diff options
author | Russell Bryant <russell@russellbryant.com> | 2010-11-11 22:14:25 +0000 |
---|---|---|
committer | Russell Bryant <russell@russellbryant.com> | 2010-11-11 22:14:25 +0000 |
commit | 893ca656af419e58c8dd675274d4a4d59b22cc03 (patch) | |
tree | 8b9307baeee40cb5429b1fada5b3da28ec15b536 /doc/tex/secure-calls.tex | |
parent | 99a698efb7c0bc8548c032b37692da8ec13be9ea (diff) |
Merged revisions 294740 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r294740 | russell | 2010-11-11 16:13:38 -0600 (Thu, 11 Nov 2010) | 11 lines
Remove most of the contents of the doc dir in favor of the wiki content.
This merge does the following things:
* Removes most of the contents from the doc/ directory in favor
of the wiki - http://wiki.asterisk.org/
* Updates the build_tools/prep_tarball script to know how to export
the contents of the wiki in both PDF and plain text formats so that
the documentation is still included in Asterisk release tarballs.
........
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@294741 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'doc/tex/secure-calls.tex')
-rw-r--r-- | doc/tex/secure-calls.tex | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/doc/tex/secure-calls.tex b/doc/tex/secure-calls.tex deleted file mode 100644 index 94c8133cc..000000000 --- a/doc/tex/secure-calls.tex +++ /dev/null @@ -1,45 +0,0 @@ -\section{Introduction} -Asterisk supports a channel-agnostic method for handling secure call requirements. Since there is no single meaning of what constitutes a "secure call," Asterisk allows the administrator the control to define "secure" for themselves via the dialplan and channel-specific configuration files. - -\section{Channel-specific configuration} -Currently the IAX2 and SIP channels support the call security features in Asterisk. Both channel-specific configuration files (\path{iax2.conf} and \path{sip.conf}) support the encryption=yes setting. For IAX2, this setting causes Asterisk to offer encryption when placing or receiving a call. To force encryption with IAX2, the forceencrypt=yes option is required. Due to limitations of SDP, encryption=yes in \path{sip.conf} results in a call with only a secure media offer, therefor forceencrypt=yes would be redundant in \path{sip.conf}. - -If a peer is defined as requiring encryption but the endpoint does not support it, the call will fail with a HANGUPCAUSE of 58 (bearer capability does not exist). - - -\section{Security-based dialplan branching} -Each channel that supports secure signaling or media can implement a CHANNEL read callback function that specifies whether or not that channel meets the specified criteria. Currently, chan\_iax2 and chan\_sip implement these callbacks. Channels that do not support secure media or signaling will return an empty string when queried. For example, to only allow an inbound call that has both secure signaling and media, see the following example. - -\begin{astlisting} -\begin{verbatim} -exten => 123,1,GotoIf("$[${CHANNEL(secure_signaling)}" = ""]?fail) -exten => 123,n,GotoIf("$[${CHANNEL(secure_media)}" = ""]?fail) -exten => 123,n,Dial(SIP/123) -exten => 123,n,Hangup -exten => 123,n(fail),Playback(vm-goodbye) -exten => 123,n,Hangup -\end{verbatim} -\end{astlisting} - -\section{Forcing bridged channels to be secure} -Administrators can force outbound channels that are to be bridged to a calling channel to conform to secure media and signaling policies. For example, to first make a call attempt that has both secure signaling and media, but gracefully fall back to non-secure signaling and media see the following example: - -\begin{astlisting} -\begin{verbatim} -exten => 123,1,NoOp(We got a call) -exten => 123,n,Set(CHANNEL(secure_bridge_signaling)=1) -exten => 123,n,Set(CHANNEL(secure_bridge_media)=1) -exten => 123,n,Dial(SIP/somebody) -exten => 123,n,NoOp(HANGUPCAUSE=${HANGUPCAUSE}) -exten => 123,n,GotoIf($["${HANGUPCAUSE}"="58"]?encrypt_fail) -exten => 123,n,Hangup - -; notify user that retrying via insecure channel (user-provided prompt) -exten => 123,n(encrypt_fail),Playback(secure-call-fail-retry) -exten => 123,n,Set(CHANNEL(secure_bridge_signaling)=0) -exten => 123,n,Set(CHANNEL(secure_bridge_media)=0) -exten => 123,n,Dial(SIP/somebody) -exten => 123,n,Hangup -\end{verbatim} -\end{astlisting} - |