[asterisk-bugs] [JIRA] (ASTERISK-24128) [Patch] Adding default dtls settings

Michael K. (JIRA) noreply at issues.asterisk.org
Sun Nov 16 04:09:28 CST 2014


    [ https://issues.asterisk.org/jira/browse/ASTERISK-24128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223576#comment-223576 ] 

Michael K. commented on ASTERISK-24128:
---------------------------------------

Copying here the comment i left there, as i thinkg it's not resolved as it should be:
"
ha, i missed the approval. Sorry that i did not fixed the typo and did not pushed anything to CHANGES.
About the patch there is problem i explained above. 
The problem with second version is that if you have dtls set in general("dtlsenable=yes") and you have peer that has no DTLS configuration at all (mostly important no "dtlsenable=no") it would set this peer as dtls enabled one as it sets all default dtls configs for peer. from general. So basically the first version where i set settings one by one is better one, as it would use default settings only if peer has "dtlsenable=yes" and has no other settings.

If we want to compare to TLS, setting TLS enabled in general does not force all peers to be TLS enabled.
"

> [Patch] Adding default dtls settings
> ------------------------------------
>
>                 Key: ASTERISK-24128
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24128
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/WebSocket
>    Affects Versions: 11.11.0
>            Reporter: Michael K.
>            Severity: Minor
>         Attachments: dtls_default_settings.patch
>
>
> DTLS settings are loaded only from peer settings and if they are not presented they would not be loaded from [general].
> The first problem is that almost all settings if not presented on peer are taken from general. And it's kind of convention already. 
> The second one is that if i use realtime settings, i can't use template (those are supported only in files) and thus instead of setting for example dtls key in one place i need to copy-paste for each peer. 
> Provided patch is applied to 11.11.0. 
> If patch is okay and someone is interested i can provide polished patch on trunk on reviewboard :P



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list