Summary: | ASTERISK-24128: [Patch] Adding default dtls settings | ||
Reporter: | Michael K. (michaelk) | Labels: | |
Date Opened: | 2014-07-27 10:27:12 | Date Closed: | 2014-11-15 10:31:45.000-0600 |
Priority: | Minor | Regression? | |
Status: | Closed/Complete | Components: | Channels/chan_sip/WebSocket |
Versions: | 11.11.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ( 0) dtls_default_settings.patch | |
Description: | DTLS settings are loaded only from peer settings and if they are not presented they would not be loaded from [general].
The first problem is that almost all settings if not presented on peer are taken from general. And it's kind of convention already. The second one is that if i use realtime settings, i can't use template (those are supported only in files) and thus instead of setting for example dtls key in one place i need to copy-paste for each peer. Provided patch is applied to 11.11.0. If patch is okay and someone is interested i can provide polished patch on trunk on reviewboard :P | ||
Comments: | By: Michael K. (michaelk) 2014-07-27 10:30:35.639-0500 The patch is made on 11.11.0 ceritificate, private, ca files, ca path and cipher would be loaded if dtlsenabled set to true only. By: Rusty Newton (rnewton) 2014-07-28 09:49:59.496-0500 Go ahead and post on reviewboard and link the reviewboard URL back on this issue. Here is a link to the [Code Review|https://wiki.asterisk.org/wiki/display/AST/Code+Review] process. You'll find a link to the coding guidelines on there as well, you can check the code yourself by running through those before posting on Reviewboard. By: Michael K. (michaelk) 2014-07-28 10:44:07.050-0500 I checked and ran on development environment. Would uplaod patch to reviewboard tomorrow. By: Michael K. (michaelk) 2014-07-30 04:16:29.026-0500 https://reviewboard.asterisk.org/r/3867/ By: Michael K. (michaelk) 2014-11-16 04:07:53.198-0600 Copying here the comment i left there, as i thinkg it's not resolved as it should be: " ha, i missed the approval. Sorry that i did not fixed the typo and did not pushed anything to CHANGES. About the patch there is problem i explained above. The problem with second version is that if you have dtls set in general("dtlsenable=yes") and you have peer that has no DTLS configuration at all (mostly important no "dtlsenable=no") it would set this peer as dtls enabled one as it sets all default dtls configs for peer. from general. So basically the first version where i set settings one by one is better one, as it would use default settings only if peer has "dtlsenable=yes" and has no other settings. If we want to compare to TLS, setting TLS enabled in general does not force all peers to be TLS enabled. " By: Joshua C. Colp (jcolp) 2014-11-16 06:13:11.543-0600 Fixed. By: Michael K. (michaelk) 2014-11-16 06:17:26.187-0600 sorry for being annoying, fixed as first version applied or fixed in general? By: Joshua C. Colp (jcolp) 2014-11-16 08:39:23.775-0600 Fixed in general. |