diff options
| author | Joshua Colp <jcolp@digium.com> | 2016-08-18 11:47:38 -0500 |
|---|---|---|
| committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2016-08-18 11:47:38 -0500 |
| commit | 02f5d307394b66164239d85f73396c982ed025cd (patch) | |
| tree | 464cbb1640b223848edc6d82141753359d53aa31 /contrib | |
| parent | 1ae280ed6cc573037156dd8ad84208d2c8e42e60 (diff) | |
| parent | 2381ddde63489b8601c9514111838fb4656610b4 (diff) | |
Merge "sip_to_pjsip: Map the TLS method correctly." into 13
Diffstat (limited to 'contrib')
| -rwxr-xr-x | contrib/scripts/sip_to_pjsip/sip_to_pjsip.py | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py b/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py index 214a73351..6a5ea3064 100755 --- a/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py +++ b/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py @@ -734,11 +734,6 @@ def set_tls_verifyserver(val, pjsip, nmapped): 'transport') -def set_tls_method(val, pjsip, nmapped): - """Sets method based on sip.conf tlsclientmethod or sslclientmethod""" - set_value('method', val, 'transport-tls', pjsip, nmapped, 'transport') - - def create_tls(sip, pjsip, nmapped): """ Creates a 'transport-tls' section in pjsip.conf based on the following @@ -762,8 +757,7 @@ def create_tls(sip, pjsip, nmapped): (['tlscipher', 'sslcipher'], set_tls_cipher), (['tlscafile'], set_tls_cafile), (['tlsverifyclient'], set_tls_verifyclient), - (['tlsdontverifyserver'], set_tls_verifyserver), - (['tlsclientmethod', 'sslclientmethod'], set_tls_method) + (['tlsdontverifyserver'], set_tls_verifyserver) ] try: @@ -783,6 +777,23 @@ def create_tls(sip, pjsip, nmapped): except LookupError: pass + try: + method = sip.multi_get('general', ['tlsclientmethod', 'sslclientmethod'])[0] + print 'In chan_sip, you specified the TLS version. With chan_sip, this was just for outbound client connections. In chan_pjsip, this value is for client and server. Instead, consider not to specify \'tlsclientmethod\' for chan_sip and \'method = sslv23\' for chan_pjsip.' + except LookupError: + """ + OpenSSL emerged during the 90s. SSLv2 and SSLv3 were the only + existing methods at that time. The OpenSSL project continued. And as + of today (OpenSSL 1.0.2) this does not start SSLv2 and SSLv3 anymore + but TLSv1.0 and v1.2. Or stated differently: This method should + have been called 'method = secure' or 'method = automatic' back in + the 90s. The PJProject did not realize this and uses 'tlsv1' as + default when unspecified, which disables TLSv1.2. chan_sip used + 'sslv23' as default when unspecified, which gives TLSv1.0 and v1.2. + """ + method = 'sslv23' + set_value('method', val, 'transport-tls', pjsip, nmapped, 'transport') + set_transport_common('transport-tls', pjsip, nmapped) try: extern_addr = sip.multi_get('general', ['externaddr', 'externip', |