[Asterisk-code-review] res_stir_shaken: Implemented signature verification. (asterisk[master])
Benjamin Keith Ford
asteriskteam at digium.com
Tue Apr 28 10:04:55 CDT 2020
Benjamin Keith Ford has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/14220 )
Change subject: res_stir_shaken: Implemented signature verification.
......................................................................
Patch Set 5:
(2 comments)
https://gerrit.asterisk.org/c/asterisk/+/14220/5/res/res_stir_shaken.c
File res/res_stir_shaken.c:
https://gerrit.asterisk.org/c/asterisk/+/14220/5/res/res_stir_shaken.c@414
PS5, Line 414: ast_log(LOG_ERROR, "Newly downloaded public key '%s' is expired\n", file_path);
> Does it make sense to do the expiration check if we just downloaded the file?
My thought was a certificate could be available for download but has passed its expiration. If that's the case, then we shouldn't be using it and fail here. Thoughts?
https://gerrit.asterisk.org/c/asterisk/+/14220/5/res/res_stir_shaken/curl.c
File res/res_stir_shaken/curl.c:
https://gerrit.asterisk.org/c/asterisk/+/14220/5/res/res_stir_shaken/curl.c@31
PS5, Line 31: #define CURL_TIMEOUT_SEC 7
> I think this should be configurable, and default to shorter
Configurable via function parameter, or did you have something else in mind?
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14220
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c
Gerrit-Change-Number: 14220
Gerrit-PatchSet: 5
Gerrit-Owner: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Comment-Date: Tue, 28 Apr 2020 15:04:55 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Joshua Colp <jcolp at sangoma.com>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200428/e13dc7cc/attachment.html>
More information about the asterisk-code-review
mailing list