sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding some additional thoughts on configuration changes to TCP/TLS 

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@150510 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Olle Johansson 2008-10-17 08:42:44 +00:00
parent 858a6baa76
commit e3ea5c3c36
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
channels/chan_sip.c
View File

@ -35,18 +35,36 @@
* ******** TCP implementation changes needed
* \todo Fix TCP/TLS handling in dialplan, SRV records, transfers and much more
* \todo Save TCP/TLS sessions in registry
* If someone registers a SIPS uri, this forces us to set up a TLS connection back.
* \todo Add TCP/TLS information to function SIPPEER and SIPCHANINFO
* \todo If tcpenable=yes, we must open a TCP socket on the same address as the IP for UDP.
* The tcpbindaddr config option should only be used to open ADDITIONAL ports
* So we should propably go back to
* bindaddr= the default address to bind to. If tcpenable=yes, then bind this to both udp and TCP
* if tlsenable=yes, open TLS port (provided we also have cert)
* tcpbindaddr = extra address for additional TCP connections
* tlsbindaddr = extra address for additional TCP/TLS connections
* udpbindaddr = extra address for additional UDP connections
* These three options should take multiple IP/port pairs
* Note: Since opening additional listen sockets is a *new* feature we do not have today
* the XXXbindaddr options needs to be disabled until we have support for it
*
* \todo Be prepared for one outbound and another incoming socket per pvt. This applies
* specially to communication with other peers (proxies).
* \todo We need to test TCP sessions with SIP proxies and in regards
* to the SIP outbound specs.
* \todo transport=tls was deprecated in RFC3261 and should not be used at all. See section 22.2.2.
*
* \todo If the message is smaller than the given Content-length, the request should get a 400 Bad request
* message. If it's a response, it should be dropped. (RFC 3261, Section 18.3)
* \todo Since we have had multidomain support in Asterisk for quite a while, we need to support
* multiple domains in our TLS implementation, meaning one socket and one cert per domain
* \todo Selection of transport for a request needs to be done after we've parsed all route headers,
* also considering outbound proxy options.
* First request: Outboundproxy, routes, (reg contact or URI. If URI doesn't have port: DNS naptr, srv, AAA)
* Intermediate requests: Outboundproxy(only when forced), routes, contact/uri
* DNS naptr support is crucial. A SIP uri might lead to a TLS connection.
* Also note that due to outbound proxy settings, a SIPS uri might have to be sent on UDP (not to recommend though)
*
*
* ******** General TODO:s