[asterisk-commits] mmichelson: branch 13 r430709 - in /branches/13: ./ configs/samples/ include/...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Jan 16 11:45:57 CST 2015 

Author: mmichelson
Date: Fri Jan 16 11:45:44 2015
New Revision: 430709

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=430709
Log:
Add support for the ca_list_path option for PJSIP transports.

This allows for a path to be specified that has a collection of CA
certificates in it.

ASTERISK-24575 #close
Reported by cloos
Patches:
	pj-ca-path-trunk.diff uploaded by cloos (License #5956)

Review: https://reviewboard.asterisk.org/r/4344


Modified:
    branches/13/CHANGES
    branches/13/configs/samples/pjsip.conf.sample
    branches/13/configure
    branches/13/configure.ac
    branches/13/include/asterisk/autoconfig.h.in
    branches/13/include/asterisk/res_pjsip.h
    branches/13/res/res_pjsip.c
    branches/13/res/res_pjsip/config_transport.c

Modified: branches/13/CHANGES
URL: http://svnview.digium.com/svn/asterisk/branches/13/CHANGES?view=diff&rev=430709&r1=430708&r2=430709
==============================================================================
--- branches/13/CHANGES (original)
+++ branches/13/CHANGES Fri Jan 16 11:45:44 2015
@@ -45,6 +45,12 @@
    and is now configurable via the 't38timeout' configuration option in
    res_fax.conf and via the fax options dialplan function 'FAXOPT(t38timeout)'.
    The default remains at 5000 milliseconds.
+
+PJSIP Transports
+----------
+ * The ca_list_path transport parameter has been added for TLS transports. This
+   option behaves similarly to the old sip.conf option "tlscapath". In order to
+   use this, you must be using PJProject version ?.? or higher.
 
 ARI
 ------------------

Modified: branches/13/configs/samples/pjsip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/branches/13/configs/samples/pjsip.conf.sample?view=diff&rev=430709&r1=430708&r2=430709
==============================================================================
--- branches/13/configs/samples/pjsip.conf.sample (original)
+++ branches/13/configs/samples/pjsip.conf.sample Fri Jan 16 11:45:44 2015
@@ -749,6 +749,10 @@
         ; "")
 ;ca_list_file=  ; File containing a list of certificates to read TLS ONLY
                 ; (default: "")
+;ca_list_path=  ; Path to directory containing certificates to read TLS ONLY.
+                ; PJProject version 2.4 or higher is required for this option to
+				; be used.
+                ; (default: "")
 ;cert_file=     ; Certificate file for endpoint TLS ONLY
                 ; Will read .crt or .pem file but only uses cert,
                 ; a .key file must be specified via priv_key_file

Modified: branches/13/configure.ac
URL: http://svnview.digium.com/svn/asterisk/branches/13/configure.ac?view=diff&rev=430709&r1=430708&r2=430709
==============================================================================
--- branches/13/configure.ac (original)
+++ branches/13/configure.ac Fri Jan 16 11:45:44 2015
@@ -457,6 +457,7 @@
 AST_EXT_LIB_SETUP_OPTIONAL([PJ_TRANSACTION_GRP_LOCK], [PJSIP Transaction Group Lock Support], [PJPROJECT], [pjsip])
 AST_EXT_LIB_SETUP_OPTIONAL([PJSIP_REPLACE_MEDIA_STREAM], [PJSIP Media Stream Replacement Support], [PJPROJECT], [pjsip])
 AST_EXT_LIB_SETUP_OPTIONAL([PJSIP_GET_DEST_INFO], [pjsip_get_dest_info support], [PJPROJECT], [pjsip])
+AST_EXT_LIB_SETUP_OPTIONAL([PJ_SSL_CERT_LOAD_FROM_FILES2], [pj_ssl_cert_load_from_files2 support], [PJPROJECT], [pjsip])
 AST_EXT_LIB_SETUP([PORTAUDIO], [PortAudio], [portaudio])
 AST_EXT_LIB_SETUP([PRI], [ISDN PRI], [pri])
 AST_EXT_LIB_SETUP_OPTIONAL([PRI_SETUP_ACK_INBAND], [ISDN PRI progress inband ie in SETUP ACK], [PRI], [pri])
@@ -2076,6 +2077,7 @@
 CPPFLAGS="${saved_cppflags}"
 
 AST_EXT_LIB_CHECK([PJSIP_GET_DEST_INFO], [pjsip], [pjsip_get_dest_info], [pjsip.h], [$PJPROJECT_LIBS], [$PJPROJECT_CFLAGS])
+AST_EXT_LIB_CHECK([PJ_SSL_CERT_LOAD_FROM_FILES2], [pj], [pj_ssl_cert_load_from_files2], [pjlib.h], [$PJPROJECT_LIBS], [$PJPROJECT_CFLAGS])
 
 AST_EXT_LIB_CHECK([POPT], [popt], [poptStrerror], [popt.h])
 

Modified: branches/13/include/asterisk/autoconfig.h.in
URL: http://svnview.digium.com/svn/asterisk/branches/13/include/asterisk/autoconfig.h.in?view=diff&rev=430709&r1=430708&r2=430709
==============================================================================
--- branches/13/include/asterisk/autoconfig.h.in (original)
+++ branches/13/include/asterisk/autoconfig.h.in Fri Jan 16 11:45:44 2015
@@ -583,6 +583,10 @@
 
 /* Define if your system has the PJSIP_REPLACE_MEDIA_STREAM headers. */
 #undef HAVE_PJSIP_REPLACE_MEDIA_STREAM
+
+/* Define to 1 if PJPROJECT has the pj_ssl_cert_load_from_files2 support
+   feature. */
+#undef HAVE_PJ_SSL_CERT_LOAD_FROM_FILES2
 
 /* Define to 1 if PJPROJECT has the PJSIP Transaction Group Lock Support
    feature. */
@@ -1295,11 +1299,6 @@
 /* Define to 1 if running on Darwin. */
 #undef _DARWIN_UNLIMITED_SELECT
 
-/* Enable large inode numbers on Mac OS X 10.5.  */
-#ifndef _DARWIN_USE_64_BIT_INODE
-# define _DARWIN_USE_64_BIT_INODE 1
-#endif
-
 /* Number of bits in a file offset, on hosts where this is settable. */
 #undef _FILE_OFFSET_BITS
 

Modified: branches/13/include/asterisk/res_pjsip.h
URL: http://svnview.digium.com/svn/asterisk/branches/13/include/asterisk/res_pjsip.h?view=diff&rev=430709&r1=430708&r2=430709
==============================================================================
--- branches/13/include/asterisk/res_pjsip.h (original)
+++ branches/13/include/asterisk/res_pjsip.h Fri Jan 16 11:45:44 2015
@@ -91,6 +91,8 @@
 	AST_DECLARE_STRING_FIELDS(
 		/*! Certificate of authority list file */
 		AST_STRING_FIELD(ca_list_file);
+		/*! Certificate of authority list path */
+		AST_STRING_FIELD(ca_list_path);
 		/*! Public certificate file */
 		AST_STRING_FIELD(cert_file);
 		/*! Optional private key of the certificate file */

Modified: branches/13/res/res_pjsip.c
URL: http://svnview.digium.com/svn/asterisk/branches/13/res/res_pjsip.c?view=diff&rev=430709&r1=430708&r2=430709
==============================================================================
--- branches/13/res/res_pjsip.c (original)
+++ branches/13/res/res_pjsip.c Fri Jan 16 11:45:44 2015
@@ -829,6 +829,9 @@
 				<configOption name="ca_list_file">
 					<synopsis>File containing a list of certificates to read (TLS ONLY)</synopsis>
 				</configOption>
+				<configOption name="ca_list_path">
+					<synopsis>Path to directory containing a list of certificates to read (TLS ONLY)</synopsis>
+				</configOption>
 				<configOption name="cert_file">
 					<synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
 					<description><para>
@@ -1336,6 +1339,9 @@
 				</parameter>
 				<parameter name="CaListFile">
 					<para><xi:include xpointer="xpointer(/docs/configInfo[@name='res_pjsip']/configFile[@name='pjsip.conf']/configObject[@name='transport']/configOption[@name='ca_list_file']/synopsis/node())"/></para>
+				</parameter>
+				<parameter name="CaListPath">
+					<para><xi:include xpointer="xpointer(/docs/configInfo[@name='res_pjsip']/configFile[@name='pjsip.conf']/configObject[@name='transport']/configOption[@name='ca_list_path']/synopsis/node())"/></para>
 				</parameter>
 				<parameter name="CertFile">
 					<para><xi:include xpointer="xpointer(/docs/configInfo[@name='res_pjsip']/configFile[@name='pjsip.conf']/configObject[@name='transport']/configOption[@name='cert_file']/synopsis/node())"/></para>

Modified: branches/13/res/res_pjsip/config_transport.c
URL: http://svnview.digium.com/svn/asterisk/branches/13/res/res_pjsip/config_transport.c?view=diff&rev=430709&r1=430708&r2=430709
==============================================================================
--- branches/13/res/res_pjsip/config_transport.c (original)
+++ branches/13/res/res_pjsip/config_transport.c Fri Jan 16 11:45:44 2015
@@ -217,6 +217,14 @@
 		res = pjsip_tcp_transport_start3(ast_sip_get_pjsip_endpoint(), &cfg, &transport->state->factory);
 	} else if (transport->type == AST_TRANSPORT_TLS) {
 		transport->tls.ca_list_file = pj_str((char*)transport->ca_list_file);
+#ifdef HAVE_PJ_SSL_CERT_LOAD_FROM_FILES2
+		transport->tls.ca_list_path = pj_str((char*)transport->ca_list_path);
+#else
+		if (!ast_strlen_zero(transport->ca_list_path)) {
+			ast_log(LOG_WARNING, "Asterisk has been built against a version of pjproject that does not "
+					"support the 'ca_list_path' option. Please upgrade to version 2.4 or later.\n");
+		}
+#endif
 		transport->tls.cert_file = pj_str((char*)transport->cert_file);
 		transport->tls.privkey_file = pj_str((char*)transport->privkey_file);
 		transport->tls.password = pj_str((char*)transport->password);
@@ -743,6 +751,7 @@
 	ast_sorcery_object_field_register_custom(sorcery, "transport", "bind", "", transport_bind_handler, transport_bind_to_str, NULL, 0, 0);
 	ast_sorcery_object_field_register(sorcery, "transport", "async_operations", "1", OPT_UINT_T, 0, FLDSET(struct ast_sip_transport, async_operations));
 	ast_sorcery_object_field_register(sorcery, "transport", "ca_list_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, ca_list_file));
+	ast_sorcery_object_field_register(sorcery, "transport", "ca_list_path", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, ca_list_path));
 	ast_sorcery_object_field_register(sorcery, "transport", "cert_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, cert_file));
 	ast_sorcery_object_field_register(sorcery, "transport", "priv_key_file", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, privkey_file));
 	ast_sorcery_object_field_register(sorcery, "transport", "password", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, password));

More information about the asterisk-commits mailing list