diff options
author | Sean Bright <sean.bright@gmail.com> | 2017-09-29 14:50:17 +0000 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2017-11-06 08:11:20 -0500 |
commit | ddb8fd612472ff210412e69ceaed51821fc24975 (patch) | |
tree | b2ee471a9e46646c27f924724ff9dc3d9f8932fa /include | |
parent | 92b61748beb9a23cdd6d0ec650cbc6a7bf077ec9 (diff) |
dtls: Add support for ephemeral DTLS certificates.
This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.
Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.
ASTERISK-27395
Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
Diffstat (limited to 'include')
-rw-r--r-- | include/asterisk/rtp_engine.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/asterisk/rtp_engine.h b/include/asterisk/rtp_engine.h index 3ceac8467..f9d686aca 100644 --- a/include/asterisk/rtp_engine.h +++ b/include/asterisk/rtp_engine.h @@ -508,6 +508,7 @@ struct ast_rtp_dtls_cfg { char *cipher; /*!< Cipher to use */ char *cafile; /*!< Certificate authority file */ char *capath; /*!< Path to certificate authority */ + unsigned int ephemeral_cert:1; /*!< Whether to not to generate an ephemeral certificate - defaults to 0 (off) */ }; /*! \brief Structure that represents the optional DTLS SRTP support within an RTP engine */ @@ -2350,6 +2351,16 @@ struct ast_rtp_engine_dtls *ast_rtp_instance_get_dtls(struct ast_rtp_instance *i int ast_rtp_dtls_cfg_parse(struct ast_rtp_dtls_cfg *dtls_cfg, const char *name, const char *value); /*! + * \brief Validates DTLS related configuration options + * + * \param dtls_cfg a DTLS configuration structure + * + * \retval 0 if valid + * \retval -1 if invalid + */ +int ast_rtp_dtls_cfg_validate(struct ast_rtp_dtls_cfg *dtls_cfg); + +/*! * \brief Copy contents of a DTLS configuration structure * * \param src_cfg source DTLS configuration structure |