[asterisk-dev] [Code Review] Added Force Encrypt option to iax.conf

[David Vossel]

"If someones config specifieds forceencryption=yes then encryption=yes
afterwards the IAX_FORCE_ENCRYPT flag is cleared."

Not exactly, but this code is incorrect.   If the encrypt method was set to anything except for "yes", such as "aes128", Force Encrypt would be cleared.  I've fixed this by checking to make sure the encmethods variable is set to something besides 0 which is what get_encrypt_methods returns if no encryption method was found. 

"Also if/when there are other encryption methods supported, they probably
wont work with forceencryption since the value is checked for ast_true
and then get_encrypt_methods(v->value) is called."

Yep, changed to check fo ast_false when clearing. 

Thanks!
~Vossel 

----- Original Message -----
From: "James Golovich" <james at gnuinter.net>
To: "Asterisk Developers Mailing List" <asterisk-dev at lists.digium.com>
Sent: Wednesday, February 11, 2009 12:19:24 PM GMT -06:00 US/Canada Central
Subject: Re: [asterisk-dev] [Code Review] Added Force Encrypt option to	iax.conf

I've not used review board yet so I'll just send this to the list.  I
looked over the code and see a potential issue with the config processing.

If someones config specifieds forceencryption=yes then encryption=yes
afterwards the IAX_FORCE_ENCRYPT flag is cleared.

Also if/when there are other encryption methods supported, they probably
wont work with forceencryption since the value is checked for ast_true
and then get_encrypt_methods(v->value) is called.

So if someone has:

encryption=superencryptionalgo
forceencryption=yes

or even:
forceencryption=superencryptionalgo

it will revert to aes128 (in the first case) and the second case will
clear the IAX_FORCE_ENCRYPT flag

James

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev