From c84f06eb4cc44b96f92e4add12f598e6aad7b75e Mon Sep 17 00:00:00 2001
From: Alexandre Savard <alexandre.savard@savoirfairelinux.com>
Date: Tue, 17 Apr 2012 14:55:15 -0400
Subject: [PATCH] #9623: update sip.conf for tls test account

---
 tools/asterisk/sip.conf | 48 ++++++++++++++++++++++++++++-------------
 1 file changed, 33 insertions(+), 15 deletions(-)

diff --git a/tools/asterisk/sip.conf b/tools/asterisk/sip.conf
index dd55a0b4a9..5ec53dfb87 100644
--- a/tools/asterisk/sip.conf
+++ b/tools/asterisk/sip.conf
@@ -194,8 +194,8 @@ tcpenable=no                    ; Enable server for incoming TCP connections (de
 tcpbindaddr=0.0.0.0             ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
                                 ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060)
 
-;tlsenable=no                   ; Enable server for incoming TLS (secure) connections (default is no)
-;tlsbindaddr=0.0.0.0            ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
+tlsenable=yes                   ; Enable server for incoming TLS (secure) connections (default is no)
+tlsbindaddr=0.0.0.0:5061        ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
                                 ; Optionally add a port number, 192.168.1.1:5063 (default is port 5061)
                                 ; Remember that the IP address must match the common name (hostname) in the
                                 ; certificate, so you don't want to bind a TLS socket to multiple IP addresses.
@@ -212,7 +212,7 @@ tcpbindaddr=0.0.0.0             ; IP address for TCP server to bind to (0.0.0.0
 				; unauthenticated sessions that will be allowed
                                 ; to connect at any given time. (default: 100)
 
-srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
+;srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                                 ; Note: Asterisk only uses the first host
                                 ; in SRV records
                                 ; Disabling DNS SRV lookups disables the
@@ -447,37 +447,37 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                       ; Set to yes add Reason header and use Reason header if it is available.
 ;
 ;------------------------ TLS settings ------------------------------------------------------------
-;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections
-                                        ; default is to look for "asterisk.pem" in current directory
+tlscertfile=/etc/asterisk/keys/asterisk.pem ; Certificate file (*.pem format only) to use for TLS connections
+                                       ; default is to look for "asterisk.pem" in current directory
 
-;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections.
-                                      ; If no tlsprivatekey is specified, tlscertfile is searched for
-                                      ; for both public and private key.
+; tlsprivatekey=/etc/asterisk/keys/asterisk.key ; Private key file (*.pem format only) for TLS connections.
+                                     ; If no tlsprivatekey is specified, tlscertfile is searched for
+                                     ; for both public and private key.
 
-;tlscafile=</path/to/certificate>
+; tlscafile=/etc/asterisk/keys/ca.crt
 ;        If the server your connecting to uses a self signed certificate
 ;        you should have their certificate installed here so the code can
 ;        verify the authenticity of their certificate.
 
-;tlscapath=</path/to/ca/dir>
+; tlscapath=/etc/asterisk/keys/
 ;        A directory full of CA certificates.  The files must be named with
 ;        the CA subject name hash value.
 ;        (see man SSL_CTX_load_verify_locations for more info)
 
-;tlsdontverifyserver=[yes|no]
+; tlsdontverifyserver=[yes|no]
 ;        If set to yes, don't verify the servers certificate when acting as
 ;        a client.  If you don't have the server's CA certificate you can
 ;        set this and it will connect without requiring tlscafile to be set.
 ;        Default is no.
 
-;tlscipher=<SSL cipher string>
+; tlscipher=ALL
 ;        A string specifying which SSL ciphers to use or not use
 ;        A list of valid SSL cipher strings can be found at:
 ;                http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
 ;
-;tlsclientmethod=tlsv1     ; values include tlsv1, sslv3, sslv2.
-                           ; Specify protocol for outbound client connections.
-                           ; If left unspecified, the default is sslv2.
+; tlsclientmethod=tlsv1     ; values include tlsv1, sslv3, sslv2.
+                            ; Specify protocol for outbound client connections.
+                            ; If left unspecified, the default is sslv2.
 ;
 ;--------------------------- SIP timers ----------------------------------------------------
 ; These timers are used primarily in INVITE transactions.
@@ -1358,3 +1358,21 @@ host=dynamic
 username=300
 canreinvite=no
 allow=all
+
+[400]
+type=friend
+host=dynamic
+username=400
+canreinvite=no
+allow=all
+
+[testphone1]
+context=default
+type=friend
+secret=savoirfairelinux
+host=dynamic
+insecure=invite,port
+dtmfmode=rfc2833
+transport=tls
+allow=all
+nat=yes
-- 
GitLab