[asterisk-dev] The TCP/TLS support in chan_sip 1.6 - make it "experimental"

Raj Jain rj2807 at gmail.com
Tue Mar 18 06:05:36 CDT 2008 

Hi Olle,

I generally agree with your suggestion. In addition to the issues you
mentioned, there are also the issues of NAT traversal and persistent
connections in SIP over TCP. These will require additional design
consideration.

-- 
Raj Jain


On Tue, Mar 18, 2008 at 4:15 AM, Johansson Olle E <oej at edvina.net> wrote:
> Friends,
>
>  I see a lot of issues with the current TCP/TLS support and it's
>  configuration in chan_sip. We will need to change the configuration,
>  how it's used in the dialplan and much more. In order to be able to do
>  this without having to be backward compatible with the current
>  implementation, I vote for marking the current implementation
>  "experimental" and warning people that it may change.
>
>  Some issues I see (without spending a lot of time testing):
>
>  - You can't specificy call type in the dial string in the dialplan
>  - Certificates for multiple domains is not implemented. We need to tie
>  certs to the domains.
>  - We haven't implemented "security levels" for calls (see my earlier
>  mails to asterisk-dev and asterisk-users about this)
>  - DNS SRV record handling and NAPTR doesn't work as specified
>  - If a call transfer transfers to a TLS uri, this won't work, since
>  the dialplan doesn't support it.
>
>  So there's still a lot of work to be done, even if we can connect a
>  phone locally to Asterisk with tcp/tls. It's not ready for release.
>
>  I'm sorry I haven't been able to contribute, but at the moment I have
>  no sponsor for my Asterisk work and no customer interested in these
>  issues. I do feel it is important that we get the architecture right
>  before locking it in a release though and I am very worried about the
>  current state of the code. I don't want us to be forced to be
>  backwards compatible if I do get anyone to sponsor such work or if
>  someone else takes the task to complete this work.
>
>  Thanks to those that brought the code here, it's a huge step forward.
>
>  /O
>
>  _______________________________________________
>  --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
>  asterisk-dev mailing list
>  To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>

More information about the asterisk-dev mailing list