[asterisk-dev] [Code Review] Added Force Encrypt option to iax.conf
Russell Bryant
russell at digium.com
Wed Feb 11 15:46:53 CST 2009
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard.digium.com/r/150/#review396
-----------------------------------------------------------
What happens if you set "forceencryption=yes" for a peer, and the peer also has no secret set? Will an outgoing call work bypassing the encryption checks? How about the same situation for a user? Will an incoming call work?
I ask these questions since the checks for this option are in the authentication handlers. So, you'll have to make sure that things will still work as you expect them to when authentication isn't going to be attempted.
/trunk/channels/chan_iax2.c
<http://reviewboard.digium.com/r/150/#comment936>
I know that you just followed the code above this, but I just wanted to point out that all of these copy flag calls can be reduced to a single use of ast_copy_flags:
ast_copy_flags(i, user, FLAG1 | FLAG2 | FLAG3 | FLAG4);
/trunk/channels/chan_iax2.c
<http://reviewboard.digium.com/r/150/#comment937>
This code makes forceencryption=aes128 a noop
/trunk/channels/chan_iax2.c
<http://reviewboard.digium.com/r/150/#comment939>
Check forceencryption=aes128
/trunk/channels/chan_iax2.c
<http://reviewboard.digium.com/r/150/#comment938>
forceencryption=aes128 is a noop here, too
- Russell
On 2009-02-11 14:17:17, David Vossel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://reviewboard.digium.com/r/150/
> -----------------------------------------------------------
>
> (Updated 2009-02-11 14:17:17)
>
>
> Review request for Asterisk Developers and Russell Bryant.
>
>
> Summary
> -------
>
> There was a feature request to add any option into iax.conf to force encryption... so I made it. Basically if force encryption is enabled, encryption is enabled as well. Encryption is checked during the processing of the AUTHREQ and AUTHREP frames. If the encryption ie isn't present from the other side during this process, the call is terminated. When a call is placed to the box, the NEW frame contains the encryption method, so the authenticate_verify() function used during AUTHREP processing only checks to see if encryption method has been set rather than if the encryption ie is present. When a call is placed from the box, the AUTHREQ message must contain the encryption ie in response to our NEW request or the call is terminated. this check is in the authenticate_reply() function.
>
>
> Diffs
> -----
>
> /trunk/channels/chan_iax2.c 174884
>
> Diff: http://reviewboard.digium.com/r/150/diff
>
>
> Testing
> -------
>
>
> Thanks,
>
> David
>
>
More information about the asterisk-dev
mailing list