From 023fa0f9e88558bf9b099b7aed9334b676fc89d8 Mon Sep 17 00:00:00 2001 From: Mark Michelson Date: Fri, 16 Jan 2015 21:46:09 +0000 Subject: Add support for the ca_list_path option for PJSIP transports. This allows for a path to be specified that has a collection of CA certificates in it. ASTERISK-24575 #close Reported by cloos Patches: pj-ca-path-trunk.diff uploaded by cloos (License #5956) Review: https://reviewboard.asterisk.org/r/4344 ........ Merged revisions 430709 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@430713 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- res/res_pjsip/config_transport.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'res/res_pjsip') diff --git a/res/res_pjsip/config_transport.c b/res/res_pjsip/config_transport.c index e6137f56a..9c7298b98 100644 --- a/res/res_pjsip/config_transport.c +++ b/res/res_pjsip/config_transport.c @@ -217,6 +217,14 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj) res = pjsip_tcp_transport_start3(ast_sip_get_pjsip_endpoint(), &cfg, &transport->state->factory); } else if (transport->type == AST_TRANSPORT_TLS) { transport->tls.ca_list_file = pj_str((char*)transport->ca_list_file); +#ifdef HAVE_PJ_SSL_CERT_LOAD_FROM_FILES2 + transport->tls.ca_list_path = pj_str((char*)transport->ca_list_path); +#else + if (!ast_strlen_zero(transport->ca_list_path)) { + ast_log(LOG_WARNING, "Asterisk has been built against a version of pjproject that does not " + "support the 'ca_list_path' option. Please upgrade to version 2.4 or later.\n"); + } +#endif transport->tls.cert_file = pj_str((char*)transport->cert_file); transport->tls.privkey_file = pj_str((char*)transport->privkey_file); transport->tls.password = pj_str((char*)transport->password); @@ -743,6 +751,7 @@ int ast_sip_initialize_sorcery_transport(void) ast_sorcery_object_field_register_custom(sorcery, "transport", "bind", "", transport_bind_handler, transport_bind_to_str, NULL, 0, 0); ast_sorcery_object_field_register(sorcery, "transport", "async_operations", "1", OPT_UINT_T, 0, FLDSET(struct ast_sip_transport, async_operations)); ast_sorcery_object_field_register(sorcery, "transport", "ca_list_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, ca_list_file)); + ast_sorcery_object_field_register(sorcery, "transport", "ca_list_path", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, ca_list_path)); ast_sorcery_object_field_register(sorcery, "transport", "cert_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, cert_file)); ast_sorcery_object_field_register(sorcery, "transport", "priv_key_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, privkey_file)); ast_sorcery_object_field_register(sorcery, "transport", "password", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, password)); -- cgit v1.2.3