<p>George Joseph <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/7528">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins2: Verified
George Joseph: Looks good to me, approved; Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">secure_calling: Add off-nominal call tests<br><br>Change-Id: I898602f411b68a60fab1cc99fffec1714d5999d9<br>---<br>M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf<br>M tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml<br>63 files changed, 728 insertions(+), 16 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf<br>index f348e1a..42c7268 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast1/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast1.key<br> cert_file = <<astetcdir>>/ca1-ast1.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf<br>index 20b7847..e8610a0 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast2/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast2.key<br> cert_file = <<astetcdir>>/ca1-ast2.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>@@ -45,4 +45,3 @@<br> [bob]<br> type = aor<br> contact = sips:127.0.0.1:5063\;transport=tls<br>-<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf<br>index 75ac516..5690622 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/all_ciphers_verify_certs/configs/ast3/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast3.key<br> cert_file = <<astetcdir>>/ca1-ast3.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf<br>index 1bf7f8b..a6606f8 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast1/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM<br>+cipher = ECDHE-RSA-AES256-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast1.key<br> cert_file = <<astetcdir>>/ca1-ast1.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>@@ -31,6 +31,7 @@<br> dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br> dtls_ca_file = <<astetcdir>>/ca1.crt<br> dtls_verify = yes<br>+dtls_cipher = ECDHE-RSA-AES128-SHA<br> <br> [pbx-ast2]<br> type=aor<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf<br>index 20b7847..ed4cf83 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast2/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast2.key<br> cert_file = <<astetcdir>>/ca1-ast2.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>@@ -32,6 +32,7 @@<br> dtls_cert_file = <<astetcdir>>/ca1-ast2.crt<br> dtls_ca_file = <<astetcdir>>/ca1.crt<br> dtls_verify = yes<br>+dtls_cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> <br> [alice]<br> type = aor<br>@@ -45,4 +46,3 @@<br> [bob]<br> type = aor<br> contact = sips:127.0.0.1:5063\;transport=tls<br>-<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf<br>index 3ffd18c..6e6728f 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/limited_ciphers_verify_certs/configs/ast3/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES256-SHA256<br>+cipher = ECDHE-RSA-AES128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast3.key<br> cert_file = <<astetcdir>>/ca1-ast3.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf<br>index fe5d9ca..38643e7 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast1/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast1.key<br> cert_file = <<astetcdir>>/ca1-ast1.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf<br>index 3587ec5..5895cba 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast2/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast2.key<br> cert_file = <<astetcdir>>/ca1-ast2.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>@@ -45,4 +45,3 @@<br> [bob]<br> type = aor<br> contact = sips:127.0.0.1:5063\;transport=tls<br>-<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf<br>index f9d3fb6..5b6d4f4 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_no_verify_certs/configs/ast3/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca2-ast3.key<br> cert_file = <<astetcdir>>/ca2-ast3.crt<br> ca_list_file = <<astetcdir>>/ca2.crt<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf<br>index fe5d9ca..38643e7 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast1/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast1.key<br> cert_file = <<astetcdir>>/ca1-ast1.crt<br> ca_list_file = <<astetcdir>>/ca1.crt<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf<br>index ea44c9b..2886a17 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast2/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca1-ast2.key<br> cert_file = <<astetcdir>>/ca1-ast2.crt<br> ca_list_file = <<astetcdir>>/ca-bundle.crt<br>@@ -45,4 +45,3 @@<br> [bob]<br> type = aor<br> contact = sips:127.0.0.1:5063\;transport=tls<br>-<br>diff --git a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf<br>index b319edb..c7f7677 100644<br>--- a/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf<br>+++ b/tests/channels/pjsip/secure_calling/calls/nominal/two_CAs_verify_certs/configs/ast3/pjsip.conf<br>@@ -4,7 +4,7 @@<br> type = transport<br> protocol = tls<br> method = tlsv1<br>-cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-CCM,AES256-CCM8,AES256-GCM-SHA384,AES256-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA,DHE-DSS-AES128-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA,DHE-DSS-AES256-SHA256,DHE-DSS-DES-CBC3-SHA,DHE-RSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-AES128-CCM,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-CCM,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-DES-CBC3-SHA<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br> priv_key_file = <<astetcdir>>/ca2-ast3.key<br> cert_file = <<astetcdir>>/ca2-ast3.crt<br> ca_list_path = <<astetcdir>>/<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt<br>new file mode 120000<br>index 0000000..7373cdc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key<br>new file mode 120000<br>index 0000000..e7956fb<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf<br>new file mode 100644<br>index 0000000..b90594a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf<br>@@ -0,0 +1,19 @@<br>+; I'm Alice<br>+; When the testsuite calls originate, this instance will call bob (ast3) via<br>+; the pbx (ast2) and the created channel will be connected to start@default.<br>+<br>+[default]<br>+exten => start,1,Answer()<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected! Trying again)<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected!)<br>+same => n,UserEvent(TalkDetect, result: fail)<br>+same => n,Hangup()<br>+<br>+; If talking is detected then it jumps here<br>+exten => talk,1,NoOp(Talking was detected!)<br>+same => n,UserEvent(TalkDetect, result: pass)<br>+same => n,Playback(tt-weasels)<br>+same => n,Wait(2)<br>+same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf<br>new file mode 100644<br>index 0000000..42c7268<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf<br>@@ -0,0 +1,37 @@<br>+; I'm Alice (ast1) with a connection to the pbx (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br>+priv_key_file = <<astetcdir>>/ca1-ast1.key<br>+cert_file = <<astetcdir>>/ca1-ast1.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5061<br>+<br>+[pbx-ast2]<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+from_user=alice<br>+from_domain=127.0.0.1<br>+aors=pbx-ast2<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast1.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[pbx-ast2]<br>+type=aor<br>+contact=sips:127.0.0.1:5062\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt<br>new file mode 120000<br>index 0000000..48e3817<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key<br>new file mode 120000<br>index 0000000..2963fc7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt<br>new file mode 120000<br>index 0000000..439d604<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key<br>new file mode 120000<br>index 0000000..309b783<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt<br>new file mode 120000<br>index 0000000..8a70e54<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf<br>new file mode 100644<br>index 0000000..e379760<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf<br>@@ -0,0 +1,5 @@<br>+<br>+[default]<br>+exten => bob,1,Answer()<br>+ same => n,Playback(tt-weasels)<br>+ same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf<br>new file mode 100644<br>index 0000000..b55cab8<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf<br>@@ -0,0 +1,38 @@<br>+; I'm the pbx (ast2) expecting connections from alice (ast1)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br>+priv_key_file = <<astetcdir>>/ca1-ast2.key<br>+cert_file = <<astetcdir>>/ca1-ast2.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5062<br>+<br>+[endpoint-template-tls](!)<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+<br>+[alice](endpoint-template-tls)<br>+aors=alice<br>+from_user=pbx-ast2<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca2-ast2.key<br>+dtls_cert_file = <<astetcdir>>/ca2-ast2.crt<br>+dtls_ca_file = <<astetcdir>>/ca2.crt<br>+dtls_verify = yes<br>+<br>+[alice]<br>+type = aor<br>+contact = sips:alice@127.0.0.1:5061\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml<br>new file mode 100644<br>index 0000000..e642aaa<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml<br>@@ -0,0 +1,77 @@<br>+testinfo:<br>+ summary: 'Tests sips/tls and dtls/sdes'<br>+ description: |<br>+ 'Run two instances of Asterisk, "alice" and "pbx" to test<br>+ dtls verify failure.<br>+ alice has certs and keys from ca1.<br>+ pbx has them for both ca1 and ca2 and uses ca1 for sips<br>+ then uses ca2 for dtls.<br>+ Both have verify enabled.<br>+<br>+ pbx answers and sends audio back to alice.<br>+ alice should NOT detect any since the dtls negotiation should have<br>+ failed.<br>+<br>+test-modules:<br>+ test-object:<br>+ config-section: test-object-config<br>+ typename: 'test_case.TestCaseModule'<br>+ modules:<br>+ -<br>+ config-section: originator-config-tls<br>+ typename: 'pluggable_modules.Originator'<br>+ -<br>+ config-section: 'ami-config'<br>+ typename: 'pluggable_modules.EventActionModule'<br>+<br>+test-object-config:<br>+ asterisk-instances: 2<br>+ connect-ami: True<br>+<br>+# Alice calls bob via pbx1 then connects the call to the "start"<br>+# extension which does the audio detection.<br>+originator-config-tls:<br>+ trigger: 'ami_connect'<br>+ ignore-originate-failure: 'no'<br>+ id: '0'<br>+ channel: 'PJSIP/bob@pbx-ast2'<br>+ context: 'default'<br>+ exten: 'start'<br>+ priority: '1'<br>+ async: 'True'<br>+<br>+ami-config:<br>+ # Alice events<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '0'<br>+ conditions:<br>+ match:<br>+ Event: 'UserEvent'<br>+ Channel: 'PJSIP/pbx-ast2.*'<br>+ UserEvent: 'TalkDetect'<br>+# We must NOT get a TalkDetect UserEvent<br>+ count: '0'<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '1'<br>+ conditions:<br>+ match:<br>+ Event: 'TestEvent'<br>+ State: 'SESSION_DESTROYED'<br>+ Endpoint: 'alice'<br>+ count: '1'<br>+ stop_test:<br>+<br>+properties:<br>+ minversion: '12.0.0'<br>+ dependencies:<br>+ - asterisk : 'chan_pjsip'<br>+ - asterisk : 'res_pjsip'<br>+ - asterisk : 'res_pjsip_session'<br>+ - asterisk : 'res_pjsip_sips_contact'<br>+ - asterisk : 'res_srtp'<br>+ tags:<br>+ - pjsip<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>new file mode 120000<br>index 0000000..7373cdc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key<br>new file mode 120000<br>index 0000000..e7956fb<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf<br>new file mode 100644<br>index 0000000..b90594a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf<br>@@ -0,0 +1,19 @@<br>+; I'm Alice<br>+; When the testsuite calls originate, this instance will call bob (ast3) via<br>+; the pbx (ast2) and the created channel will be connected to start@default.<br>+<br>+[default]<br>+exten => start,1,Answer()<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected! Trying again)<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected!)<br>+same => n,UserEvent(TalkDetect, result: fail)<br>+same => n,Hangup()<br>+<br>+; If talking is detected then it jumps here<br>+exten => talk,1,NoOp(Talking was detected!)<br>+same => n,UserEvent(TalkDetect, result: pass)<br>+same => n,Playback(tt-weasels)<br>+same => n,Wait(2)<br>+same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf<br>new file mode 100644<br>index 0000000..f491080<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf<br>@@ -0,0 +1,38 @@<br>+; I'm Alice (ast1) with a connection to the pbx (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br>+priv_key_file = <<astetcdir>>/ca1-ast1.key<br>+cert_file = <<astetcdir>>/ca1-ast1.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5061<br>+<br>+[pbx-ast2]<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+from_user=alice<br>+from_domain=127.0.0.1<br>+aors=pbx-ast2<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast1.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+dtls_cipher = ECDHE-RSA-AES256-SHA<br>+<br>+[pbx-ast2]<br>+type=aor<br>+contact=sips:127.0.0.1:5062\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>new file mode 120000<br>index 0000000..48e3817<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key<br>new file mode 120000<br>index 0000000..2963fc7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf<br>new file mode 100644<br>index 0000000..e379760<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf<br>@@ -0,0 +1,5 @@<br>+<br>+[default]<br>+exten => bob,1,Answer()<br>+ same => n,Playback(tt-weasels)<br>+ same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf<br>new file mode 100644<br>index 0000000..82d16e4<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf<br>@@ -0,0 +1,40 @@<br>+; I'm the pbx (ast2) expecting connections from alice (ast1)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br>+priv_key_file = <<astetcdir>>/ca1-ast2.key<br>+cert_file = <<astetcdir>>/ca1-ast2.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5062<br>+<br>+[endpoint-template-tls](!)<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+<br>+[alice](endpoint-template-tls)<br>+aors=alice<br>+from_user=pbx-ast2<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast2.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+; ECDHE-RSA-AES256-SHA is removed<br>+dtls_cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br>+<br>+[alice]<br>+type = aor<br>+contact = sips:alice@127.0.0.1:5061\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml<br>new file mode 100644<br>index 0000000..1ef5676<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml<br>@@ -0,0 +1,78 @@<br>+testinfo:<br>+ summary: 'Tests sips/tls and dtls/sdes'<br>+ description: |<br>+ 'Run two instances of Asterisk, "alice" and "pbx" to test<br>+ dtls cipher failure.<br>+ alice<>pbx uses dtls for media.<br>+ alice has only the AES256-SHA256 dtls cipher enabled.<br>+ pbx has only the AES128 ciphers enabled.<br>+<br>+ sips tls negotiation should pass.<br>+ pbx answers and sends audio back to alice.<br>+ alice should NOT detect any since the dtls negotiation should have<br>+ failed.<br>+<br>+test-modules:<br>+ test-object:<br>+ config-section: test-object-config<br>+ typename: 'test_case.TestCaseModule'<br>+ modules:<br>+ -<br>+ config-section: originator-config-tls<br>+ typename: 'pluggable_modules.Originator'<br>+ -<br>+ config-section: 'ami-config'<br>+ typename: 'pluggable_modules.EventActionModule'<br>+<br>+test-object-config:<br>+ asterisk-instances: 2<br>+ connect-ami: True<br>+<br>+# Alice calls bob via pbx1 then connects the call to the "start"<br>+# extension which does the audio detection.<br>+originator-config-tls:<br>+ trigger: 'ami_connect'<br>+ ignore-originate-failure: 'no'<br>+ id: '0'<br>+ channel: 'PJSIP/bob@pbx-ast2'<br>+ context: 'default'<br>+ exten: 'start'<br>+ priority: '1'<br>+ async: 'True'<br>+<br>+ami-config:<br>+ # Alice events<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '0'<br>+ conditions:<br>+ match:<br>+ Event: 'UserEvent'<br>+ Channel: 'PJSIP/pbx-ast2.*'<br>+ UserEvent: 'TalkDetect'<br>+# We must NOT get a TalkDetect UserEvent.<br>+ count: '0'<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '1'<br>+ conditions:<br>+ match:<br>+ Event: 'TestEvent'<br>+ State: 'SESSION_DESTROYED'<br>+ Endpoint: 'alice'<br>+ count: '1'<br>+ stop_test:<br>+<br>+properties:<br>+ minversion: '12.0.0'<br>+ dependencies:<br>+ - buildoption: 'TEST_FRAMEWORK'<br>+ - asterisk : 'chan_pjsip'<br>+ - asterisk : 'res_pjsip'<br>+ - asterisk : 'res_pjsip_session'<br>+ - asterisk : 'res_pjsip_sips_contact'<br>+ - asterisk : 'res_srtp'<br>+ tags:<br>+ - pjsip<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>new file mode 120000<br>index 0000000..7373cdc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key<br>new file mode 120000<br>index 0000000..e7956fb<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf<br>new file mode 100644<br>index 0000000..b90594a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf<br>@@ -0,0 +1,19 @@<br>+; I'm Alice<br>+; When the testsuite calls originate, this instance will call bob (ast3) via<br>+; the pbx (ast2) and the created channel will be connected to start@default.<br>+<br>+[default]<br>+exten => start,1,Answer()<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected! Trying again)<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected!)<br>+same => n,UserEvent(TalkDetect, result: fail)<br>+same => n,Hangup()<br>+<br>+; If talking is detected then it jumps here<br>+exten => talk,1,NoOp(Talking was detected!)<br>+same => n,UserEvent(TalkDetect, result: pass)<br>+same => n,Playback(tt-weasels)<br>+same => n,Wait(2)<br>+same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf<br>new file mode 100644<br>index 0000000..e8fffe7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf<br>@@ -0,0 +1,37 @@<br>+; I'm Alice (ast1) with a connection to the pbx (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = ECDHE-RSA-AES256-SHA<br>+priv_key_file = <<astetcdir>>/ca1-ast1.key<br>+cert_file = <<astetcdir>>/ca1-ast1.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5061<br>+<br>+[pbx-ast2]<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+from_user=alice<br>+from_domain=127.0.0.1<br>+aors=pbx-ast2<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast1.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[pbx-ast2]<br>+type=aor<br>+contact=sips:127.0.0.1:5062\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>new file mode 120000<br>index 0000000..48e3817<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key<br>new file mode 120000<br>index 0000000..2963fc7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf<br>new file mode 100644<br>index 0000000..e379760<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf<br>@@ -0,0 +1,5 @@<br>+<br>+[default]<br>+exten => bob,1,Answer()<br>+ same => n,Playback(tt-weasels)<br>+ same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf<br>new file mode 100644<br>index 0000000..0c4f44a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf<br>@@ -0,0 +1,39 @@<br>+; I'm the pbx (ast2) expecting connections from alice.<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+; ECDHE-RSA-AES256-SHA is removed<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br>+priv_key_file = <<astetcdir>>/ca1-ast2.key<br>+cert_file = <<astetcdir>>/ca1-ast2.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5062<br>+<br>+[endpoint-template-tls](!)<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+<br>+[alice](endpoint-template-tls)<br>+aors=alice<br>+from_user=pbx-ast2<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast2.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[alice]<br>+type = aor<br>+contact = sips:alice@127.0.0.1:5061\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml<br>new file mode 100644<br>index 0000000..dab7ad5<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml<br>@@ -0,0 +1,62 @@<br>+testinfo:<br>+ summary: 'Tests sips/tls and dtls/sdes'<br>+ description: |<br>+ 'Run two instances of Asterisk, "alice" and "pbx" to test<br>+ sips cipher failure.<br>+ alice has only the AES256-SHA256 sips cipher enabled.<br>+ pbx has only the AES128 ciphers enabled.<br>+<br>+ The call should fail OriginateResponse failure.<br>+<br>+test-modules:<br>+ test-object:<br>+ config-section: test-object-config<br>+ typename: 'test_case.TestCaseModule'<br>+ modules:<br>+ -<br>+ config-section: originator-config-tls<br>+ typename: 'pluggable_modules.Originator'<br>+ -<br>+ config-section: 'ami-config'<br>+ typename: 'pluggable_modules.EventActionModule'<br>+<br>+test-object-config:<br>+ asterisk-instances: 2<br>+ connect-ami: True<br>+<br>+# Alice calls bob via pbx1 then connects the call to the "start"<br>+# extension which does the audio detection.<br>+originator-config-tls:<br>+ trigger: 'ami_connect'<br>+ ignore-originate-failure: 'no'<br>+ id: '0'<br>+ channel: 'PJSIP/bob@pbx-ast2'<br>+ context: 'default'<br>+ exten: 'start'<br>+ priority: '1'<br>+ async: 'True'<br>+<br>+ami-config:<br>+ # Alice events<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '0'<br>+ conditions:<br>+ match:<br>+ Event: 'OriginateResponse'<br>+ Channel: 'PJSIP/bob@pbx-ast2'<br>+ Response: 'Failure'<br>+ count: '1'<br>+ stop_test:<br>+<br>+properties:<br>+ minversion: '12.0.0'<br>+ dependencies:<br>+ - asterisk : 'chan_pjsip'<br>+ - asterisk : 'res_pjsip'<br>+ - asterisk : 'res_pjsip_session'<br>+ - asterisk : 'res_pjsip_sips_contact'<br>+ - asterisk : 'res_srtp'<br>+ tags:<br>+ - pjsip<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt<br>new file mode 120000<br>index 0000000..7373cdc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key<br>new file mode 120000<br>index 0000000..e7956fb<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf<br>new file mode 100644<br>index 0000000..b90594a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf<br>@@ -0,0 +1,19 @@<br>+; I'm Alice<br>+; When the testsuite calls originate, this instance will call bob (ast3) via<br>+; the pbx (ast2) and the created channel will be connected to start@default.<br>+<br>+[default]<br>+exten => start,1,Answer()<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected! Trying again)<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected!)<br>+same => n,UserEvent(TalkDetect, result: fail)<br>+same => n,Hangup()<br>+<br>+; If talking is detected then it jumps here<br>+exten => talk,1,NoOp(Talking was detected!)<br>+same => n,UserEvent(TalkDetect, result: pass)<br>+same => n,Playback(tt-weasels)<br>+same => n,Wait(2)<br>+same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf<br>new file mode 100644<br>index 0000000..42c7268<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf<br>@@ -0,0 +1,37 @@<br>+; I'm Alice (ast1) with a connection to the pbx (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br>+priv_key_file = <<astetcdir>>/ca1-ast1.key<br>+cert_file = <<astetcdir>>/ca1-ast1.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5061<br>+<br>+[pbx-ast2]<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+from_user=alice<br>+from_domain=127.0.0.1<br>+aors=pbx-ast2<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast1.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[pbx-ast2]<br>+type=aor<br>+contact=sips:127.0.0.1:5062\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt<br>new file mode 120000<br>index 0000000..48e3817<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key<br>new file mode 120000<br>index 0000000..2963fc7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt<br>new file mode 120000<br>index 0000000..439d604<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key<br>new file mode 120000<br>index 0000000..309b783<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt<br>new file mode 120000<br>index 0000000..8a70e54<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf<br>new file mode 100644<br>index 0000000..e379760<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf<br>@@ -0,0 +1,5 @@<br>+<br>+[default]<br>+exten => bob,1,Answer()<br>+ same => n,Playback(tt-weasels)<br>+ same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf<br>new file mode 100644<br>index 0000000..c49833f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf<br>@@ -0,0 +1,38 @@<br>+; I'm the pbx (ast2) expecting connections from alice (ast1)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-DES-CBC3-SHA,ECDHE-RSA-DES-CBC3-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,DHE-RSA-CAMELLIA256-SHA,DHE-DSS-CAMELLIA256-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-DSS-CAMELLIA128-SHA<br>+priv_key_file = <<astetcdir>>/ca2-ast2.key<br>+cert_file = <<astetcdir>>/ca2-ast2.crt<br>+ca_list_file = <<astetcdir>>/ca2.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5062<br>+<br>+[endpoint-template-tls](!)<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+<br>+[alice](endpoint-template-tls)<br>+aors=alice<br>+from_user=pbx-ast2<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast2.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[alice]<br>+type = aor<br>+contact = sips:alice@127.0.0.1:5061\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml<br>new file mode 100644<br>index 0000000..1d2bed5<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml<br>@@ -0,0 +1,62 @@<br>+testinfo:<br>+ summary: 'Tests sips/tls and dtls/sdes'<br>+ description: |<br>+ 'Run two instances of Asterisk, "alice" and "pbx" to test<br>+ sips verify failure.<br>+ alice has only the AES256-SHA256 sips cipher enabled.<br>+ pbx has only the AES128 ciphers enabled.<br>+<br>+ The call should fail with OriginateResponse failure.<br>+<br>+test-modules:<br>+ test-object:<br>+ config-section: test-object-config<br>+ typename: 'test_case.TestCaseModule'<br>+ modules:<br>+ -<br>+ config-section: originator-config-tls<br>+ typename: 'pluggable_modules.Originator'<br>+ -<br>+ config-section: 'ami-config'<br>+ typename: 'pluggable_modules.EventActionModule'<br>+<br>+test-object-config:<br>+ asterisk-instances: 2<br>+ connect-ami: True<br>+<br>+# Alice calls bob via pbx1 then connects the call to the "start"<br>+# extension which does the audio detection.<br>+originator-config-tls:<br>+ trigger: 'ami_connect'<br>+ ignore-originate-failure: 'no'<br>+ id: '0'<br>+ channel: 'PJSIP/bob@pbx-ast2'<br>+ context: 'default'<br>+ exten: 'start'<br>+ priority: '1'<br>+ async: 'True'<br>+<br>+ami-config:<br>+ # Alice events<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '0'<br>+ conditions:<br>+ match:<br>+ Event: 'OriginateResponse'<br>+ Channel: 'PJSIP/bob@pbx-ast2'<br>+ Response: 'Failure'<br>+ count: '1'<br>+ stop_test:<br>+<br>+properties:<br>+ minversion: '12.0.0'<br>+ dependencies:<br>+ - asterisk : 'chan_pjsip'<br>+ - asterisk : 'res_pjsip'<br>+ - asterisk : 'res_pjsip_session'<br>+ - asterisk : 'res_pjsip_sips_contact'<br>+ - asterisk : 'res_srtp'<br>+ tags:<br>+ - pjsip<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml<br>new file mode 100644<br>index 0000000..a8df9fc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml<br>@@ -0,0 +1,5 @@<br>+tests:<br>+ - test: 'no_dtls_ciphers_in_common'<br>+ - test: 'no_sips_ciphers_in_common'<br>+ - test: 'dtls_verify_failure'<br>+ - test: 'sips_verify_failure'<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7528">change 7528</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7528"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: testsuite </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I898602f411b68a60fab1cc99fffec1714d5999d9 </div>
<div style="display:none"> Gerrit-Change-Number: 7528 </div>
<div style="display:none"> Gerrit-PatchSet: 4 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins2 </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>