[asterisk-bugs] [JIRA] (ASTERISK-17899) [patch] Adds a 'ignorecryptolifetime' (Ignore Crypto Lifetime) option to sip.conf for SRTP keys specifying optional 'lifetime'
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Wed Feb 25 14:43:35 CST 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-17899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-17899:
-----------------------------------
Description:
This functionality is disabled by default, but when enabled it will tell Asterisk to ignore the crypto lifetime key component if one is specified. Using this option I was able to successfully make TLS/SRTP calls to the Sangoma Express Gateway. This patch would not be necessary if the Sangoma Express Gateway provided an option to disable the lifetime specification; but it appears that it does not.
Without this patch, any SRTP offers that specify the optional lifetime key component will fail.
This patch was also tested by Ryan Mayer (mantis user: 'hidden'). Thanks Ryan!
****** ADDITIONAL INFORMATION ******
Here is a sample sip.conf entry:
{noformat}
[guyute]
host=5.6.7.8
transport=tls
encryption=yes
ignorecryptolifetime=yes
port=5061
type=peer
disallow=all
allow=ulaw
dtmfmode=rfc2833
reinvite=no
canreinvite=no
context=default
{noformat}
was:
This functionality is disabled by default, but when enabled it will tell Asterisk to ignore the crypto lifetime key component if one is specified. Using this option I was able to successfully make TLS/SRTP calls to the Sangoma Express Gateway. This patch would not be necessary if the Sangoma Express Gateway provided an option to disable the lifetime specification; but it appears that it does not.
Without this patch, any SRTP offers that specify the optional lifetime key component will fail.
This patch was also tested by Ryan Mayer (mantis user: 'hidden'). Thanks Ryan!
****** ADDITIONAL INFORMATION ******
Here is a sample sip.conf entry:
[guyute]
host=5.6.7.8
transport=tls
encryption=yes
ignorecryptolifetime=yes
port=5061
type=peer
disallow=all
allow=ulaw
dtmfmode=rfc2833
reinvite=no
canreinvite=no
context=default
> [patch] Adds a 'ignorecryptolifetime' (Ignore Crypto Lifetime) option to sip.conf for SRTP keys specifying optional 'lifetime'
> ------------------------------------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-17899
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-17899
> Project: Asterisk
> Issue Type: New Feature
> Components: Channels/chan_sip/NewFeature
> Reporter: Dwayne Hubbard
> Attachments: dw-ignore-crypto-lifetime-1.8.4.patch, dw-ignore-crypto-lifetime-trunk-r320171.patch, lingon-srtp-key-lifetime-1.8.diff
>
>
> This functionality is disabled by default, but when enabled it will tell Asterisk to ignore the crypto lifetime key component if one is specified. Using this option I was able to successfully make TLS/SRTP calls to the Sangoma Express Gateway. This patch would not be necessary if the Sangoma Express Gateway provided an option to disable the lifetime specification; but it appears that it does not.
> Without this patch, any SRTP offers that specify the optional lifetime key component will fail.
> This patch was also tested by Ryan Mayer (mantis user: 'hidden'). Thanks Ryan!
> ****** ADDITIONAL INFORMATION ******
> Here is a sample sip.conf entry:
> {noformat}
> [guyute]
> host=5.6.7.8
> transport=tls
> encryption=yes
> ignorecryptolifetime=yes
> port=5061
> type=peer
> disallow=all
> allow=ulaw
> dtmfmode=rfc2833
> reinvite=no
> canreinvite=no
> context=default
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list