There are a lot of moving parts in this patch, but the focus of it is on the verification of the signature using a public key located at the public key URL provided in the JSON payload. First, we check the database to see if we have already downloaded the key. If so, check to see if it has expired. If it has, redownload from the URL. If we don't have an entry in the database, just go ahead and download the public key. The expiration is tested each time we download the file. After that, read the public key from the file and use it to verify the signature. All sanity checking is done when the payload is first received, so the verification is complete once this point is reached. The XML has also been added since a new config option was added to general (curl_timeout). The maximum amount of time to wait for a download can be configured through this option, with a low value by default. Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c |
||
---|---|---|
.. | ||
CHANGES-staging | ||
UPGRADE-staging | ||
lang | ||
.gitignore | ||
CODING-GUIDELINES | ||
IAX2-security.pdf | ||
IAX2-security.txt | ||
Makefile | ||
README.txt | ||
aelparse.8 | ||
appdocsxml.dtd | ||
appdocsxml.xslt | ||
astdb2bdb.8 | ||
astdb2sqlite3.8 | ||
asterisk-ng-doxygen.in | ||
asterisk.8 | ||
asterisk.sgml | ||
smsq.8 |
README.txt
The vast majority of the Asterisk project documentation has been moved to the project wiki: https://wiki.asterisk.org/ Asterisk release tarballs contain an export of the wiki in PDF and plain text form, which you can find in: doc/AST.pdf doc/AST.txt Asterisk uses the Doxygen documentation software. Run "make progdocs" and open the resulting documentation index at doc/api/index.html in a webbrowser or copy the directory to a directory served by a webserver for remote access.