diff options
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/scripts/sip_to_pjsip/sip_to_pjsip.py | 89 |
1 files changed, 75 insertions, 14 deletions
diff --git a/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py b/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py index 22c749e5f..a4f03b508 100755 --- a/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py +++ b/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py @@ -135,11 +135,14 @@ def set_timers(key, val, section, pjsip, nmapped): found in sip.conf. """ # pjsip.conf values can be yes/no, required, always + # 'required' is a new feature of chan_pjsip, which rejects + # all SIP clients not supporting Session Timers + # 'Accept' is the default value of chan_sip and maps to 'yes' + # chan_sip ignores the case, for example 'session-timers=Refuse' + val = val.lower() if val == 'originate': set_value('timers', 'always', section, pjsip, nmapped) - elif val == 'accept': - set_value('timers', 'required', section, pjsip, nmapped) - elif val == 'never': + elif val == 'refuse': set_value('timers', 'no', section, pjsip, nmapped) else: set_value('timers', 'yes', section, pjsip, nmapped) @@ -398,7 +401,7 @@ peer_map = [ ['trustpid', set_value('trust_id_inbound')], ['sendrpid', from_sendrpid], # send_pai, send_rpid ['send_diversion', set_value], - ['encrpytion', set_media_encryption], + ['encryption', set_media_encryption], ['avpf', set_value('use_avpf')], ['recordonfeature', set_record_on_feature], # automixon ['recordofffeature', set_record_off_feature], # automixon @@ -442,6 +445,9 @@ peer_map = [ ['host', from_host], # contact, max_contacts ['qualifyfreq', set_value('qualify_frequency', type='aor')], + ['maxexpiry', set_value('maximum_expiration', type='aor')], + ['minexpiry', set_value('minimum_expiration', type='aor')], + ['defaultexpiry', set_value('default_expiration', type='aor')], ############################# maps to auth##################################### # type = auth @@ -466,6 +472,7 @@ peer_map = [ # bind # async_operations # ca_list_file +# ca_list_path # cert_file # privkey_file # password @@ -684,6 +691,12 @@ def set_tls_bindaddr(val, pjsip, nmapped): set_value('bind', bind, 'transport-tls', pjsip, nmapped, 'transport') +def set_tls_cert_file(val, pjsip, section, nmapped): + """Sets cert_file based on sip.conf tlscertfile""" + set_value('cert_file', val, section, pjsip, nmapped, + 'transport') + + def set_tls_private_key(val, pjsip, nmapped): """Sets privkey_file based on sip.conf tlsprivatekey or sslprivatekey""" set_value('priv_key_file', val, 'transport-tls', pjsip, nmapped, @@ -701,6 +714,12 @@ def set_tls_cafile(val, pjsip, nmapped): 'transport') +def set_tls_capath(val, pjsip, nmapped): + """Sets ca_list_path based on sip.conf tlscapath""" + set_value('ca_list_path', val, 'transport-tls', pjsip, nmapped, + 'transport') + + def set_tls_verifyclient(val, pjsip, nmapped): """Sets verify_client based on sip.conf tlsverifyclient""" set_value('verify_client', val, 'transport-tls', pjsip, nmapped, @@ -718,11 +737,6 @@ def set_tls_verifyserver(val, pjsip, nmapped): 'transport') -def set_tls_method(val, pjsip, nmapped): - """Sets method based on sip.conf tlsclientmethod or sslclientmethod""" - set_value('method', val, 'transport-tls', pjsip, nmapped, 'transport') - - def create_tls(sip, pjsip, nmapped): """ Creates a 'transport-tls' section in pjsip.conf based on the following @@ -742,12 +756,13 @@ def create_tls(sip, pjsip, nmapped): tls_map = [ (['tlsbindaddr', 'sslbindaddr'], set_tls_bindaddr), + (['tlscertfile', 'sslcert', 'tlscert'], set_tls_cert_file), (['tlsprivatekey', 'sslprivatekey'], set_tls_private_key), (['tlscipher', 'sslcipher'], set_tls_cipher), (['tlscafile'], set_tls_cafile), + (['tlscapath', 'tlscadir'], set_tls_capath), (['tlsverifyclient'], set_tls_verifyclient), - (['tlsdontverifyserver'], set_tls_verifyserver), - (['tlsclientmethod', 'sslclientmethod'], set_tls_method) + (['tlsdontverifyserver'], set_tls_verifyserver) ] try: @@ -767,6 +782,23 @@ def create_tls(sip, pjsip, nmapped): except LookupError: pass + try: + method = sip.multi_get('general', ['tlsclientmethod', 'sslclientmethod'])[0] + print 'In chan_sip, you specified the TLS version. With chan_sip, this was just for outbound client connections. In chan_pjsip, this value is for client and server. Instead, consider not to specify \'tlsclientmethod\' for chan_sip and \'method = sslv23\' for chan_pjsip.' + except LookupError: + """ + OpenSSL emerged during the 90s. SSLv2 and SSLv3 were the only + existing methods at that time. The OpenSSL project continued. And as + of today (OpenSSL 1.0.2) this does not start SSLv2 and SSLv3 anymore + but TLSv1.0 and v1.2. Or stated differently: This method should + have been called 'method = secure' or 'method = automatic' back in + the 90s. The PJProject did not realize this and uses 'tlsv1' as + default when unspecified, which disables TLSv1.2. chan_sip used + 'sslv23' as default when unspecified, which gives TLSv1.0 and v1.2. + """ + method = 'sslv23' + set_value('method', val, 'transport-tls', pjsip, nmapped, 'transport') + set_transport_common('transport-tls', pjsip, nmapped) try: extern_addr = sip.multi_get('general', ['externaddr', 'externip', @@ -968,9 +1000,8 @@ class Registration: if hasattr(self, 'secret') and self.secret: set_value('password', self.secret, auth_section, pjsip, nmapped, 'auth') - if hasattr(self, 'authuser'): - set_value('username', self.authuser or self.user, auth_section, - pjsip, nmapped, 'auth') + set_value('username', self.authuser if hasattr(self, 'authuser') + else self.user, auth_section, pjsip, nmapped, 'auth') set_value('outbound_auth', auth_section, section, pjsip, nmapped, 'registration') @@ -1067,6 +1098,35 @@ def find_non_mapped(sections, nmapped): pass +def map_system(sip, pjsip, nmapped): + section = 'system' # Just a label; you as user can change that + type = 'system' # Not a label, therefore not the same as section + + try: + user_agent = sip.get('general', 'useragent')[0] + set_value('user_agent', user_agent, 'global', pjsip, nmapped, 'global') + except LookupError: + pass + + try: + timer_t1 = sip.get('general', 'timert1')[0] + set_value('timer_t1', timer_t1, section, pjsip, nmapped, type) + except LookupError: + pass + + try: + timer_b = sip.get('general', 'timerb')[0] + set_value('timer_b', timer_b, section, pjsip, nmapped, type) + except LookupError: + pass + + try: + compact_headers = sip.get('general', 'compactheaders')[0] + set_value('compact_headers', compact_headers, section, pjsip, nmapped, type) + except LookupError: + pass + + def convert(sip, filename, non_mappings, include): """ Entry point for configuration file conversion. This @@ -1079,6 +1139,7 @@ def convert(sip, filename, non_mappings, include): nmapped = non_mapped(non_mappings[filename]) if not include: # Don't duplicate transport and registration configs + map_system(sip, pjsip, nmapped) map_transports(sip, pjsip, nmapped) map_registrations(sip, pjsip, nmapped) map_auth(sip, pjsip, nmapped) |