[asterisk-commits] edguy3: branch edguy3/sip-identity-trunk r256147 - in /team/edguy3/sip-identi...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Sat Apr 3 07:49:56 CDT 2010


Author: edguy3
Date: Sat Apr  3 07:49:53 2010
New Revision: 256147

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=256147
Log:
apply latest sip-identity-patch to latest trunk.  Add automerge properties 

Modified:
    team/edguy3/sip-identity-trunk/   (props changed)
    team/edguy3/sip-identity-trunk/channels/chan_sip.c
    team/edguy3/sip-identity-trunk/channels/sip/include/sip.h
    team/edguy3/sip-identity-trunk/configs/extensions.conf.sample
    team/edguy3/sip-identity-trunk/configs/sip.conf.sample

Propchange: team/edguy3/sip-identity-trunk/
------------------------------------------------------------------------------
    automerge = *

Propchange: team/edguy3/sip-identity-trunk/
------------------------------------------------------------------------------
    automerge-email = edguy at emcsw.com

Modified: team/edguy3/sip-identity-trunk/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/edguy3/sip-identity-trunk/channels/chan_sip.c?view=diff&rev=256147&r1=256146&r2=256147
==============================================================================
--- team/edguy3/sip-identity-trunk/channels/chan_sip.c (original)
+++ team/edguy3/sip-identity-trunk/channels/chan_sip.c Sat Apr  3 07:49:53 2010
@@ -163,6 +163,7 @@
 
 /*** MODULEINFO
         <depend>chan_local</depend>
+		<depend>curl</depend>
  ***/
 
 /*!  \page sip_session_timers SIP Session Timers in Asterisk Chan_sip
@@ -776,6 +777,26 @@
 static int global_qualify_gap;          /*!< Time between our group of peer pokes */
 static int global_qualify_peers;        /*!< Number of peers to poke at a given time */
 
+/*! \brief RFC 4474 Identity related static variables */
+static struct identity_struct {
+ enum identity_mode mode;/*!< flag whether to sign the invite, validate or sign and validate*/
+ char private_url_prefix[IDENTITY_PRIV_URL_PREFIX]; /*!< private url prefix is stored here used to fetch
+								  the user private key from http or https server*/
+ char private_url_suffix[IDENTITY_PRIV_URL_SUFFIX]; /*!< private url suffix is stored here used to fetch
+								  the user private key from http or https server
+								  which can be .pem or .cer*/
+ char public_url_prefix[IDENTITY_PUB_URL_PREFIX];   /*!< public url prefix is stored here used to fetch the
+								  user public key from http or https server used */
+ char public_url_suffix[IDENTITY_PUB_URL_SUFFIX];   /*!< public url suffix is stored here used to fetch the
+								  user public key from http or https server used */
+ char private_path[AST_CONFIG_MAX_PATH];            /*!< location where private keys are stored */
+ char public_path[AST_CONFIG_MAX_PATH];		/*!< location where public keys are stored */
+ char cache_path[AST_CONFIG_MAX_PATH];	        /*!< location where keys and certs are cached */
+}  identity_general;						/*! identity settings for overall system */
+
+AST_THREADSTORAGE(id_query_buf);			/*! identity curl query buffer */
+AST_THREADSTORAGE(id_result_buf);			/*! identity curl result buffer */
+
 static enum st_mode global_st_mode;           /*!< Mode of operation for Session-Timers           */
 static enum st_refresher global_st_refresher; /*!< Session-Timer refresher                        */
 static int global_min_se;                     /*!< Lowest threshold for session refresh interval  */
@@ -1068,7 +1089,7 @@
 static void add_noncodec_to_sdp(const struct sip_pvt *p, int format,
 				struct ast_str **m_buf, struct ast_str **a_buf,
 				int debug);
-static enum sip_result add_sdp(struct sip_request *resp, struct sip_pvt *p, int oldsdp, int add_audio, int add_t38);
+static enum sip_result add_sdp(struct sip_request *resp, struct sip_pvt *p, int oldsdp, int add_audio, int add_t38, int first_message);
 static void do_setnat(struct sip_pvt *p);
 static void stop_media_flows(struct sip_pvt *p);
 
@@ -1524,6 +1545,927 @@
 	}
 	return res;
 }
+
+
+/*
+ *  Begin RFC4474 Identity definitions configuration values & functions
+ *
+ */
+
+/*! \brief  helper function for rfc 4474  Return pointer to string with current SSL error
+ * \return Returns pointer to string with current SSL error
+ */
+static char* ssl_err(void)
+{
+	static char buf[1024];
+	ERR_error_string(ERR_get_error(), buf);
+	return buf;
+}
+
+/*! \brief  helper function for rfc 4474  Return pointer to string with result explanation
+ * \param  code the numeric (enum) code to be interpreted.
+ * \return Returns pointer to string with current SSL error
+ */
+static const char* ident_status(enum identity_result code)
+{
+	const char* rv = "SIP Identity status unknown";
+	switch(code) {
+		case IDENTITY_RES_NONE:
+			rv="SIP identity no result";
+			break;
+		case IDENTITY_RES_SIGN_OK:
+			rv="SIP identity sign ok";
+			break;
+		case IDENTITY_RES_SIGN_DISABLED:
+			rv="SIP identity sign disabled";
+			break;
+		case IDENTITY_RES_SIGN_BROKEN_KEY:
+			rv="SIP identity sign broken key";
+			break;
+		case IDENTITY_RES_SIGN_NO_PRIVATE_KEY:
+			rv="SIP identity sign no private key found";
+			break;
+		case IDENTITY_RES_VAL_OK:
+			rv="SIP identity validation ok";
+			break;
+		case IDENTITY_RES_VAL_DISABLED:
+			rv="SIP identity validation disabled";
+			break;
+		case IDENTITY_RES_VAL_BROKEN_CERT:
+			rv="SIP identity validation broken certificate";
+			break;
+		case IDENTITY_RES_VAL_NO_CERT:
+			rv="SIP identity validation no public certificate found";
+	}
+	return (rv);
+};
+
+
+/*! \brief  helper function for rfc 4474  generate cache file name
+ * \return Returns pointer to filename.  must be freed
+ */
+static char* id_cache_filename(const char*url,struct identity_struct *identity)
+{
+	char *p, *p2;
+	size_t len;
+	char buf[AST_CONFIG_MAX_PATH];
+	strncpy(buf,identity->cache_path,sizeof(buf));
+	len = strlen(buf);
+	p2 = buf + len;
+
+	ast_uri_encode(url,p2,sizeof(buf)-len,1);
+
+	/* substitute specials */
+	while ((p=strchr(buf,'<'))) {
+		*p='_';
+	}
+	while ((p=strchr(buf,'>'))) {
+		*p='_';
+	}
+	return ast_strdup(buf);
+}
+
+
+/*! \brief  helper function for rfc 4474  Fill buffer with cached content.
+ * \param  url	url of source file
+ * \param  data output buffer
+ * \param  datasize size of output buffer
+ * \return Returns true if found. out will contain file contents
+ */
+static int id_check_cache(const char*url,char *data,size_t datasize,struct identity_struct *identity)
+{
+	FILE* stream;
+	int rv = FALSE;
+	char *cached_file=id_cache_filename(url,identity);
+	if (sipdebug) {
+		ast_debug(2,"** Identity key searching in id_check_cache %s => %s\n",url,cached_file);
+	}
+
+	/* does file exist? */
+	if ((stream = fopen (cached_file, "r")) != (FILE *)0) {
+		ast_debug(2,"id_check_cache: opened %s / %d \n",cached_file,datasize);
+		fread(data, datasize, 1, stream);
+		if ( ferror(stream) ) {
+			ast_log(LOG_ERROR,"id_check_cache: private key not loaded from %s\n",cached_file);
+		}
+		else {
+			ast_debug(2,"id_check_cache: private key loaded from %s\n",cached_file);
+		}
+		fclose(stream);
+		rv = TRUE;
+	}
+	ast_debug(2,"id_get_private_key: done %d\n",rv);
+	ast_free(cached_file);
+	return rv;
+}
+
+/*! \brief  helper function for rfc 4474  store buffer to cache.
+ * \param  url	url of source file
+ * \param  data output buffer
+ * \param  datasize size of output buffer
+ * \return Returns void.
+ */
+static void id_store_cache(const char*url,char *data,size_t datasize,struct identity_struct *identity)
+{
+	FILE* stream;
+	char *cached_file=id_cache_filename(url,identity);
+	if (sipdebug) {
+		ast_debug(2,"** Identity info (datasize %d) to be stored in cache %s => %s\n",datasize,url,cached_file);
+	}
+
+	/* does file exist */
+	if ((stream = fopen (cached_file, "w")) != (FILE *)0) {
+		fwrite(data, datasize, 1, stream);
+		if (ferror(stream)) {
+			ast_log(LOG_ERROR,"id_store_cache: info NOT written to %s\n",cached_file);
+		}
+		else {
+			ast_log(LOG_NOTICE,"id_store_cache: info written to %s\n",cached_file);
+		}
+		fclose(stream);
+	}
+	else {
+		ast_log(LOG_ERROR,"** Identity id_store_cache cannot write to cache %s => %s\n",url,cached_file);
+	}
+	ast_free(cached_file);
+}
+
+
+/*! \brief helper function for rfc 4474  fetches public cert or private key for the user from server
+ * uses plain old socket to initiate http session to fetch keys from server
+ *
+ * \param type IDENTITY_PRIVATE for private key, IDENTITY_PUBLIC for public key
+ * \param user user name for whom the public or private key is fetched
+ * \param out  where the fetched key is placed
+ * \param port port no to connect on the server
+ * \param url  server name and path is fetched from url
+ * \return Returns integer result 1 is success, any other value means failure
+ */
+static int id_fetch_key_from_server(enum identity_key_type type,const char *user, char *out, size_t outsize,int port,const char *url_in,struct identity_struct *identity)
+{
+	int sockfd, portno, n,torecv=0,rcvd=0;
+	struct sockaddr_in serv_addr;
+	struct hostent *server;
+	struct ast_hostent ae;
+	char *p,*p1,*p2,tempbuf[20],buffer[IDENTITY_KEYBUF_SIZE],serveradd[PATH_MAX];
+	char url2[PATH_MAX];
+
+	/* ensure buffers are \0 terminated */
+	serveradd[0]='\0';
+	buffer[0]='\0';
+	out[0]='\0';
+
+	/* condition url */
+	p1=strstr(url_in,"<");
+	if (p1) {
+		p2=strstr(url_in,">");
+		if((p2-p1)>PATH_MAX) {
+			ast_log(LOG_ERROR, "Identity Error:  URL too long %s\n",url2);
+			return -1;
+		}
+		memcpy(url2,p1+1,p2-p1-1);
+		ast_verbose("** Identity  url:%s\n",url_in);
+		ast_verbose("** Identity url2:%s\n",url2);
+	}
+	else {
+		memcpy(url2,url_in,strlen(url_in)+1);
+	}
+
+	/* check local cache. */
+	if (id_check_cache(url2,out,outsize,identity)) {  
+		if (sipdebug) {
+			ast_debug(2,"** Identity key found in cache %s\n%s\n",url2,out);
+		}
+		/* out is filled with contents */
+		return TRUE;
+	}
+
+	/*  get url contents using CURL or a hand crafted method. ( curl gives us https, certs, etc. ) */
+	if (ast_custom_function_find("CURL")) {
+		/* use curl */
+		struct ast_str *query, *buffer;
+
+		/* allocate working buffers on thread */
+		if (!(query = ast_str_thread_get(&id_query_buf, 16))) {
+			ast_log(LOG_ERROR, "Identity Error:  Memory allocation failure.\n");
+		return -1;
+	}
+
+		if (!(buffer = ast_str_thread_get(&id_result_buf, 16))) {
+			ast_log(LOG_ERROR, "Identity Error:  Memory allocation failure.\n");
+			return -1;
+				}
+
+		ast_str_set(&query, 0, "${CURL(%s)}", url2);
+		ast_str_substitute_variables(&buffer, 0, NULL, ast_str_buffer(query));
+
+		/* copy results */
+		rcvd=ast_str_size(buffer);
+		if( rcvd > outsize) {
+			ast_log(LOG_ERROR, "Identity Error: http result from %s too large: %d.\n",url2, rcvd);
+			return -1;
+			}
+		if (rcvd>0) {
+			memcpy(out, ast_str_buffer(buffer),rcvd);
+		}
+		if (sipdebug) {
+			ast_log(LOG_NOTICE,
+					"** Identity url [%s], results [\n%s]\n",
+					url2, out);
+		}
+
+	}
+	else {
+		/* use the el cheapo method to keep embedded guys happy */
+		/* check port no */
+		if (port < 1 || port > IDENTITY_MAXPORT) {
+			ast_log(LOG_ERROR, "Identity Error invalid port %d\n", port);
+			return -1;
+		}
+
+		/* format the http header buffer to fetch the keys from server */
+		p = strstr(url2, "://");
+		if (p!=NULL) {
+			p1=strstr(p+4,"/");
+			if (p1!=NULL) {
+				memcpy(serveradd,p+3,p1-(p+3) );
+				serveradd[p1-(p+3)]='\0';
+					strcpy(buffer, "GET ");
+				strcat(buffer, p1);
+				if (sipdebug) {
+					ast_log(LOG_NOTICE,
+							"** Identity prv srv [%s], path [%s]\n",
+							serveradd, buffer);
+				}
+			}
+		}
+		if (p==NULL || p1==NULL) {
+			ast_log(
+					LOG_ERROR,
+					"** Identity error parsing private URL [%s], path [%s]\n",
+					serveradd, buffer);
+			return -1;
+		}
+
+	/* format the buffer to send to server */
+	strcat(buffer," HTTP/1.1\r\n");
+	strcat(buffer,"Host: ");
+	strcat(buffer,serveradd);
+	strcat(buffer,"\r\n");
+	strcat(buffer,"Accept: */*\r\n");
+	strcat(buffer,"\r\n");
+
+	server = ast_gethostbyname(serveradd,&ae);
+	if (server == NULL) {
+			ast_log(LOG_ERROR,
+					"** Identity ERROR cannot resolve hostname=%s\n", serveradd);
+		return -1;
+	}
+
+	/* populate connect to  server addr */
+	portno = port;
+	if (sipdebug) {
+			ast_log(
+					LOG_NOTICE,
+					"** Identity id_fetch_key_from_server(); srv: %s, buff: \n%s\nport: %d\n",
+					serveradd, buffer, portno);
+	}
+
+	sockfd = socket(AF_INET, SOCK_STREAM, 0);
+	if (sockfd < 0) {
+		ast_log(LOG_ERROR,"** Identity Error opening socket\n");
+		return -1;
+	}
+	memset((char *) &serv_addr,'\0', sizeof(serv_addr));
+	serv_addr.sin_family = AF_INET;
+		memcpy((char *) &serv_addr.sin_addr.s_addr, (char *) server->h_addr,
+				server->h_length);
+	serv_addr.sin_port = htons(portno);
+	if (connect(sockfd,&serv_addr,sizeof(serv_addr)) < 0) {
+		ast_log(LOG_ERROR,"** Identity ERROR connecting \n");
+		return -1;
+	}
+	/* send to server the buffer */
+	n = write(sockfd,buffer,strlen(buffer));
+	if (n < 0) {
+		close(sockfd);
+		ast_log(LOG_ERROR,"** Identity ERROR writing to socket\n");
+		return -1;
+	}
+	/* read from server */
+	n = read(sockfd,buffer,sizeof(buffer));
+	if (n <= 0) {
+		close(sockfd);
+		ast_log(LOG_ERROR,"** Identity ERROR reading from socket\n");
+		return -1;
+	}
+	/* make sure content is null terminated */
+	buffer[(n<sizeof(buffer))?n:sizeof(buffer)-1]='\0';
+	/* write the read buffer from \r\n\r\n to out */
+	p=buffer;
+	p1=strstr(buffer,"\r\n\r\n");
+	if (p1!=NULL) {
+		memcpy(out,p1+4,strlen(buffer)-(p1+4-p));
+		out[strlen(buffer)-(p1+4-p)]='\0';
+	}
+	/* validate the response from host*/
+	p=strstr(buffer,"200 OK");
+	if (p==NULL) {
+		close(sockfd);
+			ast_log(LOG_ERROR,
+					"** Identity ERROR key not found on server [%s] %s\n",
+					serveradd, url2);
+		ast_log(LOG_ERROR,"********************\n");
+		ast_log(LOG_ERROR,"buffer %s\n",buffer);
+		ast_log(LOG_ERROR,"********************\n");
+		return -1;
+	}
+	/* get content length*/
+	p=strstr(buffer,"Content-Length:");
+	if (p!=NULL) {
+		char* p2 = p+sizeof("Content-Length:");
+		p1=strstr(p2,"\r\n");
+		if (p1!=NULL) {
+			memcpy(tempbuf,p2,p1-p2);
+			tempbuf[p1-p2]='\0';
+			torecv=strtol(tempbuf,NULL, 10);
+		}
+	}
+	/* check the length for validity */
+	if (torecv<=0) {
+			ast_log(LOG_ERROR, "** Identity ERROR nothing to receive [%d]\n",
+					torecv);
+		close(sockfd);
+		return -1;
+	}
+		/* find out what is received so far */
+	rcvd=strlen(out);
+	while (rcvd<torecv) {
+		buffer[0]='\0';
+		n = read(sockfd,buffer,sizeof(buffer));
+		if (n<0) {
+				ast_log(LOG_ERROR,
+						"** Identity ERROR socket read failed [%d]\n", torecv);
+			close(sockfd);
+			return -1;
+		}
+		memcpy(out+rcvd,buffer,n);
+		rcvd+=n;
+	}
+	out[rcvd]='\0';
+	close(sockfd);
+	}
+
+	if(rcvd>32) {
+		id_store_cache(url2,out,rcvd,identity);
+	}
+	return 1; /* success */
+}
+
+
+/*! \brief helper function for rfc 4474 gets private key from server and returns in EVP_PKEY format
+ *
+ * \param user  user name for whom the private key is fetched
+ * \return Returns private key in EVP_PKEY or NULL if failed
+ */
+
+static EVP_PKEY* id_get_private_key(const char *user,struct identity_struct *identity)
+{
+	BIO *pem_bio;
+	EVP_PKEY *pkey;
+	char data[IDENTITY_KEYBUF_SIZE];
+	char url[AST_CONFIG_MAX_PATH];
+	char filename[AST_CONFIG_MAX_PATH];
+	FILE *stream;
+
+	data[0]='\0';
+
+	/* get private key from file system */
+	strcpy(filename,identity->private_path);
+	strcat(filename,user);
+
+	if (sipdebug) {
+		ast_debug(2,"id_get_private_key: private key potentially to be loaded from %s\n",filename);
+	}
+	if ((stream = fopen (filename, "r")) != (FILE *)0) {
+		fread(data, sizeof(data), 1, stream);
+		if (ferror(stream)){
+			ast_log(LOG_ERROR,"id_get_private_key: private key loading error from %s\n",filename);
+		}
+		else {
+			if (sipdebug) {
+				ast_debug(2,"id_get_private_key: private key was loaded from %s\n",filename);
+			}
+		}
+		fclose(stream);
+	}
+	else {
+		strcpy(url,identity->private_url_prefix);
+		strcat(url,user);
+		strcat(url,identity->private_url_suffix);
+		/* fetch the private key from server */
+		if (id_fetch_key_from_server(IDENTITY_PRIVATE,user,data,sizeof(data),IDENTITY_SERVER_PORT,url,identity)!=1) {
+			ast_log(LOG_ERROR,"** id_get_private_key: get private key failed %s\n",user);
+			return NULL;
+		}
+	}
+	/* return private key in EVP_PKEY format */
+	if (NULL == (pem_bio = BIO_new_mem_buf(data, strlen(data)))) {
+	    ast_log(LOG_ERROR,"** id_get_private_key: unable to initialize BIO\n");
+	    return NULL;
+	}
+	if (NULL == (pkey = PEM_read_bio_PrivateKey(pem_bio, NULL, 0, NULL))) {
+	    ast_log(LOG_ERROR,"** id_get_private_key: could not decode private key from  %s\n",  ssl_err());
+	    BIO_free(pem_bio);
+	    return NULL;
+	}
+	BIO_free(pem_bio);
+	return pkey;
+}
+
+/*! \brief helper function for rfc 4474 gets public certificate from server and returns in X509 format
+ *
+ * \param user  user name for whom the public key is fetched
+ * \param idinfohdr  identity info header from sip request which contains the URL
+ * \return Returns private key in X509 or null
+ */
+static X509* id_get_public_cert(const char *user,const char *idinfohdr,struct identity_struct *identity)
+{
+	BIO *pem_bio;
+	X509 *cert;
+	char data[IDENTITY_KEYBUF_SIZE];
+	char filename[AST_CONFIG_MAX_PATH];
+	FILE *stream;
+
+	data[0]='\0';
+
+	/* get cert from file system */
+	strcpy(filename,identity->public_path);
+	strcat(filename,user);
+
+	if ((stream = fopen (filename, "r")) != (FILE *)0) {
+		fread(data, sizeof(data), 1, stream);
+		if (ferror(stream)) {
+			ast_log(LOG_ERROR,"id_get_public_cert: private key loading error from %s\n",filename);
+		}
+		else {
+			if (sipdebug) {
+				ast_debug(2,"id_get_public_cert: private key loaded from %s\n",filename);
+			}
+		}
+		fclose(stream);
+	}
+	else {
+		/* fetch the public cert from server */
+		if (id_fetch_key_from_server(IDENTITY_PUBLIC,user,data,sizeof(data),IDENTITY_SERVER_PORT,idinfohdr,identity)!=1) {
+			ast_log(LOG_ERROR,"** id_get_public_cert get public key failed %s\n",user);
+			return NULL;
+		}
+	}
+	if (sipdebug) {
+		ast_debug(2,"** id_get_public_cert: user: %s data: %s \n", user, data);
+		ast_verbose("** id_get_public_cert: user: %s data: %s \n", user, data);
+	}
+	/* return public key in EVP_PKEY format */
+	if (NULL == (pem_bio = BIO_new_mem_buf(data, strlen(data)))) {
+		ast_log(LOG_ERROR,"** id_get_public_cert: unable to initialize BIO\n");
+		return NULL;
+	}
+	if (NULL == (cert = PEM_read_bio_X509(pem_bio, NULL, 0, 0))) {
+		ast_log(LOG_ERROR,"** id_get_public_cert: could not decode public key from  %s\n", ssl_err());
+		BIO_free(pem_bio);
+		return NULL;
+	}
+	BIO_free(pem_bio);
+	return cert;
+}
+
+
+/*! \brief helper function for rfc 4474 gets public key from server and returns in EVP_PKEY format
+ *
+ * \param user  user name for whom the public key is fetched
+ * \param idinfohdr  identity info header from sip request which contains the URL
+ * \return Returns private key in EVP_PKEY or null
+ */
+static EVP_PKEY* id_get_public_key(X509* cert)
+{
+	EVP_PKEY *pkey;
+	if (NULL == (pkey = X509_get_pubkey(cert))) {
+		ast_log(LOG_ERROR,"** id_get_public_key: could not get public key from  %s\n", ssl_err());
+	}
+	return pkey;
+}
+
+/*! \brief helper function for rfc 4474 does SHA1 hashing
+ *
+ * \param buf  pointer to data to be SHA1 hashed
+ * \param retbuf pointer to hashed data
+ * \return Returns pointer to hashed data
+ */
+static char* id_hashstr(const char *buf,char *retbuf)
+{
+	SHA_CTX sha;
+	SHA1_Init(&sha);
+	SHA1_Update(&sha, buf, strlen(buf));
+	SHA1_Final((unsigned char*)retbuf, &sha);
+	return retbuf;
+}
+/*! \brief main function for rfc 4474 does signing
+ *
+ * \param tosign  pointer to data to be signed (RSA SHA1)
+ * \param res pointer to signed data
+ * \param user pointer to user for whom the key is fetched and data is signed using the private key of user
+ * \return Returns 1 for success any other value failure
+ */
+static int id_sign(const char *tosign,char *res,const char *user,struct identity_struct *identity)
+{
+	EVP_PKEY *pkey;
+	RSA *rsa;
+	unsigned char result[IDENTITY_SIGNBUF_SIZE];
+	unsigned int resultlen = sizeof(result);
+	char id[IDENTITY_SIGNBUF_SIZE];
+	unsigned int id_len = sizeof(id);
+
+	unsigned char sha1res[20];
+	/* hash the digest string */
+	if (id_hashstr(tosign,(char *) sha1res) == NULL) {
+                ast_log(LOG_ERROR,"** id_sign():  hash failed\n");
+		return FALSE;
+	}
+	/* get private key for user */
+	pkey = id_get_private_key(user,identity);
+	if (pkey == NULL) {
+		ast_log(LOG_ERROR,"** id_sign(): get private key failed\n");
+		return FALSE;
+	}
+
+	if (NULL == (rsa = EVP_PKEY_get1_RSA(pkey))) {
+		ast_log(LOG_ERROR,"** id_sign(): Unable to get RSA Key: %s\n", ssl_err());
+		EVP_PKEY_free(pkey);
+		return FALSE;
+	}
+	EVP_PKEY_free(pkey);
+	if (resultlen < RSA_size(rsa)) {
+		ast_log(LOG_ERROR,"** id_sign(): RSA Result too big: %d !>= %d\n", resultlen, RSA_size(rsa));
+		return FALSE;
+	}
+	/* do RSA sign */
+	if (RSA_sign(NID_sha1, sha1res, sizeof(sha1res), result, &resultlen, rsa) != 1) {
+		ast_log(LOG_ERROR,"** id_sign(): Error computing RSA results: %s\n", ssl_err());
+		RSA_free(rsa);
+		return FALSE;
+	}
+	RSA_free(rsa);
+	/* do base64 encoding */
+	ast_base64encode_full(id, result, resultlen, id_len, 0);
+	memcpy(res,id,strlen(id)+1);
+	return TRUE;
+}
+
+/*! \brief callback function for rfc 4474. Interprets errors
+ *
+ * \param ok  status
+ * \param ctx pointer to x509 store cotext
+ * \return Returns 1 for success, 0 value failure
+ */
+static int verify_id_cb(int ok, X509_STORE_CTX *ctx)
+{
+	char buf[512];		/* cert subject buffer. size ok */
+
+	if (sipdebug && ctx->current_cert) {
+		X509_NAME_oneline( X509_get_subject_name(ctx->current_cert),buf, sizeof(buf));
+		ast_debug(2,"** verify_id_cb(%d): %s\n",ok,buf);
+	}
+	if (!ok) {
+		ast_log(LOG_ERROR,"** verify_id_cb: error %d at %d depth lookup:%s\n",ctx->error,
+			ctx->error_depth, X509_verify_cert_error_string(ctx->error));
+		/* allow self signing as OK */
+		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) {
+			ok=1;
+		}
+	}
+	return(ok);
+}
+
+
+
+
+/*! \brief main function for rfc 4474 does verifying the signature
+ *
+ * \param digeststr  pointer to digest data
+ * \param identityhdr pointer to identity header data from sip request
+ * \param user pointer to user for whom the key is fetched and data is verified using the public key of user
+ * \param identity_info pointer to identity-info header data from sip request
+ * \return Returns 1 for success any other value failure
+ */
+static int id_verify(const char *digeststr,const char *identityhdr,const char *user,const char *identity_info,struct identity_struct *identity)
+{
+	unsigned char sig[IDENTITY_SIGNBUF_SIZE];
+	EVP_PKEY *pkey;
+	RSA *rsa=NULL;
+	X509 *cert=NULL;
+	int retlen;
+	unsigned char sha1res[20];
+ 	X509_NAME *nm=NULL;
+	X509_STORE *ctx=NULL;
+	X509_STORE_CTX *csc=NULL;
+	int cn_match;
+	int lastpos;
+	int rv=FALSE;
+
+	if (sipdebug) {
+		ast_log(LOG_NOTICE,"** id_verify: digeststr: %s iden: %s user: %s idinfo: %s\n", digeststr, identityhdr, user, identity_info);
+	}
+
+	/* hash the digest string */
+	if (id_hashstr(digeststr, (char *)sha1res) == NULL) {
+		goto cleanup;
+	}
+
+	/* base 64 decode of the identity header */
+  	retlen=ast_base64decode(sig, identityhdr, sizeof(sig));
+	if (retlen <=0 ) {
+		ast_log(LOG_ERROR,"** id_verify(): Cannot decode Identity header\n");
+		goto cleanup;
+	}
+	/* get public key for the user */
+	cert = id_get_public_cert(user,identity_info,identity);
+	if (cert == NULL) {
+		ast_log(LOG_ERROR,"** id_verify: Unable to get public cert: %s\n", ssl_err());
+		goto cleanup;
+	}
+	pkey  = id_get_public_key(cert);
+	if (pkey == NULL) {
+		ast_log(LOG_ERROR,"** id_verify: Unable to get public Key: %s\n", ssl_err());
+		goto cleanup;
+	}
+	if (NULL == (rsa = EVP_PKEY_get1_RSA(pkey))) {
+		ast_log(LOG_ERROR,"** id_verify: Unable to get RSA Key: %s\n", ssl_err());
+		goto cleanup;
+	}
+	EVP_PKEY_free(pkey);
+
+	nm = X509_get_subject_name(cert);
+	if (sipdebug) {
+		char subject[256];
+		X509_NAME_oneline(nm, subject, sizeof(subject));
+		ast_log(LOG_NOTICE, "** id_verify Certificate Subject = %s\n", subject);
+        	ast_log(LOG_NOTICE, "** id_verify: size-sha1res: %d retlen: %d \n", sizeof(sha1res), retlen);
+	}
+
+	/*  do rsa verify */
+	if (RSA_verify(NID_sha1, sha1res, sizeof(sha1res),(unsigned char *) sig, retlen, rsa) != 1) {
+		ast_log(LOG_ERROR,"** id_verify: Verify failed: %s\n", ssl_err());
+		goto cleanup;
+	}
+	RSA_free(rsa);
+	rsa=NULL;
+
+	/* loop through the CNs */
+	cn_match = FALSE;
+	lastpos = -1 ;
+	do {
+		int name_len;
+		ASN1_STRING *tmp;
+		char *cname2;
+
+	        lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+        	if (lastpos < 0) {
+                	break;
+		}
+		tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(nm,lastpos));
+		if (!tmp) {
+			ast_log(LOG_ERROR, "** id_verify: Error Processing certificate CN\n");
+			break;
+		}
+		name_len = ASN1_STRING_length(tmp);
+		cname2 = (char*)ast_malloc(name_len+1);		/* remember ASN1 does not count \0 */
+		memcpy(cname2, ASN1_STRING_data(tmp), ASN1_STRING_length(tmp));
+		cname2[name_len]='\0';
+
+		cn_match = (0==strncmp(user,cname2,name_len+1));
+		if (sipdebug) {
+			ast_log(LOG_NOTICE,"** id_verify: CNAME = %s match:%s\n",cname2,cn_match?"yes":"no");
+		}
+		ast_free(cname2);
+        }
+	while ( !cn_match );
+
+	if (!cn_match) {
+		ast_log(LOG_ERROR, "** id_verify: FAIL: user %s not found in cert CN\n",user);
+		goto cleanup;
+	}
+
+	if (sipdebug) {
+		ast_log(LOG_NOTICE, "** id_verify: Callerid(num) matches Common Name. ok\n");
+	}
+
+	/* now verify chain */
+	ctx=X509_STORE_new();
+	X509_STORE_set_verify_cb_func(ctx,verify_id_cb);
+
+	if (X509_STORE_set_default_paths(ctx) != 1) {
+		ast_log(LOG_ERROR, " id_verify: X509_STORE_set_default_paths failed\n");
+		goto cleanup;
+	}
+	csc = X509_STORE_CTX_new();
+	if (!csc) {
+		ast_log(LOG_ERROR, " id_verify: X509_STORE_CTX_new failed\n");
+		goto cleanup;
+	}
+	if (!X509_STORE_CTX_init(csc,ctx,cert,NULL)) {
+		ast_log(LOG_ERROR, " id_verify: X509_STORE_CTX_init failed\n");
+		goto cleanup;
+	}
+	if (!X509_verify_cert(csc)) {
+		ast_log(LOG_ERROR, " id_verify: X509_verify_cert failed.\n");
+		goto cleanup;
+	}
+
+	if (sipdebug) {
+		ast_log(LOG_NOTICE, "** id_verify: validates ok\n");
+	}
+
+	rv=TRUE;
+
+	/* verified ok. Now free everything */
+	cleanup:	{			/* gotos are not evil */
+		if(rsa)RSA_free(rsa);
+		if(ctx)X509_STORE_free(ctx);
+		if(csc)X509_STORE_CTX_free(csc);
+		if(cert)X509_free(cert);
+	}
+	return rv;
+}
+/*! \brief helper function for rfc 4474 gets the specific sip header requested
+ *
+ * \param req  pointer to sip_request strucutre
+ * \param name pointer to header value being requested
+ * \param out pointer to buffer where result is stored
+ */
+static void id_get_sip_header(struct sip_request *req,const char *name,char *out,size_t size)
+{
+	const char *p1,*p;
+	p=get_header(req, name);
+
+	if (p!=NULL) {
+		p1=strstr(p,"\r\n");
+		if (p1!=NULL) {
+			size_t len = p1-p;
+			/* reduce size if too long - will likely fail signing */
+			if ( len >= size ) {
+				len=size-1;
+				ast_log(LOG_ERROR,"** id_verify(): sip header too long: %s\n", p);
+			}
+			memcpy(out,p,size);
+			out[len]='\0';
+		}
+		else {
+			strncpy(out,p,size);
+			out[size-1]='\0';
+		}
+	}
+	else { /* no \r\n found so it should be good to copy */
+		strncpy(out,p,size);
+		out[size-1]='\0';	/* ensure null terminated */
+	}
+}
+
+/*! \brief helper function for rfc 4474 gets the address of record
+ *
+ * \param req  pointer to sip_request strucutre
+ * \param name pointer to Address of record value being requested
+ * \param out pointer to buffer where result is stored
+ */
+
+static void id_get_addr_of_record(struct sip_request *req,const char *name,char *out,size_t size)
+{
+	char HeaderReq[IDENTITY_HEADER_SIZE];
+	char *p,*p1;
+
+	id_get_sip_header(req, name,HeaderReq,sizeof(HeaderReq));
+	p=strchr(HeaderReq,'<');
+	if (p!=NULL) {
+		p1=strchr(p,'>');
+		if (p1!=NULL) {
+			if (p1-p-1 > size ) {
+				ast_log(LOG_ERROR,"** id_get_addr_of_record: field too large \n");
+				out[0]='\0';
+			}
+			else {
+				memcpy(out,p+1,p1-p-1);
+				out[p1-p-1]='\0';
+			}
+		}
+	}
+}
+
+/*! \brief entry function for rfc 4474 does signing or verifying signature
+ *
+ * \param req pointer to sip_request structure
+ * \param out pointer to where signing or verifying result is placed (out)
+ * \param sdp pointer to optional sdp data which can be passed as input
+ * \param type 0 for signing 1 for verifying
+ * \param userout pointer where user name is stored in case verifying is done (out)
+ */
+static int id_main(struct sip_request *req,char *out,const char *sdp,enum identity_action type,char *userout,size_t userout_size,struct identity_struct *identity)
+{
+	char digeststr[2*IDENTITY_HEADER_SIZE],signstr[IDENTITY_HEADER_SIZE],callid[IDENTITY_HEADER_SIZE],cseq[IDENTITY_HEADER_SIZE],date[IDENTITY_HEADER_SIZE];
+	char contactAor[IDENTITY_HEADER_SIZE],toAor[IDENTITY_HEADER_SIZE],fromAor[IDENTITY_HEADER_SIZE],user[40];
+	char idstoverify[IDENTITY_HEADER_SIZE],idinfo[IDENTITY_HEADER_SIZE];
+	char *p,*p1;
+	int rv=0; /* returned value. >1 is success */
+
+	/* ensure all buffers are null strings */
+	contactAor[0]=toAor[0]=fromAor[0]=user[0]= idstoverify[0]=idinfo[0]= digeststr[0]=signstr[0]=callid[0]=cseq[0]=date[0] ='\0';
+
+	if (type==IDENTITY_ACTION_VERIFY) { /* verify the signature*/
+		id_get_sip_header(req,"Identity-Info",idinfo,sizeof(idinfo));
+		if (strlen(idinfo)==0) {
+			return FALSE;
+		}
+		id_get_sip_header(req,"Identity",idstoverify,sizeof(idstoverify));
+		if (sipdebug) {
+			ast_log(LOG_NOTICE,"\n** id_main()\n idstoverify: %s \n idinfo: %s \n ", idstoverify, idinfo);
+		}
+	}
+
+	/* get various header fields */
+	id_get_sip_header(req, "Call-ID",callid,sizeof(callid));
+	id_get_sip_header(req, "CSeq",cseq,sizeof(cseq));
+	id_get_sip_header(req, "Date",date,sizeof(date));
+	/* get address of record */
+	id_get_addr_of_record(req,"To",toAor,sizeof(toAor));
+	id_get_addr_of_record(req,"From",fromAor,sizeof(fromAor));
+	id_get_addr_of_record(req,"Contact",contactAor,sizeof(contactAor));
+	/* get user from from header */
+	if (strlen(fromAor)>0) {
+		p1=strstr(fromAor,":"); /* find sip: */
+		if (p1!=NULL) {
+			p=strstr(p1+1,"@");
+			memcpy(user,p1+1,p-(p1+1));
+			user[p-(p1+1)]='\0';
+			strncpy(userout,user,userout_size);
+			userout[userout_size-1]='\0';	/* ensure null terminated */
+		}
+	}
+	/* build the digest string fromAOR| toAOR| Call id| cSEQ|date|Contact AOR |SDP */
+	strcpy(digeststr,fromAor);
+	strcat(digeststr,"|");
+	strcat(digeststr,toAor);
+	strcat(digeststr,"|");
+	strcat(digeststr,callid);
+	strcat(digeststr,"|");
+	strcat(digeststr,cseq);
+	strcat(digeststr,"|");
+	strcat(digeststr,date);
+	strcat(digeststr,"|");
+	strcat(digeststr,contactAor);
+	strcat(digeststr,"|");
+	/*if sdp is not passed then find it*/
+	if (sdp==NULL) {
+		if (find_sdp(req)) {
+			int x;
+			for (x = 0; x < (req->lines); x++) {
+				char *p,*line2;
+			 	line2=ast_strdup(REQ_OFFSET_TO_STR(req, line[x]));
+				p=strstr(line2,"\r\n");
+				if (p!=NULL) {
+					*p='\0';
+                                }
+				strcat(digeststr,line2);
+				strcat(digeststr,"\r\n");
+				ast_free(line2);
+			}
+		}
+	}
+	else {
+	    strcat(digeststr,sdp);
+	}
+
+	/* call appropriate function depending on type */
+	if (type==IDENTITY_ACTION_SIGN) { /* sign */
+		if ( (rv = id_sign(digeststr,signstr,user,identity)) && sipdebug) {
+			ast_debug(2,"** id_main() Signing Success \n");
+		}
+
+	}
+	else if (type==IDENTITY_ACTION_VERIFY) { /* verify */
+		rv = id_verify(digeststr,idstoverify,user,idinfo,identity);
+	}
+
+	strcpy(out,signstr);
+	if (sipdebug) {
+		ast_log(LOG_NOTICE,"** Identity id_main() size: %d digeststr: %s\n", strlen(digeststr), digeststr);
+	}
+	return rv;
+}
+
+/*
+ * End RFC4474 Identity definitions configuration values & functions
+ *
+ */
+
 
 static void tcptls_packet_destructor(void *obj)
 {
@@ -8905,12 +9847,17 @@
 }
 
 /*! \brief Add Session Description Protocol message
+ * \param resp
+ * \param p
+ * \param oldsdp
+ * \param add_audio
+ * \param add_t38
 
     If oldsdp is TRUE, then the SDP version number is not incremented. This mechanism
     is used in Session-Timers where RE-INVITEs are used for refreshing SIP sessions
     without modifying the media session in any way.
 */
-static enum sip_result add_sdp(struct sip_request *resp, struct sip_pvt *p, int oldsdp, int add_audio, int add_t38)
+static enum sip_result add_sdp(struct sip_request *resp, struct sip_pvt *p, int oldsdp, int add_audio, int add_t38, int first_message)
 {
 	int len = 0;
 	format_t alreadysent = 0;
@@ -8955,6 +9902,16 @@
 	char buf[SIPBUFSIZE];
 	char dummy_answer[256];
 
+	char signed_identity_digest[IDENTITY_SIGNBUF_SIZE];   /* signed identity digest header parameter */
+	char user[IDENTITY_SIGNBUF_SIZE];		      /* user CALLERID(NUM) */
+	char idinfo[IDENTITY_SIGNBUF_SIZE];		      /* identity-info header parameter */
+	char result_number[3];				      /* Result code */
+	struct ast_str *sdp1;				      /* working copy of sdp for identity */
+
+	signed_identity_digest[0]='\0';
+	user[0]='\0';
+	idinfo[0]='\0';
+
 	/* Set the SDP session name */
 	snprintf(subject, sizeof(subject), "s=%s\r\n", ast_strlen_zero(global_sdpsession) ? "-" : global_sdpsession);
 
@@ -9212,6 +10169,84 @@
 		len += m_modem->used + a_modem->used;
 
 	add_header(resp, "Content-Type", "application/sdp");
+
+	/* add identity header can be done only here */
+
+	/* build a disposable SDP for signing.  cant use real SDP because once add_line is called, cant add_header */
+	sdp1 = ast_str_create(1024);
+	ast_str_set(&sdp1,0,version);
+	ast_str_append(&sdp1,0,owner);
+	ast_str_append(&sdp1,0,subject);
+	ast_str_append(&sdp1,0,connection);
+
+	if (needvideo){
+		ast_str_append(&sdp1,0,bandwidth);
+	}
+
+	ast_str_append(&sdp1,0,session_time);
+	if (needaudio) {
+		ast_str_append(&sdp1,0,m_audio->str);
+		ast_str_append(&sdp1,0,a_audio->str);
+		ast_str_append(&sdp1,0,hold);
+	}
+
+	if (needvideo) { /* only if video response is appropriate */
+		ast_str_append(&sdp1,0,m_video->str);
+		ast_str_append(&sdp1,0,a_video->str);
+		ast_str_append(&sdp1,0,hold);
+	}
+	if (needtext) { /* only if text response is appropriate */
+		ast_str_append(&sdp1,0,m_text->str);
+		ast_str_append(&sdp1,0,a_text->str);
+		ast_str_append(&sdp1,0,hold);
+	}
+	if (add_t38) { /* only if t38 FAX response is appropriate */
+		ast_str_append(&sdp1,0,m_modem->str);
+		ast_str_append(&sdp1,0,a_modem->str);
+		ast_str_append(&sdp1,0,hold);
+	}
+
+	/* get and add the identity string */
+	struct identity_struct *identity = &identity_general;
+	/* FUTURE Select identity struct to use from domain or peer */
+	if (first_message && p->method==SIP_INVITE && !oldsdp && (identity->mode==IDENTITY_SIGN || identity->mode==IDENTITY_SIGN_AND_VALIDATE)) {
+		char idinfo[IDENTITY_SIGNBUF_SIZE];
+		/* call get digest string to get the signing result*/
+		id_get_sip_header(&p->initreq,"Identity-Info",idinfo,sizeof(idinfo));
+		if (debug) {
+			ast_debug(2,"set idinfo [%s]\n",idinfo);
+		}
+		id_main(resp,signed_identity_digest,ast_str_buffer(sdp1),IDENTITY_ACTION_SIGN,user,sizeof(user),identity);
+		ast_free(sdp1);
+		if (strlen(signed_identity_digest)>0) {
+			strcpy(idinfo,"<");
+			strcpy(&idinfo[1],identity->public_url_prefix);
+			strcat(idinfo,user);
+			strcpy(&idinfo[strlen(idinfo)],identity->public_url_suffix);
+			strcat(idinfo,">;alg=rsa-sha1");
+			add_header(resp, "Identity", signed_identity_digest);
+			add_header(resp, "Identity-Info",idinfo);
+			if (sipdebug) {
+				ast_log(LOG_NOTICE,"id [%s]\n idinfo [%s]\n",signed_identity_digest,idinfo);
+			}
+			p->initreq.sip_identity_result=IDENTITY_RES_SIGN_OK;
+		}
+		else {
+			p->initreq.sip_identity_result=IDENTITY_RES_SIGN_BROKEN_KEY;  /* assume broken for now */
+		}
+	}
+	else {
+		p->initreq.sip_identity_result=IDENTITY_RES_SIGN_DISABLED;
+	}
+
+	/* set channel variable with result */
+	sprintf(result_number,"%2d",p->initreq.sip_identity_result);
+	pbx_builtin_setvar_helper(p->owner,"IDENTITY_RESULT",result_number);
+	if (sipdebug) {
+		ast_debug(2,"** Set Chan_Var IDENTITY_RESULT SIGN result to test: [%d], %s\n",p->initreq.sip_identity_result,ident_status(p->initreq.sip_identity_result));
+	}
+
+	/* Add content length now */
 	add_header_contentLength(resp, len);
 	add_line(resp, version);
 	add_line(resp, owner);
@@ -9271,7 +10306,7 @@
 	}
 	respprep(&resp, p, msg, req);
 	if (p->udptl) {
-		add_sdp(&resp, p, 0, 0, 1);
+		add_sdp(&resp, p, 0, 0, 1, FALSE);
 	} else
 		ast_log(LOG_ERROR, "Can't add SDP to response, since we have no UDPTL session allocated. Call-ID %s\n", p->callid);
 	if (retrans && !p->pendinginvite)
@@ -9326,9 +10361,9 @@
 		ast_rtp_instance_activate(p->rtp);
 		try_suggested_sip_codec(p);
 		if (p->t38.state == T38_ENABLED) {
-			add_sdp(&resp, p, oldsdp, TRUE, TRUE);
+			add_sdp(&resp, p, oldsdp, TRUE, TRUE, FALSE);
 		} else {
-			add_sdp(&resp, p, oldsdp, TRUE, FALSE);
+			add_sdp(&resp, p, oldsdp, TRUE, FALSE, FALSE);
 		}
 	} else
 		ast_log(LOG_ERROR, "Can't add SDP to response, since we have no RTP session allocated. Call-ID %s\n", p->callid);
@@ -9417,9 +10452,9 @@
 
 	try_suggested_sip_codec(p);
 	if (t38version)
-		add_sdp(&req, p, oldsdp, FALSE, TRUE);
+		add_sdp(&req, p, oldsdp, FALSE, TRUE, FALSE);
 	else
-		add_sdp(&req, p, oldsdp, TRUE, FALSE);
+		add_sdp(&req, p, oldsdp, TRUE, FALSE, FALSE);
 
 	/* Use this as the basis */
 	initialize_initreq(p, &req);
@@ -9792,10 +10827,10 @@
 		memset(p->offered_media, 0, sizeof(p->offered_media));
 		if (p->udptl && p->t38.state == T38_LOCAL_REINVITE) {
 			ast_debug(1, "T38 is in state %d on channel %s\n", p->t38.state, p->owner ? p->owner->name : "<none>");
-			add_sdp(&req, p, FALSE, FALSE, TRUE);
+			add_sdp(&req, p, FALSE, FALSE, TRUE, TRUE);
 		} else if (p->rtp) {
 			try_suggested_sip_codec(p);
-			add_sdp(&req, p, FALSE, TRUE, FALSE);
+			add_sdp(&req, p, FALSE, TRUE, FALSE, TRUE);
 		}
 	} else if (p->notify) {
 		for (var = p->notify->headers; var; var = var->next)
@@ -10337,7 +11372,7 @@
 			add_header(&req, "Allow", ALLOWED_METHODS);
 			add_header(&req, "Supported", SUPPORTED_EXTENSIONS);
 			add_rpid(&req, p);
-			add_sdp(&req, p, FALSE, TRUE, FALSE);
+			add_sdp(&req, p, FALSE, TRUE, FALSE, FALSE);
 
 			initialize_initreq(p, &req);
 			p->lastinvite = p->ocseq;
@@ -15130,6 +16165,39 @@
 		ast_cli(a->fd, "  Save sys. name:         %s\n", cli_yesno(sip_cfg.rtsave_sysname));
 		ast_cli(a->fd, "  Auto Clear:             %d\n", sip_cfg.rtautoclear);
 	}
+
+	struct identity_struct *identity = &identity_general;
+	/* FUTURE Select identity struct to use from domain or peer */
+	ast_cli(a->fd, "\nSIP Identity Settings:\n");
+	ast_cli(a->fd,   "--------------------------\n");
+	if (identity->mode==IDENTITY_DISABLED) {
+		ast_cli(a->fd, "  Mode:     			  no  (disabled)\n");
+	}
+	else {
+
+		char* mode;
+		switch(identity->mode) {
+			case IDENTITY_SIGN:
+				mode="sign";
+				break;
+			case IDENTITY_VALIDATE:
+				mode="sign";
+				break;
+			default:
+				mode="sign_and_val";
+		}
+
+		ast_cli(a->fd, "  Mode:                   %s\n", mode);
+		ast_cli(a->fd, "  Private URL Prefix:     %s\n", identity->private_url_prefix);
+		ast_cli(a->fd, "  Private URL Suffix:     %s\n", identity->private_url_suffix);
+		ast_cli(a->fd, "  Private File Path:      %s\n", identity->private_path);
+		ast_cli(a->fd, "  Public URL Prefix:      %s\n", identity->public_url_prefix);
+		ast_cli(a->fd, "  Public URL Suffix:      %s\n", identity->public_url_suffix);
+		ast_cli(a->fd, "  Public File Path:       %s\n", identity->public_path);
+		ast_cli(a->fd, "  Cache Path:             %s\n", identity->cache_path);
+
+	}
+
 	ast_cli(a->fd, "\n----\n");
 	return CLI_SUCCESS;
 }
@@ -19351,6 +20419,33 @@

[... 394 lines stripped ...]



More information about the asterisk-commits mailing list