[asterisk-dev] The TCP/TLS support in chan_sip 1.6 - make it "experimental"

[Johansson Olle E]

Friends,

I see a lot of issues with the current TCP/TLS support and it's  
configuration in chan_sip. We will need to change the configuration,  
how it's used in the dialplan and much more. In order to be able to do  
this without having to be backward compatible with the current  
implementation, I vote for marking the current implementation  
"experimental" and warning people that it may change.

Some issues I see (without spending a lot of time testing):

- You can't specificy call type in the dial string in the dialplan
- Certificates for multiple domains is not implemented. We need to tie  
certs to the domains.
- We haven't implemented "security levels" for calls (see my earlier  
mails to asterisk-dev and asterisk-users about this)
- DNS SRV record handling and NAPTR doesn't work as specified
- If a call transfer transfers to a TLS uri, this won't work, since  
the dialplan doesn't support it.

So there's still a lot of work to be done, even if we can connect a  
phone locally to Asterisk with tcp/tls. It's not ready for release.

I'm sorry I haven't been able to contribute, but at the moment I have  
no sponsor for my Asterisk work and no customer interested in these  
issues. I do feel it is important that we get the architecture right  
before locking it in a release though and I am very worried about the  
current state of the code. I don't want us to be forced to be  
backwards compatible if I do get anyone to sponsor such work or if  
someone else takes the task to complete this work.

Thanks to those that brought the code here, it's a huge step forward.

/O