[Asterisk-code-review] pjsip/secure calling: Fix ciphers and realtime usage. (testsuite[13])
Jenkins2
asteriskteam at digium.com
Wed Aug 1 16:59:14 CDT 2018
Jenkins2 has submitted this change and it was merged. ( https://gerrit.asterisk.org/9782 )
Change subject: pjsip/secure_calling: Fix ciphers and realtime usage.
......................................................................
pjsip/secure_calling: Fix ciphers and realtime usage.
These tests suffered from two problems. The first problem
is that under realtime testing variable substitution was
not done, resulting in the tests having an invalid path
to their DTLS certificates. This now occurs and they are
happy. The second problem is that the tests used ciphers
which are not available on all distributions that are
currently tested. These have been removed.
Change-Id: Id9588024fe59376f919674f6458167c82d6700b0
---
M lib/python/asterisk/asterisk.py
M lib/python/asterisk/realtime_converter.py
M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf
19 files changed, 36 insertions(+), 29 deletions(-)
Approvals:
George Joseph: Looks good to me, but someone else must approve
Richard Mudgett: Looks good to me, approved
Jenkins2: Approved for Submit
diff --git a/lib/python/asterisk/asterisk.py b/lib/python/asterisk/asterisk.py
index c3996f6..b29cd79 100644
--- a/lib/python/asterisk/asterisk.py
+++ b/lib/python/asterisk/asterisk.py
@@ -655,13 +655,19 @@
return os.path.join(self.base + self.directories[astdirkey], *paths)
+ def configuration_replace_string(self, value):
+ """Replace variables in a string with directory paths"""
+ if "<<" not in value:
+ return value
+ for key in self.directories.keys():
+ value = value.replace("<<%s>>" % key,
+ "%s%s" % (self.base, self.directories[key]))
+ return value
+
# Quick little function for doing search and replace in a file used below.
def _file_replace_string(self, file):
for line in fileinput.input(file, inplace=1):
- if "<<" in line:
- for key in self.directories.keys():
- line = line.replace("<<%s>>" % key,
- "%s%s" % (self.base, self.directories[key]))
+ line = self.configuration_replace_string(line)
sys.stdout.write(line)
def install_configs(self, cfg_path, deps=None):
diff --git a/lib/python/asterisk/realtime_converter.py b/lib/python/asterisk/realtime_converter.py
index 5359452..1f7e556 100644
--- a/lib/python/asterisk/realtime_converter.py
+++ b/lib/python/asterisk/realtime_converter.py
@@ -130,7 +130,7 @@
# res_odbc.conf.
extconfig.write('{0} = odbc,asterisk\n'.format(table))
- def write_db(self, config_dir, meta, engine, conn):
+ def write_db(self, config_dir, meta, engine, conn, test_object):
"""Convert file contents into database entries
Keyword Arguments:
@@ -154,8 +154,9 @@
autoload=True, autoload_with=engine)
vals = {'id': title}
for key in section.keys():
- if key != 'type':
- vals[key] = ";".join(value.replace(";", "^3B") for value in section.get(key))
+ key_name = test_object.ast[0].configuration_replace_string(key)
+ if key_name != 'type':
+ vals[key_name] = ";".join(test_object.ast[0].configuration_replace_string(value).replace(";", "^3B") for value in section.get(key))
conn.execute(table.insert().values(**vals))
@@ -258,7 +259,7 @@
realtime_file.write_configs(self.config_dir, test_object.ast[0])
try:
- self.write_db()
+ self.write_db(test_object)
except:
self.cleanup(None)
raise
@@ -299,11 +300,11 @@
with open(self.modules.file, 'a+') as modules:
modules.write('preload => res_odbc.so\npreload=>res_config_odbc.so')
- def write_db(self):
+ def write_db(self, test_object):
"""Tell converters to write database information"""
for realtime_file in REALTIME_FILE_REGISTRY:
realtime_file.write_db(self.config_dir, self.meta, self.engine,
- self.conn)
+ self.conn, test_object)
def cleanup(self, result):
"""Cleanup information after test has completed.
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf
index 42c7268..eeff7f2 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf
index e8610a0..9d63fdd 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf
index 5690622..9f0904f 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast3.key
cert_file = <<astetcdir>>/ca1-ast3.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf
index ed4cf83..976fc67 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
@@ -32,7 +32,7 @@
dtls_cert_file = <<astetcdir>>/ca1-ast2.crt
dtls_ca_file = <<astetcdir>>/ca1.crt
dtls_verify = yes
-dtls_cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+dtls_cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
[alice]
type = aor
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf
index 38643e7..c721f77 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf
index 5895cba..3f0123f 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf
index 5b6d4f4..f590dc4 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca2-ast3.key
cert_file = <<astetcdir>>/ca2-ast3.crt
ca_list_file = <<astetcdir>>/ca2.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf
index 38643e7..c721f77 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf
index 2886a17..6b7b76f 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca-bundle.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf
index c7f7677..48ed76c 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca2-ast3.key
cert_file = <<astetcdir>>/ca2-ast3.crt
ca_list_path = <<astetcdir>>/
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf
index 42c7268..eeff7f2 100644
--- a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf
index b55cab8..ef58f19 100644
--- a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf
index f491080..a6b5688 100644
--- a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf
index 82d16e4..4f996e3 100644
--- a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
@@ -33,7 +33,7 @@
dtls_ca_file = <<astetcdir>>/ca1.crt
dtls_verify = yes
; ECDHE-RSA-AES256-SHA is removed
-dtls_cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+dtls_cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
[alice]
type = aor
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf
index 0c4f44a..91b4a1b 100644
--- a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf
@@ -5,7 +5,7 @@
protocol = tls
method = tlsv1
; ECDHE-RSA-AES256-SHA is removed
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf
index 42c7268..eeff7f2 100644
--- a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf
index c49833f..cf2ba5b 100644
--- a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca2-ast2.key
cert_file = <<astetcdir>>/ca2-ast2.crt
ca_list_file = <<astetcdir>>/ca2.crt
--
To view, visit https://gerrit.asterisk.org/9782
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: testsuite
Gerrit-Branch: 13
Gerrit-MessageType: merged
Gerrit-Change-Id: Id9588024fe59376f919674f6458167c82d6700b0
Gerrit-Change-Number: 9782
Gerrit-PatchSet: 1
Gerrit-Owner: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180801/08dbf590/attachment-0001.html>
More information about the asterisk-code-review
mailing list