From ae21162a69e222711658c8712f3403bad8101f72 Mon Sep 17 00:00:00 2001 From: Jonathan Rose Date: Mon, 21 Apr 2014 16:20:32 +0000 Subject: chan_sip: Add sendrpid trust options In r411189, some behavior was changed which made sendrpid behavior act in a more trusting manner by sending full user data for peers set with private caller presence in P-Asserted-Identity headers. Since this changed long time expected behaviors, we decided to pull that patch when that was pointed out by the community. Instead, this patch provides a trust_id_outbound setting which will expose the data per RFC-3325 if set to 'yes' and simply not send the PAI/RPID headers at all if set to 'no'. By default trust_id_outbound will be set to 'legacy' which will preserve the behavior prior to these patches. Extra special thanks to Walter Doekes for providing advice and feedback. (closes issue AST-1301) (closes issue ASTERISK-19465) Reported by: Krzysztof Chmielewski Review: https://reviewboard.asterisk.org/r/3447/ ........ Merged revisions 412744 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 412746 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 412747 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@412759 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- configs/sip.conf.sample | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'configs') diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample index 46af79043..1175047b3 100644 --- a/configs/sip.conf.sample +++ b/configs/sip.conf.sample @@ -350,6 +350,17 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; transmit such UPDATE messages to it, then you must enable this option. ; Otherwise, we will have to wait until we can send a reinvite to ; transmit the information. +;trust_id_outbound = no ; Controls whether or not we trust this peer with private identity + ; information (when the remote party has callingpres=prohib or equivalent). + ; no - RPID/PAI headers will not be included for private peer information + ; yes - RPID/PAI headers will include the private peer information. Privacy + ; requirements will be indicated in a Privacy header for sendrpid=pai + ; legacy - RPID/PAI will be included for private peer information. In the + ; case of sendrpid=pai, private data that would be included in them + ; will be anonymized. For sendrpid=rpid, private data may be included + ; but the remote party's domain will be anonymized. The way legacy + ; behaves may violate RFC-3325, but it follows historic behavior. + ; This option is set to 'legacy' by default ;prematuremedia=no ; Some ISDN links send empty media frames before ; the call is in ringing or progress state. The SIP ; channel will then send 183 indicating early media @@ -1219,6 +1230,7 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; autoframing ; insecure ; trustrpid +; trust_id_outbound ; progressinband ; promiscredir ; useclientcode @@ -1431,7 +1443,8 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ;allow=g723.1 ; Asterisk only supports g723.1 pass-thru! ;allow=g729 ; Pass-thru only unless g729 license obtained ;callingpres=allowed_passed_screen ; Set caller ID presentation - ; See README.callingpres for more information + ; See function CALLERPRES documentation for possible + ; values. ;[xlite1] ; Turn off silence suppression in X-Lite ("Transmit Silence"=YES)! -- cgit v1.2.3