[asterisk-dev] The TCP/TLS support in chan_sip 1.6 - make it "experimental"

Johansson Olle E oej at edvina.net
Tue Mar 18 06:09:14 CDT 2008


18 mar 2008 kl. 12.05 skrev Raj Jain:

> Hi Olle,
>
> I generally agree with your suggestion. In addition to the issues you
> mentioned, there are also the issues of NAT traversal and persistent
> connections in SIP over TCP. These will require additional design
> consideration.
>
Absolutely, the whole outbound stuff needs to be implemented.
Thanks for the feedback.

/O
> --  
> Raj Jain
>
>
> On Tue, Mar 18, 2008 at 4:15 AM, Johansson Olle E <oej at edvina.net>  
> wrote:
>> Friends,
>>
>> I see a lot of issues with the current TCP/TLS support and it's
>> configuration in chan_sip. We will need to change the configuration,
>> how it's used in the dialplan and much more. In order to be able to  
>> do
>> this without having to be backward compatible with the current
>> implementation, I vote for marking the current implementation
>> "experimental" and warning people that it may change.
>>
>> Some issues I see (without spending a lot of time testing):
>>
>> - You can't specificy call type in the dial string in the dialplan
>> - Certificates for multiple domains is not implemented. We need to  
>> tie
>> certs to the domains.
>> - We haven't implemented "security levels" for calls (see my earlier
>> mails to asterisk-dev and asterisk-users about this)
>> - DNS SRV record handling and NAPTR doesn't work as specified
>> - If a call transfer transfers to a TLS uri, this won't work, since
>> the dialplan doesn't support it.
>>
>> So there's still a lot of work to be done, even if we can connect a
>> phone locally to Asterisk with tcp/tls. It's not ready for release.
>>
>> I'm sorry I haven't been able to contribute, but at the moment I have
>> no sponsor for my Asterisk work and no customer interested in these
>> issues. I do feel it is important that we get the architecture right
>> before locking it in a release though and I am very worried about the
>> current state of the code. I don't want us to be forced to be
>> backwards compatible if I do get anyone to sponsor such work or if
>> someone else takes the task to complete this work.
>>
>> Thanks to those that brought the code here, it's a huge step forward.
>>
>> /O
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-dev mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev

---
* Olle E Johansson - oej at edvina.net
* Cell phone +46 70 593 68 51, Office +46 8 96 40 20, Sweden






More information about the asterisk-dev mailing list