diff options
author | Sean Bright <sean.bright@gmail.com> | 2017-09-29 14:50:17 +0000 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2017-11-06 08:11:48 -0500 |
commit | 04d3785a798e984a5f5d43ec5f124a9b30a58b9e (patch) | |
tree | 06ac1ee5a7f04a5edf27e556e0825a31d9dd5c5f /res/res_pjsip.c | |
parent | be5b7b2076a577c2a994e752b152c5242fb29ce7 (diff) |
dtls: Add support for ephemeral DTLS certificates.
This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.
Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.
ASTERISK-27395
Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
Diffstat (limited to 'res/res_pjsip.c')
-rw-r--r-- | res/res_pjsip.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index 7499ded3e..1b59b2834 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -772,6 +772,18 @@ If this is not set or the value provided is 0 rekeying will be disabled. </para></description> </configOption> + <configOption name="dtls_auto_generate_cert" default="no"> + <synopsis>Whether or not to automatically generate an ephemeral X.509 certificate</synopsis> + <description> + <para> + If enabled, Asterisk will generate an X.509 certificate for each DTLS session. + This option only applies if <replaceable>media_encryption</replaceable> is set + to <literal>dtls</literal>. This option will be automatically enabled if + <literal>webrtc</literal> is enabled and <literal>dtls_cert_file</literal> is + not specified. + </para> + </description> + </configOption> <configOption name="dtls_cert_file"> <synopsis>Path to certificate file to present to peer</synopsis> <description><para> @@ -1028,6 +1040,7 @@ use_received_transport. The following configuration settings also get defaulted as follows:</para> <para>media_encryption=dtls</para> + <para>dtls_auto_generate_cert=yes (if dtls_cert_file is not set)</para> <para>dtls_verify=fingerprint</para> <para>dtls_setup=actpass</para> </description> |