[Asterisk-code-review] Revert "sip to pjsip: Map the TLS method correctly." (asterisk[master])

Kevin Harwell asteriskteam at digium.com
Thu Aug 18 12:00:19 CDT 2016 

Kevin Harwell has uploaded a new change for review.

  https://gerrit.asterisk.org/3639

Change subject: Revert "sip_to_pjsip: Map the TLS method correctly."
......................................................................

Revert "sip_to_pjsip: Map the TLS method correctly."

This reverts commit e55d1e47aa28f7f0477bbbb251bdabaddf640f9a.

Change-Id: Idca47286496abfab4a5f90401dd7b84a18fff646
---
M contrib/scripts/sip_to_pjsip/sip_to_pjsip.py
1 file changed, 7 insertions(+), 18 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/39/3639/1

diff --git a/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py b/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py
index a9bc78e..8909216 100755
--- a/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py
+++ b/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py
@@ -731,6 +731,11 @@
                   'transport')
 
 
+def set_tls_method(val, pjsip, nmapped):
+    """Sets method based on sip.conf tlsclientmethod or sslclientmethod"""
+    set_value('method', val, 'transport-tls', pjsip, nmapped, 'transport')
+
+
 def create_tls(sip, pjsip, nmapped):
     """
     Creates a 'transport-tls' section in pjsip.conf based on the following
@@ -754,7 +759,8 @@
         (['tlscipher', 'sslcipher'], set_tls_cipher),
         (['tlscafile'], set_tls_cafile),
         (['tlsverifyclient'], set_tls_verifyclient),
-        (['tlsdontverifyserver'], set_tls_verifyserver)
+        (['tlsdontverifyserver'], set_tls_verifyserver),
+        (['tlsclientmethod', 'sslclientmethod'], set_tls_method)
     ]
 
     try:
@@ -773,23 +779,6 @@
             i[1](sip.multi_get('general', i[0])[0], pjsip, nmapped)
         except LookupError:
             pass
-
-    try:
-        method = sip.multi_get('general', ['tlsclientmethod', 'sslclientmethod'])[0]
-        print 'In chan_sip, you specified the TLS version. With chan_sip, this was just for outbound client connections. In chan_pjsip, this value is for client and server. Instead, consider not to specify \'tlsclientmethod\' for chan_sip and \'method = sslv23\' for chan_pjsip.'
-    except LookupError:
-        """
-        OpenSSL emerged during the 90s. SSLv2 and SSLv3 were the only
-        existing methods at that time. The OpenSSL project continued. And as
-        of today (OpenSSL 1.0.2) this does not start SSLv2 and SSLv3 anymore
-        but TLSv1.0 and v1.2. Or stated differently: This method should
-        have been called 'method = secure' or 'method = automatic' back in
-        the 90s. The PJProject did not realize this and uses 'tlsv1' as
-        default when unspecified, which disables TLSv1.2. chan_sip used
-        'sslv23' as default when unspecified, which gives TLSv1.0 and v1.2.
-        """
-        method = 'sslv23'
-    set_value('method', val, 'transport-tls', pjsip, nmapped, 'transport')
 
     set_transport_common('transport-tls', pjsip, nmapped)
     try:

-- 
To view, visit https://gerrit.asterisk.org/3639
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idca47286496abfab4a5f90401dd7b84a18fff646
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>

More information about the asterisk-code-review mailing list