[asterisk-scf-commits] asterisk-scf/integration/sip.git branch "configuration" updated.
Commits to the Asterisk SCF project code repositories
asterisk-scf-commits at lists.digium.com
Mon Mar 7 08:05:28 CST 2011
branch "configuration" has been updated
via d17c5711691e51a7a46e787da409c568e8dc6cfd (commit)
from e37d9494e7db63a6f9e0798020dc3de62533da91 (commit)
Summary of changes:
local-slice/SipConfigurationIf.ice | 78 +++++++++++++++++++++++++++++++++++-
src/SipConfiguration.cpp | 42 +++++++++++++++++++
2 files changed, 118 insertions(+), 2 deletions(-)
- Log -----------------------------------------------------------------
commit d17c5711691e51a7a46e787da409c568e8dc6cfd
Author: Joshua Colp <jcolp at digium.com>
Date: Mon Mar 7 10:06:29 2011 -0400
Add configuration items for TLS.
diff --git a/local-slice/SipConfigurationIf.ice b/local-slice/SipConfigurationIf.ice
index 709e820..0df317c 100644
--- a/local-slice/SipConfigurationIf.ice
+++ b/local-slice/SipConfigurationIf.ice
@@ -139,12 +139,86 @@ module V1
/**
* Crypto certificate configuration item
*/
- class SipCertificateItem extends SipConfigurationItem
+ class SipCryptoCertificateItem extends SipConfigurationItem
{
/**
- * Full certificate to use
+ * Full location of certificate authority file
+ */
+ string certificateAuthority;
+
+ /**
+ * Full location of certificate file
*/
string certificate;
+
+ /**
+ * Full location of private key file
+ */
+ string privateKey;
+
+ /**
+ * Password to open private key file
+ */
+ string privateKeyPassword;
+ };
+
+ /**
+ * Crypto requirement configuration item
+ */
+ class SipCryptoRequirementsItem extends SipConfigurationItem
+ {
+ /**
+ * Require verification of server certificate
+ */
+ bool requireVerifiedServer = false;
+
+ /**
+ * Require verification of client certificate
+ */
+ bool requireVerifiedClient = false;
+
+ /**
+ * Require client certificate be present
+ */
+ bool requireClientCertificate = false;
+ };
+
+ /**
+ * TLS protocol methods
+ */
+ enum TLSProtocolMethod
+ {
+ PROTOCOL_METHOD_UNSPECIFIED,
+ PROTOCOL_METHOD_TLSV1,
+ PROTOCOL_METHOD_SSLV2,
+ PROTOCOL_METHOD_SSLV3,
+ PROTOCOL_METHOD_SSLV23,
+ };
+
+ /**
+ * General crypto configuration item
+ */
+ class SipCryptoItem extends SipConfigurationItem
+ {
+ /**
+ * TLS protocol method to use
+ */
+ TLSProtocolMethod protocolMethod = PROTOCOL_METHOD_UNSPECIFIED;
+
+ /**
+ * Supported ciphers (OpenSSL format)
+ */
+ string supportedCiphers;
+
+ /**
+ * Server name
+ */
+ string serverName;
+
+ /**
+ * TLS negotiation timeout in seconds
+ */
+ int timeout = 0;
};
/**
diff --git a/src/SipConfiguration.cpp b/src/SipConfiguration.cpp
index 1243bba..599d87b 100644
--- a/src/SipConfiguration.cpp
+++ b/src/SipConfiguration.cpp
@@ -756,6 +756,48 @@ void ConfigurationServiceImpl::setConfiguration(const AsteriskSCF::System::Confi
mLocalTransport->mAddress = hostItem->host;
mLocalTransport->mPort = hostItem->port;
};
+
+ void visitSipCryptoCertificateItem(const ::AsteriskSCF::SIP::V1::SipCryptoCertificateItemPtr& certificateItem)
+ {
+ mLocalTransport->mTLSSettings.ca_list_file = pj_str((char*)certificateItem->certificateAuthority.c_str());
+ mLocalTransport->mTLSSettings.cert_file = pj_str((char*)certificateItem->certificate.c_str());
+ mLocalTransport->mTLSSettings.privkey_file = pj_str((char*)certificateItem->privateKey.c_str());
+ mLocalTransport->mTLSSettings.password = pj_str((char*)certificateItem->privateKeyPassword.c_str());
+ };
+
+ void visitSipCryptoRequirementsItem(const ::AsteriskSCF::SIP::V1::SipCryptoRequirementsItemPtr& requirementsItem)
+ {
+ mLocalTransport->mTLSSettings.verify_server = (requirementsItem->requireVerifiedServer == false) ? PJ_FALSE : PJ_TRUE;
+ mLocalTransport->mTLSSettings.verify_client = (requirementsItem->requireVerifiedClient == false) ? PJ_FALSE : PJ_TRUE;
+ mLocalTransport->mTLSSettings.require_client_cert = (requirementsItem->requireClientCertificate == false) ? PJ_FALSE : PJ_TRUE;
+ };
+
+ void visitSipCryptoItem(const ::AsteriskSCF::SIP::V1::SipCryptoItemPtr& cryptoItem)
+ {
+ if (cryptoItem->protocolMethod == PROTOCOL_METHOD_UNSPECIFIED)
+ {
+ mLocalTransport->mTLSSettings.method = PJSIP_SSL_UNSPECIFIED_METHOD;
+ }
+ else if (cryptoItem->protocolMethod == PROTOCOL_METHOD_TLSV1)
+ {
+ mLocalTransport->mTLSSettings.method = PJSIP_TLSV1_METHOD;
+ }
+ else if (cryptoItem->protocolMethod == PROTOCOL_METHOD_SSLV2)
+ {
+ mLocalTransport->mTLSSettings.method = PJSIP_SSLV2_METHOD;
+ }
+ else if (cryptoItem->protocolMethod == PROTOCOL_METHOD_SSLV3)
+ {
+ mLocalTransport->mTLSSettings.method = PJSIP_SSLV3_METHOD;
+ }
+ else if (cryptoItem->protocolMethod == PROTOCOL_METHOD_SSLV23)
+ {
+ mLocalTransport->mTLSSettings.method = PJSIP_SSLV23_METHOD;
+ }
+ mLocalTransport->mTLSSettings.ciphers = pj_str((char*)cryptoItem->supportedCiphers.c_str());
+ mLocalTransport->mTLSSettings.server_name = pj_str((char*)cryptoItem->serverName.c_str());
+ mLocalTransport->mTLSSettings.timeout.sec = cryptoItem->timeout;
+ };
private:
boost::shared_ptr<TLSTransportImplPriv> mLocalTransport;
};
-----------------------------------------------------------------------
--
asterisk-scf/integration/sip.git
More information about the asterisk-scf-commits
mailing list