[Asterisk-code-review] dtls: Add support for ephemeral DTLS certificates (asterisk[15])

George Joseph asteriskteam at digium.com
Tue Oct 10 06:36:09 CDT 2017 

George Joseph has posted comments on this change. ( https://gerrit.asterisk.org/6640 )

Change subject: dtls: Add support for ephemeral DTLS certificates
......................................................................


Patch Set 3: Code-Review-1

(4 comments)

No 13/14 even without webrtc?

https://gerrit.asterisk.org/#/c/6640/3/configs/samples/pjsip.conf.sample
File configs/samples/pjsip.conf.sample:

https://gerrit.asterisk.org/#/c/6640/3/configs/samples/pjsip.conf.sample@747
PS3, Line 747: ;dtls_cert_type=        ; 'file' or 'ecdsa' depending on the type of certificate
Mention that if "file" is set and webrtc is also set that we'll automatically fallback to ecdsa if dtls_cert_file isn't set.

What about adding an "auto_fallback" value that means "if dtls_ca_cert is specified, use it, otherwise use ecdsa"?  That way the behavior is available even without webrtc.  "file" would still be the default to preserve existing behavior.


https://gerrit.asterisk.org/#/c/6640/3/configs/samples/pjsip.conf.sample@795
PS3, Line 795: ;webrtc= ; When set to "yes" this also enables the following values that are needed
Mention that if "file" is set and webrtc is also set that we'll automatically fallback to ecdsa if dtls_cert_file isn't set.


https://gerrit.asterisk.org/#/c/6640/3/include/asterisk/rtp_engine.h
File include/asterisk/rtp_engine.h:

https://gerrit.asterisk.org/#/c/6640/3/include/asterisk/rtp_engine.h@501
PS3, Line 501: 	AST_RTP_DTLS_CERTTYPE_ECDSA, /*!< Create ephemeral certificate */
How about adding AST_RTP_DTLS_CERTTYPE_AUTO_FALLBACK as mentioned in pjsip.conf.sample?


https://gerrit.asterisk.org/#/c/6640/3/res/res_pjsip.c
File res/res_pjsip.c:

https://gerrit.asterisk.org/#/c/6640/3/res/res_pjsip.c@768
PS3, Line 768: 				<configOption name="dtls_cert_type" default="file">
Mention the webrtc interaction as in pjsip.conf.sample.



-- 
To view, visit https://gerrit.asterisk.org/6640
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: comment
Gerrit-Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
Gerrit-Change-Number: 6640
Gerrit-PatchSet: 3
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
Gerrit-Comment-Date: Tue, 10 Oct 2017 11:36:09 +0000
Gerrit-HasComments: Yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171010/bf5b07dd/attachment.html>

More information about the asterisk-code-review mailing list