file must be specified via priv_key_file.
+                ; Since PJProject version 2.5: If the file name ends in _rsa,
+                ; for example "asterisk_rsa.pem", the files "asterisk_dsa.pem"
+                ; and/or "asterisk_ecc.pem" are loaded (certificate, inter-
+                ; mediates, private key), to support multiple algorithms for
+                ; server authentication (RSA, DSA, ECDSA). If the chains are
+                ; different, at least OpenSSL 1.0.2 is required.
                 ; (default: "")
 ;cipher=        ; Preferred cryptography cipher names TLS ONLY (default: "")
 ;domain=        ; Domain the transport comes from (default: "")
diff --git a/configs/samples/sip.conf.sample b/configs/samples/sip.conf.sample
index e52fa6db2..71e3fb72b 100644
--- a/configs/samples/sip.conf.sample
+++ b/configs/samples/sip.conf.sample
@@ -561,7 +561,12 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;------------------------ TLS settings ------------------------------------------------------------
 ;tlscertfile=</path/to/certificate.pem> ; Certificate chain (*.pem format only) to use for TLS connections
                                         ; The certificates must be sorted starting with the subject's certificate
-                                        ; and followed by intermediate CA certificates if applicable.
+                                        ; and followed by intermediate CA certificates if applicable. If the
+                                        ; file name ends in _rsa, for example "asterisk_rsa.pem", the files
+                                        ; "asterisk_dsa.pem" and/or "asterisk_ecc.pem" are loaded
+                                        ; (certificate, intermediates, private key), to support multiple
+                                        ; algorithms for server authentication (RSA, DSA, ECDSA). If the chains
+                                        ; are different, at least OpenSSL 1.0.2 is required.
                                         ; Default is to look for "asterisk.pem" in current directory
 
 ;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections.
author	Joshua Colp <jcolp@digium.com>	2015-05-15 09:38:56 -0500
committer	Gerrit Code Review <gerrit2@gerrit.digium.api>	2015-05-15 09:38:57 -0500
commit	87470f7d812f1a5d5c1d966b3e1197c43f127aaf (patch)
tree	251d500a3d161d3cf411ed62034ae50ff356f3ab /configs/samples
parent	1ba7845851f5b5cf952276dd7f1f1591c1190b23 (diff)
parent	8f3f414d8c8f80a2b0b23dd683a0adef25ddfa50 (diff)