diff options
author | Joshua Colp <jcolp@digium.com> | 2014-06-30 19:51:28 +0000 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2014-06-30 19:51:28 +0000 |
commit | 6e60f5d317d2bccaa556c98fbcc01d2db5796c1e (patch) | |
tree | 9d2e1bd2d26e584aa31e3b6b019ffe145784a2b2 /configs | |
parent | 688bb204dc872aaec9f2b829fe85039c08091b55 (diff) |
Recorded merge of revisions 417677 from http://svn.asterisk.org/svn/asterisk/branches/11
........
res_rtp_asterisk: Add SHA-256 support for DTLS and perform DTLS negotiation on RTCP.
This change fixes up DTLS support in res_rtp_asterisk so it can accept and provide
a SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after ICE negotiation
completes. Configuration options to chan_sip and chan_pjsip have also been added to
allow behavior to be tweaked (such as forcing the AVP type media transports in SDP).
ASTERISK-22961 #close
Reported by: Jay Jideliov
Review: https://reviewboard.asterisk.org/r/3679/
Review: https://reviewboard.asterisk.org/r/3686/
........
Merged revisions 417678 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417679 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'configs')
-rw-r--r-- | configs/sip.conf.sample | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample index 010137d72..0d81a6b63 100644 --- a/configs/sip.conf.sample +++ b/configs/sip.conf.sample @@ -1046,6 +1046,8 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ;avpf=yes ; Enable inter-operability with media streams using the AVPF RTP profile. ; This will cause all offers and answers to use AVPF (or SAVPF). This ; option may be specified at the global or peer scope. +;force_avp=yes ; Force 'RTP/AVP', 'RTP/AVPF', 'RTP/SAVP', and 'RTP/SAVPF' to be used for + ; media streams when appropriate, even if a DTLS stream is present. ;----------------------------------------- REALTIME SUPPORT ------------------------ ; For additional information on ARA, the Asterisk Realtime Architecture, ; please read https://wiki.asterisk.org/wiki/display/AST/Realtime+Database+Configuration @@ -1302,6 +1304,7 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; dtlscafile ; dtlscapath ; dtlssetup +; dtlsfingerprint ; ignore_requested_pref ; Ignore the requested codec and determine the preferred codec ; ; from the peer's configuration. ; @@ -1312,7 +1315,11 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; DTLS-SRTP support is available if the underlying RTP engine in use supports it. ; ; dtlsenable = yes ; Enable or disable DTLS-SRTP support -; dtlsverify = yes ; Verify that the provided peer certificate is valid +; dtlsverify = yes ; Verify that provided peer certificate and fingerprint are valid +; ; A value of 'yes' will perform both certificate and fingerprint verification +; ; A value of 'no' will perform no certificate or fingerprint verification +; ; A value of 'fingerprint' will perform ONLY fingerprint verification +; ; A value of 'certificate' will perform ONLY certficiate verification ; dtlsrekey = 60 ; Interval at which to renegotiate the TLS session and rekey the SRTP session ; ; If this is not set or the value provided is 0 rekeying will be disabled ; dtlscertfile = file ; Path to certificate file to present @@ -1327,6 +1334,7 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; ; accept connections only), and actpass (we will do both). This value will be used in ; ; the outgoing SDP when offering and for incoming SDP offers when the remote party sends ; ; actpass +; dtlsfingerprint = sha-1 ; The hash to use for the fingerprint in SDP (valid options are sha-1 and sha-256) ;[sip_proxy] ; For incoming calls only. Example: FWD (Free World Dialup) |