Merge "pjsip: Clarify certificate configuration for Websocket."
This commit is contained in:
commit
eb9c031120
|
@ -862,10 +862,13 @@
|
|||
;==========================TRANSPORT SECTION OPTIONS=========================
|
||||
;[transport]
|
||||
; SYNOPSIS: SIP Transport
|
||||
;
|
||||
;async_operations=1 ; Number of simultaneous Asynchronous Operations
|
||||
; (default: "1")
|
||||
;bind= ; IP Address and optional port to bind to for this transport (default:
|
||||
; "")
|
||||
; Note that for the Websocket transport the TLS configuration is configured
|
||||
; in http.conf and is applied for all HTTPS traffic.
|
||||
;ca_list_file= ; File containing a list of certificates to read TLS ONLY
|
||||
; (default: "")
|
||||
;ca_list_path= ; Path to directory containing certificates to read TLS ONLY.
|
||||
|
@ -883,6 +886,13 @@
|
|||
; different, at least OpenSSL 1.0.2 is required.
|
||||
; (default: "")
|
||||
;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "")
|
||||
;method= ; Method of SSL transport TLS ONLY (default: "")
|
||||
;priv_key_file= ; Private key file TLS ONLY (default: "")
|
||||
;verify_client= ; Require verification of client certificate TLS ONLY (default:
|
||||
; "")
|
||||
;verify_server= ; Require verification of server certificate TLS ONLY (default:
|
||||
; "")
|
||||
;require_client_cert= ; Require client certificate TLS ONLY (default: "")
|
||||
;domain= ; Domain the transport comes from (default: "")
|
||||
;external_media_address= ; External IP address to use in RTP handling
|
||||
; (default: "")
|
||||
|
@ -890,17 +900,10 @@
|
|||
; "")
|
||||
;external_signaling_port=0 ; External port for SIP signalling (default:
|
||||
; "0")
|
||||
;method= ; Method of SSL transport TLS ONLY (default: "")
|
||||
;local_net= ; Network to consider local used for NAT purposes (default: "")
|
||||
;password= ; Password required for transport (default: "")
|
||||
;priv_key_file= ; Private key file TLS ONLY (default: "")
|
||||
;protocol=udp ; Protocol to use for SIP traffic (default: "udp")
|
||||
;require_client_cert= ; Require client certificate TLS ONLY (default: "")
|
||||
;type= ; Must be of type transport (default: "")
|
||||
;verify_client= ; Require verification of client certificate TLS ONLY (default:
|
||||
; "")
|
||||
;verify_server= ; Require verification of server certificate TLS ONLY (default:
|
||||
; "")
|
||||
;tos=0 ; Enable TOS for the signalling sent over this transport (default: "0")
|
||||
;cos=0 ; Enable COS for the signalling sent over this transport (default: "0")
|
||||
;websocket_write_timeout=100 ; Default write timeout to set on websocket
|
||||
|
|
|
@ -1211,13 +1211,13 @@
|
|||
<synopsis>IP Address and optional port to bind to for this transport</synopsis>
|
||||
</configOption>
|
||||
<configOption name="ca_list_file">
|
||||
<synopsis>File containing a list of certificates to read (TLS ONLY)</synopsis>
|
||||
<synopsis>File containing a list of certificates to read (TLS ONLY, not WSS)</synopsis>
|
||||
</configOption>
|
||||
<configOption name="ca_list_path">
|
||||
<synopsis>Path to directory containing a list of certificates to read (TLS ONLY)</synopsis>
|
||||
<synopsis>Path to directory containing a list of certificates to read (TLS ONLY, not WSS)</synopsis>
|
||||
</configOption>
|
||||
<configOption name="cert_file">
|
||||
<synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
|
||||
<synopsis>Certificate file for endpoint (TLS ONLY, not WSS)</synopsis>
|
||||
<description><para>
|
||||
A path to a .crt or .pem file can be provided. However, only
|
||||
the certificate is read from the file, not the private key.
|
||||
|
@ -1226,7 +1226,7 @@
|
|||
</para></description>
|
||||
</configOption>
|
||||
<configOption name="cipher">
|
||||
<synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis>
|
||||
<synopsis>Preferred cryptography cipher names (TLS ONLY, not WSS)</synopsis>
|
||||
<description>
|
||||
<para>Comma separated list of cipher names or numeric equivalents.
|
||||
Numeric equivalents can be either decimal or hexadecimal (0xX).
|
||||
|
@ -1258,7 +1258,7 @@
|
|||
<synopsis>External port for SIP signalling</synopsis>
|
||||
</configOption>
|
||||
<configOption name="method">
|
||||
<synopsis>Method of SSL transport (TLS ONLY)</synopsis>
|
||||
<synopsis>Method of SSL transport (TLS ONLY, not WSS)</synopsis>
|
||||
<description>
|
||||
<enumlist>
|
||||
<enum name="default">
|
||||
|
@ -1285,7 +1285,7 @@
|
|||
<synopsis>Password required for transport</synopsis>
|
||||
</configOption>
|
||||
<configOption name="priv_key_file">
|
||||
<synopsis>Private key file (TLS ONLY)</synopsis>
|
||||
<synopsis>Private key file (TLS ONLY, not WSS)</synopsis>
|
||||
</configOption>
|
||||
<configOption name="protocol" default="udp">
|
||||
<synopsis>Protocol to use for SIP traffic</synopsis>
|
||||
|
@ -1300,16 +1300,16 @@
|
|||
</description>
|
||||
</configOption>
|
||||
<configOption name="require_client_cert" default="false">
|
||||
<synopsis>Require client certificate (TLS ONLY)</synopsis>
|
||||
<synopsis>Require client certificate (TLS ONLY, not WSS)</synopsis>
|
||||
</configOption>
|
||||
<configOption name="type">
|
||||
<synopsis>Must be of type 'transport'.</synopsis>
|
||||
</configOption>
|
||||
<configOption name="verify_client" default="false">
|
||||
<synopsis>Require verification of client certificate (TLS ONLY)</synopsis>
|
||||
<synopsis>Require verification of client certificate (TLS ONLY, not WSS)</synopsis>
|
||||
</configOption>
|
||||
<configOption name="verify_server" default="false">
|
||||
<synopsis>Require verification of server certificate (TLS ONLY)</synopsis>
|
||||
<synopsis>Require verification of server certificate (TLS ONLY, not WSS)</synopsis>
|
||||
</configOption>
|
||||
<configOption name="tos" default="false">
|
||||
<synopsis>Enable TOS for the signalling sent over this transport</synopsis>
|
||||
|
|
|
@ -651,6 +651,9 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
|
|||
} else if ((transport->type == AST_TRANSPORT_WS) || (transport->type == AST_TRANSPORT_WSS)) {
|
||||
if (transport->cos || transport->tos) {
|
||||
ast_log(LOG_WARNING, "TOS and COS values ignored for websocket transport\n");
|
||||
} else if (!ast_strlen_zero(transport->ca_list_file) || !ast_strlen_zero(transport->ca_list_path) ||
|
||||
!ast_strlen_zero(transport->cert_file) || !ast_strlen_zero(transport->privkey_file)) {
|
||||
ast_log(LOG_WARNING, "TLS certificate values ignored for websocket transport as they are configured in http.conf\n");
|
||||
}
|
||||
res = PJ_SUCCESS;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue