[Asterisk-code-review] secure calling: Add off-nominal call tests (testsuite[master])
George Joseph
asteriskteam at digium.com
Thu Dec 14 10:40:53 CST 2017
George Joseph has submitted this change and it was merged. ( https://gerrit.asterisk.org/7528 )
Change subject: secure_calling: Add off-nominal call tests
......................................................................
secure_calling: Add off-nominal call tests
Change-Id: I898602f411b68a60fab1cc99fffec1714d5999d9
---
M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf
M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf
A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml
A tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml
63 files changed, 728 insertions(+), 16 deletions(-)
Approvals:
Jenkins2: Verified
George Joseph: Looks good to me, approved; Approved for Submit
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf
index f348e1a..42c7268 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf
index 20b7847..e8610a0 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
@@ -45,4 +45,3 @@
[bob]
type = aor
contact = sips:127.0.0.1:5063\;transport=tls
-
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf
index 75ac516..5690622 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast3.key
cert_file = <<astetcdir>>/ca1-ast3.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf
index 1bf7f8b..a6606f8 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM
+cipher = ECDHE-RSA-AES256-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
@@ -31,6 +31,7 @@
dtls_cert_file = <<astetcdir>>/ca1-ast1.crt
dtls_ca_file = <<astetcdir>>/ca1.crt
dtls_verify = yes
+dtls_cipher = ECDHE-RSA-AES128-SHA
[pbx-ast2]
type=aor
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf
index 20b7847..ed4cf83 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
@@ -32,6 +32,7 @@
dtls_cert_file = <<astetcdir>>/ca1-ast2.crt
dtls_ca_file = <<astetcdir>>/ca1.crt
dtls_verify = yes
+dtls_cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
[alice]
type = aor
@@ -45,4 +46,3 @@
[bob]
type = aor
contact = sips:127.0.0.1:5063\;transport=tls
-
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf
index 3ffd18c..6e6728f 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES256-SHA256
+cipher = ECDHE-RSA-AES128-SHA
priv_key_file = <<astetcdir>>/ca1-ast3.key
cert_file = <<astetcdir>>/ca1-ast3.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf
index fe5d9ca..38643e7 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf
index 3587ec5..5895cba 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca1.crt
@@ -45,4 +45,3 @@
[bob]
type = aor
contact = sips:127.0.0.1:5063\;transport=tls
-
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf
index f9d3fb6..5b6d4f4 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca2-ast3.key
cert_file = <<astetcdir>>/ca2-ast3.crt
ca_list_file = <<astetcdir>>/ca2.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf
index fe5d9ca..38643e7 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast1.key
cert_file = <<astetcdir>>/ca1-ast1.crt
ca_list_file = <<astetcdir>>/ca1.crt
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf
index ea44c9b..2886a17 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca1-ast2.key
cert_file = <<astetcdir>>/ca1-ast2.crt
ca_list_file = <<astetcdir>>/ca-bundle.crt
@@ -45,4 +45,3 @@
[bob]
type = aor
contact = sips:127.0.0.1:5063\;transport=tls
-
diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf
index b319edb..c7f7677 100644
--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf
+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf
@@ -4,7 +4,7 @@
type = transport
protocol = tls
method = tlsv1
-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
priv_key_file = <<astetcdir>>/ca2-ast3.key
cert_file = <<astetcdir>>/ca2-ast3.crt
ca_list_path = <<astetcdir>>/
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt
new file mode 120000
index 0000000..7373cdc
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key
new file mode 120000
index 0000000..e7956fb
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast1.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt
new file mode 120000
index 0000000..f28c13f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf
new file mode 100644
index 0000000..b90594a
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf
@@ -0,0 +1,19 @@
+; I'm Alice
+; When the testsuite calls originate, this instance will call bob (ast3) via
+; the pbx (ast2) and the created channel will be connected to start at default.
+
+[default]
+exten => start,1,Answer()
+same => n,BackgroundDetect(tt-weasels,1,20,,5000)
+same => n,NoOp(Talking was NOT detected! Trying again)
+same => n,BackgroundDetect(tt-weasels,1,20,,5000)
+same => n,NoOp(Talking was NOT detected!)
+same => n,UserEvent(TalkDetect, result: fail)
+same => n,Hangup()
+
+; If talking is detected then it jumps here
+exten => talk,1,NoOp(Talking was detected!)
+same => n,UserEvent(TalkDetect, result: pass)
+same => n,Playback(tt-weasels)
+same => n,Wait(2)
+same => n,Hangup()
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf
new file mode 100644
index 0000000..42c7268
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf
@@ -0,0 +1,37 @@
+; I'm Alice (ast1) with a connection to the pbx (ast2)
+
+[local-transport-tls]
+type = transport
+protocol = tls
+method = tlsv1
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+priv_key_file = <<astetcdir>>/ca1-ast1.key
+cert_file = <<astetcdir>>/ca1-ast1.crt
+ca_list_file = <<astetcdir>>/ca1.crt
+verify_client = yes
+verify_server = yes
+require_client_cert = yes
+async_operations = 20
+bind = 127.0.0.1:5061
+
+[pbx-ast2]
+type=endpoint
+transport=local-transport-tls
+context=default
+allow=!all,ulaw,alaw
+media_address=127.0.0.1
+direct_media=no
+from_user=alice
+from_domain=127.0.0.1
+aors=pbx-ast2
+trust_id_inbound = yes
+trust_id_outbound = yes
+media_encryption = dtls
+dtls_private_key = <<astetcdir>>/ca1-ast1.key
+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt
+dtls_ca_file = <<astetcdir>>/ca1.crt
+dtls_verify = yes
+
+[pbx-ast2]
+type=aor
+contact=sips:127.0.0.1:5062\;transport=tls
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt
new file mode 120000
index 0000000..48e3817
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key
new file mode 120000
index 0000000..2963fc7
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast2.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt
new file mode 120000
index 0000000..f28c13f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt
new file mode 120000
index 0000000..439d604
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca2/ca2-ast2.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key
new file mode 120000
index 0000000..309b783
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca2/ca2-ast2.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt
new file mode 120000
index 0000000..8a70e54
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca2/ca2.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf
new file mode 100644
index 0000000..e379760
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf
@@ -0,0 +1,5 @@
+
+[default]
+exten => bob,1,Answer()
+ same => n,Playback(tt-weasels)
+ same => n,Hangup()
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf
new file mode 100644
index 0000000..b55cab8
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf
@@ -0,0 +1,38 @@
+; I'm the pbx (ast2) expecting connections from alice (ast1)
+
+[local-transport-tls]
+type = transport
+protocol = tls
+method = tlsv1
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+priv_key_file = <<astetcdir>>/ca1-ast2.key
+cert_file = <<astetcdir>>/ca1-ast2.crt
+ca_list_file = <<astetcdir>>/ca1.crt
+verify_client = yes
+verify_server = yes
+require_client_cert = yes
+async_operations = 20
+bind = 127.0.0.1:5062
+
+[endpoint-template-tls](!)
+type=endpoint
+transport=local-transport-tls
+context=default
+allow=!all,ulaw,alaw
+media_address=127.0.0.1
+direct_media=no
+trust_id_inbound = yes
+trust_id_outbound = yes
+
+[alice](endpoint-template-tls)
+aors=alice
+from_user=pbx-ast2
+media_encryption = dtls
+dtls_private_key = <<astetcdir>>/ca2-ast2.key
+dtls_cert_file = <<astetcdir>>/ca2-ast2.crt
+dtls_ca_file = <<astetcdir>>/ca2.crt
+dtls_verify = yes
+
+[alice]
+type = aor
+contact = sips:alice at 127.0.0.1:5061\;transport=tls
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml
new file mode 100644
index 0000000..e642aaa
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml
@@ -0,0 +1,77 @@
+testinfo:
+ summary: 'Tests sips/tls and dtls/sdes'
+ description: |
+ 'Run two instances of Asterisk, "alice" and "pbx" to test
+ dtls verify failure.
+ alice has certs and keys from ca1.
+ pbx has them for both ca1 and ca2 and uses ca1 for sips
+ then uses ca2 for dtls.
+ Both have verify enabled.
+
+ pbx answers and sends audio back to alice.
+ alice should NOT detect any since the dtls negotiation should have
+ failed.
+
+test-modules:
+ test-object:
+ config-section: test-object-config
+ typename: 'test_case.TestCaseModule'
+ modules:
+ -
+ config-section: originator-config-tls
+ typename: 'pluggable_modules.Originator'
+ -
+ config-section: 'ami-config'
+ typename: 'pluggable_modules.EventActionModule'
+
+test-object-config:
+ asterisk-instances: 2
+ connect-ami: True
+
+# Alice calls bob via pbx1 then connects the call to the "start"
+# extension which does the audio detection.
+originator-config-tls:
+ trigger: 'ami_connect'
+ ignore-originate-failure: 'no'
+ id: '0'
+ channel: 'PJSIP/bob at pbx-ast2'
+ context: 'default'
+ exten: 'start'
+ priority: '1'
+ async: 'True'
+
+ami-config:
+ # Alice events
+ -
+ ami-events:
+ type: 'headermatch'
+ id: '0'
+ conditions:
+ match:
+ Event: 'UserEvent'
+ Channel: 'PJSIP/pbx-ast2.*'
+ UserEvent: 'TalkDetect'
+# We must NOT get a TalkDetect UserEvent
+ count: '0'
+ -
+ ami-events:
+ type: 'headermatch'
+ id: '1'
+ conditions:
+ match:
+ Event: 'TestEvent'
+ State: 'SESSION_DESTROYED'
+ Endpoint: 'alice'
+ count: '1'
+ stop_test:
+
+properties:
+ minversion: '12.0.0'
+ dependencies:
+ - asterisk : 'chan_pjsip'
+ - asterisk : 'res_pjsip'
+ - asterisk : 'res_pjsip_session'
+ - asterisk : 'res_pjsip_sips_contact'
+ - asterisk : 'res_srtp'
+ tags:
+ - pjsip
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt
new file mode 120000
index 0000000..7373cdc
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key
new file mode 120000
index 0000000..e7956fb
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast1.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt
new file mode 120000
index 0000000..f28c13f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf
new file mode 100644
index 0000000..b90594a
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf
@@ -0,0 +1,19 @@
+; I'm Alice
+; When the testsuite calls originate, this instance will call bob (ast3) via
+; the pbx (ast2) and the created channel will be connected to start at default.
+
+[default]
+exten => start,1,Answer()
+same => n,BackgroundDetect(tt-weasels,1,20,,5000)
+same => n,NoOp(Talking was NOT detected! Trying again)
+same => n,BackgroundDetect(tt-weasels,1,20,,5000)
+same => n,NoOp(Talking was NOT detected!)
+same => n,UserEvent(TalkDetect, result: fail)
+same => n,Hangup()
+
+; If talking is detected then it jumps here
+exten => talk,1,NoOp(Talking was detected!)
+same => n,UserEvent(TalkDetect, result: pass)
+same => n,Playback(tt-weasels)
+same => n,Wait(2)
+same => n,Hangup()
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf
new file mode 100644
index 0000000..f491080
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf
@@ -0,0 +1,38 @@
+; I'm Alice (ast1) with a connection to the pbx (ast2)
+
+[local-transport-tls]
+type = transport
+protocol = tls
+method = tlsv1
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+priv_key_file = <<astetcdir>>/ca1-ast1.key
+cert_file = <<astetcdir>>/ca1-ast1.crt
+ca_list_file = <<astetcdir>>/ca1.crt
+verify_client = yes
+verify_server = yes
+require_client_cert = yes
+async_operations = 20
+bind = 127.0.0.1:5061
+
+[pbx-ast2]
+type=endpoint
+transport=local-transport-tls
+context=default
+allow=!all,ulaw,alaw
+media_address=127.0.0.1
+direct_media=no
+from_user=alice
+from_domain=127.0.0.1
+aors=pbx-ast2
+trust_id_inbound = yes
+trust_id_outbound = yes
+media_encryption = dtls
+dtls_private_key = <<astetcdir>>/ca1-ast1.key
+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt
+dtls_ca_file = <<astetcdir>>/ca1.crt
+dtls_verify = yes
+dtls_cipher = ECDHE-RSA-AES256-SHA
+
+[pbx-ast2]
+type=aor
+contact=sips:127.0.0.1:5062\;transport=tls
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt
new file mode 120000
index 0000000..48e3817
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key
new file mode 120000
index 0000000..2963fc7
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast2.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt
new file mode 120000
index 0000000..f28c13f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf
new file mode 100644
index 0000000..e379760
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf
@@ -0,0 +1,5 @@
+
+[default]
+exten => bob,1,Answer()
+ same => n,Playback(tt-weasels)
+ same => n,Hangup()
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf
new file mode 100644
index 0000000..82d16e4
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf
@@ -0,0 +1,40 @@
+; I'm the pbx (ast2) expecting connections from alice (ast1)
+
+[local-transport-tls]
+type = transport
+protocol = tls
+method = tlsv1
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+priv_key_file = <<astetcdir>>/ca1-ast2.key
+cert_file = <<astetcdir>>/ca1-ast2.crt
+ca_list_file = <<astetcdir>>/ca1.crt
+verify_client = yes
+verify_server = yes
+require_client_cert = yes
+async_operations = 20
+bind = 127.0.0.1:5062
+
+[endpoint-template-tls](!)
+type=endpoint
+transport=local-transport-tls
+context=default
+allow=!all,ulaw,alaw
+media_address=127.0.0.1
+direct_media=no
+trust_id_inbound = yes
+trust_id_outbound = yes
+
+[alice](endpoint-template-tls)
+aors=alice
+from_user=pbx-ast2
+media_encryption = dtls
+dtls_private_key = <<astetcdir>>/ca1-ast2.key
+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt
+dtls_ca_file = <<astetcdir>>/ca1.crt
+dtls_verify = yes
+; ECDHE-RSA-AES256-SHA is removed
+dtls_cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+
+[alice]
+type = aor
+contact = sips:alice at 127.0.0.1:5061\;transport=tls
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml
new file mode 100644
index 0000000..1ef5676
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml
@@ -0,0 +1,78 @@
+testinfo:
+ summary: 'Tests sips/tls and dtls/sdes'
+ description: |
+ 'Run two instances of Asterisk, "alice" and "pbx" to test
+ dtls cipher failure.
+ alice<>pbx uses dtls for media.
+ alice has only the AES256-SHA256 dtls cipher enabled.
+ pbx has only the AES128 ciphers enabled.
+
+ sips tls negotiation should pass.
+ pbx answers and sends audio back to alice.
+ alice should NOT detect any since the dtls negotiation should have
+ failed.
+
+test-modules:
+ test-object:
+ config-section: test-object-config
+ typename: 'test_case.TestCaseModule'
+ modules:
+ -
+ config-section: originator-config-tls
+ typename: 'pluggable_modules.Originator'
+ -
+ config-section: 'ami-config'
+ typename: 'pluggable_modules.EventActionModule'
+
+test-object-config:
+ asterisk-instances: 2
+ connect-ami: True
+
+# Alice calls bob via pbx1 then connects the call to the "start"
+# extension which does the audio detection.
+originator-config-tls:
+ trigger: 'ami_connect'
+ ignore-originate-failure: 'no'
+ id: '0'
+ channel: 'PJSIP/bob at pbx-ast2'
+ context: 'default'
+ exten: 'start'
+ priority: '1'
+ async: 'True'
+
+ami-config:
+ # Alice events
+ -
+ ami-events:
+ type: 'headermatch'
+ id: '0'
+ conditions:
+ match:
+ Event: 'UserEvent'
+ Channel: 'PJSIP/pbx-ast2.*'
+ UserEvent: 'TalkDetect'
+# We must NOT get a TalkDetect UserEvent.
+ count: '0'
+ -
+ ami-events:
+ type: 'headermatch'
+ id: '1'
+ conditions:
+ match:
+ Event: 'TestEvent'
+ State: 'SESSION_DESTROYED'
+ Endpoint: 'alice'
+ count: '1'
+ stop_test:
+
+properties:
+ minversion: '12.0.0'
+ dependencies:
+ - buildoption: 'TEST_FRAMEWORK'
+ - asterisk : 'chan_pjsip'
+ - asterisk : 'res_pjsip'
+ - asterisk : 'res_pjsip_session'
+ - asterisk : 'res_pjsip_sips_contact'
+ - asterisk : 'res_srtp'
+ tags:
+ - pjsip
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt
new file mode 120000
index 0000000..7373cdc
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key
new file mode 120000
index 0000000..e7956fb
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast1.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt
new file mode 120000
index 0000000..f28c13f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf
new file mode 100644
index 0000000..b90594a
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf
@@ -0,0 +1,19 @@
+; I'm Alice
+; When the testsuite calls originate, this instance will call bob (ast3) via
+; the pbx (ast2) and the created channel will be connected to start at default.
+
+[default]
+exten => start,1,Answer()
+same => n,BackgroundDetect(tt-weasels,1,20,,5000)
+same => n,NoOp(Talking was NOT detected! Trying again)
+same => n,BackgroundDetect(tt-weasels,1,20,,5000)
+same => n,NoOp(Talking was NOT detected!)
+same => n,UserEvent(TalkDetect, result: fail)
+same => n,Hangup()
+
+; If talking is detected then it jumps here
+exten => talk,1,NoOp(Talking was detected!)
+same => n,UserEvent(TalkDetect, result: pass)
+same => n,Playback(tt-weasels)
+same => n,Wait(2)
+same => n,Hangup()
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf
new file mode 100644
index 0000000..e8fffe7
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf
@@ -0,0 +1,37 @@
+; I'm Alice (ast1) with a connection to the pbx (ast2)
+
+[local-transport-tls]
+type = transport
+protocol = tls
+method = tlsv1
+cipher = ECDHE-RSA-AES256-SHA
+priv_key_file = <<astetcdir>>/ca1-ast1.key
+cert_file = <<astetcdir>>/ca1-ast1.crt
+ca_list_file = <<astetcdir>>/ca1.crt
+verify_client = yes
+verify_server = yes
+require_client_cert = yes
+async_operations = 20
+bind = 127.0.0.1:5061
+
+[pbx-ast2]
+type=endpoint
+transport=local-transport-tls
+context=default
+allow=!all,ulaw,alaw
+media_address=127.0.0.1
+direct_media=no
+from_user=alice
+from_domain=127.0.0.1
+aors=pbx-ast2
+trust_id_inbound = yes
+trust_id_outbound = yes
+media_encryption = dtls
+dtls_private_key = <<astetcdir>>/ca1-ast1.key
+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt
+dtls_ca_file = <<astetcdir>>/ca1.crt
+dtls_verify = yes
+
+[pbx-ast2]
+type=aor
+contact=sips:127.0.0.1:5062\;transport=tls
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt
new file mode 120000
index 0000000..48e3817
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key
new file mode 120000
index 0000000..2963fc7
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast2.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt
new file mode 120000
index 0000000..f28c13f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf
new file mode 100644
index 0000000..e379760
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf
@@ -0,0 +1,5 @@
+
+[default]
+exten => bob,1,Answer()
+ same => n,Playback(tt-weasels)
+ same => n,Hangup()
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf
new file mode 100644
index 0000000..0c4f44a
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf
@@ -0,0 +1,39 @@
+; I'm the pbx (ast2) expecting connections from alice.
+
+[local-transport-tls]
+type = transport
+protocol = tls
+method = tlsv1
+; ECDHE-RSA-AES256-SHA is removed
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+priv_key_file = <<astetcdir>>/ca1-ast2.key
+cert_file = <<astetcdir>>/ca1-ast2.crt
+ca_list_file = <<astetcdir>>/ca1.crt
+verify_client = yes
+verify_server = yes
+require_client_cert = yes
+async_operations = 20
+bind = 127.0.0.1:5062
+
+[endpoint-template-tls](!)
+type=endpoint
+transport=local-transport-tls
+context=default
+allow=!all,ulaw,alaw
+media_address=127.0.0.1
+direct_media=no
+trust_id_inbound = yes
+trust_id_outbound = yes
+
+[alice](endpoint-template-tls)
+aors=alice
+from_user=pbx-ast2
+media_encryption = dtls
+dtls_private_key = <<astetcdir>>/ca1-ast2.key
+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt
+dtls_ca_file = <<astetcdir>>/ca1.crt
+dtls_verify = yes
+
+[alice]
+type = aor
+contact = sips:alice at 127.0.0.1:5061\;transport=tls
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml
new file mode 100644
index 0000000..dab7ad5
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml
@@ -0,0 +1,62 @@
+testinfo:
+ summary: 'Tests sips/tls and dtls/sdes'
+ description: |
+ 'Run two instances of Asterisk, "alice" and "pbx" to test
+ sips cipher failure.
+ alice has only the AES256-SHA256 sips cipher enabled.
+ pbx has only the AES128 ciphers enabled.
+
+ The call should fail OriginateResponse failure.
+
+test-modules:
+ test-object:
+ config-section: test-object-config
+ typename: 'test_case.TestCaseModule'
+ modules:
+ -
+ config-section: originator-config-tls
+ typename: 'pluggable_modules.Originator'
+ -
+ config-section: 'ami-config'
+ typename: 'pluggable_modules.EventActionModule'
+
+test-object-config:
+ asterisk-instances: 2
+ connect-ami: True
+
+# Alice calls bob via pbx1 then connects the call to the "start"
+# extension which does the audio detection.
+originator-config-tls:
+ trigger: 'ami_connect'
+ ignore-originate-failure: 'no'
+ id: '0'
+ channel: 'PJSIP/bob at pbx-ast2'
+ context: 'default'
+ exten: 'start'
+ priority: '1'
+ async: 'True'
+
+ami-config:
+ # Alice events
+ -
+ ami-events:
+ type: 'headermatch'
+ id: '0'
+ conditions:
+ match:
+ Event: 'OriginateResponse'
+ Channel: 'PJSIP/bob at pbx-ast2'
+ Response: 'Failure'
+ count: '1'
+ stop_test:
+
+properties:
+ minversion: '12.0.0'
+ dependencies:
+ - asterisk : 'chan_pjsip'
+ - asterisk : 'res_pjsip'
+ - asterisk : 'res_pjsip_session'
+ - asterisk : 'res_pjsip_sips_contact'
+ - asterisk : 'res_srtp'
+ tags:
+ - pjsip
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt
new file mode 120000
index 0000000..7373cdc
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key
new file mode 120000
index 0000000..e7956fb
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast1.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt
new file mode 120000
index 0000000..f28c13f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf
new file mode 100644
index 0000000..b90594a
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf
@@ -0,0 +1,19 @@
+; I'm Alice
+; When the testsuite calls originate, this instance will call bob (ast3) via
+; the pbx (ast2) and the created channel will be connected to start at default.
+
+[default]
+exten => start,1,Answer()
+same => n,BackgroundDetect(tt-weasels,1,20,,5000)
+same => n,NoOp(Talking was NOT detected! Trying again)
+same => n,BackgroundDetect(tt-weasels,1,20,,5000)
+same => n,NoOp(Talking was NOT detected!)
+same => n,UserEvent(TalkDetect, result: fail)
+same => n,Hangup()
+
+; If talking is detected then it jumps here
+exten => talk,1,NoOp(Talking was detected!)
+same => n,UserEvent(TalkDetect, result: pass)
+same => n,Playback(tt-weasels)
+same => n,Wait(2)
+same => n,Hangup()
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf
new file mode 100644
index 0000000..42c7268
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf
@@ -0,0 +1,37 @@
+; I'm Alice (ast1) with a connection to the pbx (ast2)
+
+[local-transport-tls]
+type = transport
+protocol = tls
+method = tlsv1
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+priv_key_file = <<astetcdir>>/ca1-ast1.key
+cert_file = <<astetcdir>>/ca1-ast1.crt
+ca_list_file = <<astetcdir>>/ca1.crt
+verify_client = yes
+verify_server = yes
+require_client_cert = yes
+async_operations = 20
+bind = 127.0.0.1:5061
+
+[pbx-ast2]
+type=endpoint
+transport=local-transport-tls
+context=default
+allow=!all,ulaw,alaw
+media_address=127.0.0.1
+direct_media=no
+from_user=alice
+from_domain=127.0.0.1
+aors=pbx-ast2
+trust_id_inbound = yes
+trust_id_outbound = yes
+media_encryption = dtls
+dtls_private_key = <<astetcdir>>/ca1-ast1.key
+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt
+dtls_ca_file = <<astetcdir>>/ca1.crt
+dtls_verify = yes
+
+[pbx-ast2]
+type=aor
+contact=sips:127.0.0.1:5062\;transport=tls
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt
new file mode 120000
index 0000000..48e3817
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key
new file mode 120000
index 0000000..2963fc7
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1-ast2.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt
new file mode 120000
index 0000000..f28c13f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca1/ca1.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt
new file mode 120000
index 0000000..439d604
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca2/ca2-ast2.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key
new file mode 120000
index 0000000..309b783
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca2/ca2-ast2.key
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt
new file mode 120000
index 0000000..8a70e54
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt
@@ -0,0 +1 @@
+../../../../../../../../../configs/keys/ca2/ca2.crt
\ No newline at end of file
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf
new file mode 100644
index 0000000..e379760
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf
@@ -0,0 +1,5 @@
+
+[default]
+exten => bob,1,Answer()
+ same => n,Playback(tt-weasels)
+ same => n,Hangup()
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf
new file mode 100644
index 0000000..c49833f
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf
@@ -0,0 +1,38 @@
+; I'm the pbx (ast2) expecting connections from alice (ast1)
+
+[local-transport-tls]
+type = transport
+protocol = tls
+method = tlsv1
+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA
+priv_key_file = <<astetcdir>>/ca2-ast2.key
+cert_file = <<astetcdir>>/ca2-ast2.crt
+ca_list_file = <<astetcdir>>/ca2.crt
+verify_client = yes
+verify_server = yes
+require_client_cert = yes
+async_operations = 20
+bind = 127.0.0.1:5062
+
+[endpoint-template-tls](!)
+type=endpoint
+transport=local-transport-tls
+context=default
+allow=!all,ulaw,alaw
+media_address=127.0.0.1
+direct_media=no
+trust_id_inbound = yes
+trust_id_outbound = yes
+
+[alice](endpoint-template-tls)
+aors=alice
+from_user=pbx-ast2
+media_encryption = dtls
+dtls_private_key = <<astetcdir>>/ca1-ast2.key
+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt
+dtls_ca_file = <<astetcdir>>/ca1.crt
+dtls_verify = yes
+
+[alice]
+type = aor
+contact = sips:alice at 127.0.0.1:5061\;transport=tls
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml
new file mode 100644
index 0000000..1d2bed5
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml
@@ -0,0 +1,62 @@
+testinfo:
+ summary: 'Tests sips/tls and dtls/sdes'
+ description: |
+ 'Run two instances of Asterisk, "alice" and "pbx" to test
+ sips verify failure.
+ alice has only the AES256-SHA256 sips cipher enabled.
+ pbx has only the AES128 ciphers enabled.
+
+ The call should fail with OriginateResponse failure.
+
+test-modules:
+ test-object:
+ config-section: test-object-config
+ typename: 'test_case.TestCaseModule'
+ modules:
+ -
+ config-section: originator-config-tls
+ typename: 'pluggable_modules.Originator'
+ -
+ config-section: 'ami-config'
+ typename: 'pluggable_modules.EventActionModule'
+
+test-object-config:
+ asterisk-instances: 2
+ connect-ami: True
+
+# Alice calls bob via pbx1 then connects the call to the "start"
+# extension which does the audio detection.
+originator-config-tls:
+ trigger: 'ami_connect'
+ ignore-originate-failure: 'no'
+ id: '0'
+ channel: 'PJSIP/bob at pbx-ast2'
+ context: 'default'
+ exten: 'start'
+ priority: '1'
+ async: 'True'
+
+ami-config:
+ # Alice events
+ -
+ ami-events:
+ type: 'headermatch'
+ id: '0'
+ conditions:
+ match:
+ Event: 'OriginateResponse'
+ Channel: 'PJSIP/bob at pbx-ast2'
+ Response: 'Failure'
+ count: '1'
+ stop_test:
+
+properties:
+ minversion: '12.0.0'
+ dependencies:
+ - asterisk : 'chan_pjsip'
+ - asterisk : 'res_pjsip'
+ - asterisk : 'res_pjsip_session'
+ - asterisk : 'res_pjsip_sips_contact'
+ - asterisk : 'res_srtp'
+ tags:
+ - pjsip
diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml
new file mode 100644
index 0000000..a8df9fc
--- /dev/null
+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml
@@ -0,0 +1,5 @@
+tests:
+ - test: 'no_dtls_ciphers_in_common'
+ - test: 'no_sips_ciphers_in_common'
+ - test: 'dtls_verify_failure'
+ - test: 'sips_verify_failure'
--
To view, visit https://gerrit.asterisk.org/7528
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: testsuite
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I898602f411b68a60fab1cc99fffec1714d5999d9
Gerrit-Change-Number: 7528
Gerrit-PatchSet: 4
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171214/f094d592/attachment-0001.html>
More information about the asterisk-code-review
mailing list