[Home]

Summary:ASTERISK-24128: [Patch] Adding default dtls settings
Reporter:Michael K. (michaelk)Labels:
Date Opened:2014-07-27 10:27:12Date Closed:2014-11-15 10:31:45.000-0600
Priority:MinorRegression?
Status:Closed/CompleteComponents:Channels/chan_sip/WebSocket
Versions:11.11.0 Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) dtls_default_settings.patch
Description:DTLS settings are loaded only from peer settings and if they are not presented they would not be loaded from [general].
The first problem is that almost all settings if not presented on peer are taken from general. And it's kind of convention already.
The second one is that if i use realtime settings, i can't use template (those are supported only in files) and thus instead of setting for example dtls key in one place i need to copy-paste for each peer.
Provided patch is applied to 11.11.0.
If patch is okay and someone is interested i can provide polished patch on trunk on reviewboard :P
Comments:By: Michael K. (michaelk) 2014-07-27 10:30:35.639-0500

The patch is made on 11.11.0
ceritificate, private, ca files, ca path and cipher would be loaded if dtlsenabled set to true only.


By: Rusty Newton (rnewton) 2014-07-28 09:49:59.496-0500

Go ahead and post on reviewboard and link the reviewboard URL back on this issue.

Here is a link to the [Code Review|https://wiki.asterisk.org/wiki/display/AST/Code+Review] process. You'll find a link to the coding guidelines on there as well, you can check the code yourself by running through those before posting on Reviewboard.

By: Michael K. (michaelk) 2014-07-28 10:44:07.050-0500

I checked and ran on development environment.
Would uplaod patch to reviewboard tomorrow.

By: Michael K. (michaelk) 2014-07-30 04:16:29.026-0500

https://reviewboard.asterisk.org/r/3867/

By: Michael K. (michaelk) 2014-11-16 04:07:53.198-0600

Copying here the comment i left there, as i thinkg it's not resolved as it should be:
"
ha, i missed the approval. Sorry that i did not fixed the typo and did not pushed anything to CHANGES.
About the patch there is problem i explained above.
The problem with second version is that if you have dtls set in general("dtlsenable=yes") and you have peer that has no DTLS configuration at all (mostly important no "dtlsenable=no") it would set this peer as dtls enabled one as it sets all default dtls configs for peer. from general. So basically the first version where i set settings one by one is better one, as it would use default settings only if peer has "dtlsenable=yes" and has no other settings.

If we want to compare to TLS, setting TLS enabled in general does not force all peers to be TLS enabled.
"

By: Joshua C. Colp (jcolp) 2014-11-16 06:13:11.543-0600

Fixed.

By: Michael K. (michaelk) 2014-11-16 06:17:26.187-0600

sorry for being annoying, fixed as first version applied or fixed in general?

By: Joshua C. Colp (jcolp) 2014-11-16 08:39:23.775-0600

Fixed in general.