Skip to content
Snippets Groups Projects
Commit c84f06eb authored by Alexandre Savard's avatar Alexandre Savard
Browse files

#9623: update sip.conf for tls test account

parent 983beff3
Branches
Tags
No related merge requests found
...@@ -194,8 +194,8 @@ tcpenable=no ; Enable server for incoming TCP connections (de ...@@ -194,8 +194,8 @@ tcpenable=no ; Enable server for incoming TCP connections (de
tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces) tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
; Optionally add a port number, 192.168.1.1:5062 (default is port 5060) ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060)
;tlsenable=no ; Enable server for incoming TLS (secure) connections (default is no) tlsenable=yes ; Enable server for incoming TLS (secure) connections (default is no)
;tlsbindaddr=0.0.0.0 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces) tlsbindaddr=0.0.0.0:5061 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
; Optionally add a port number, 192.168.1.1:5063 (default is port 5061) ; Optionally add a port number, 192.168.1.1:5063 (default is port 5061)
; Remember that the IP address must match the common name (hostname) in the ; Remember that the IP address must match the common name (hostname) in the
; certificate, so you don't want to bind a TLS socket to multiple IP addresses. ; certificate, so you don't want to bind a TLS socket to multiple IP addresses.
...@@ -212,7 +212,7 @@ tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 ...@@ -212,7 +212,7 @@ tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0
; unauthenticated sessions that will be allowed ; unauthenticated sessions that will be allowed
; to connect at any given time. (default: 100) ; to connect at any given time. (default: 100)
srvlookup=yes ; Enable DNS SRV lookups on outbound calls ;srvlookup=yes ; Enable DNS SRV lookups on outbound calls
; Note: Asterisk only uses the first host ; Note: Asterisk only uses the first host
; in SRV records ; in SRV records
; Disabling DNS SRV lookups disables the ; Disabling DNS SRV lookups disables the
...@@ -447,19 +447,19 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ...@@ -447,19 +447,19 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls
; Set to yes add Reason header and use Reason header if it is available. ; Set to yes add Reason header and use Reason header if it is available.
; ;
;------------------------ TLS settings ------------------------------------------------------------ ;------------------------ TLS settings ------------------------------------------------------------
;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections tlscertfile=/etc/asterisk/keys/asterisk.pem ; Certificate file (*.pem format only) to use for TLS connections
; default is to look for "asterisk.pem" in current directory ; default is to look for "asterisk.pem" in current directory
;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections. ; tlsprivatekey=/etc/asterisk/keys/asterisk.key ; Private key file (*.pem format only) for TLS connections.
; If no tlsprivatekey is specified, tlscertfile is searched for ; If no tlsprivatekey is specified, tlscertfile is searched for
; for both public and private key. ; for both public and private key.
;tlscafile=</path/to/certificate> ; tlscafile=/etc/asterisk/keys/ca.crt
; If the server your connecting to uses a self signed certificate ; If the server your connecting to uses a self signed certificate
; you should have their certificate installed here so the code can ; you should have their certificate installed here so the code can
; verify the authenticity of their certificate. ; verify the authenticity of their certificate.
;tlscapath=</path/to/ca/dir> ; tlscapath=/etc/asterisk/keys/
; A directory full of CA certificates. The files must be named with ; A directory full of CA certificates. The files must be named with
; the CA subject name hash value. ; the CA subject name hash value.
; (see man SSL_CTX_load_verify_locations for more info) ; (see man SSL_CTX_load_verify_locations for more info)
...@@ -470,7 +470,7 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ...@@ -470,7 +470,7 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls
; set this and it will connect without requiring tlscafile to be set. ; set this and it will connect without requiring tlscafile to be set.
; Default is no. ; Default is no.
;tlscipher=<SSL cipher string> ; tlscipher=ALL
; A string specifying which SSL ciphers to use or not use ; A string specifying which SSL ciphers to use or not use
; A list of valid SSL cipher strings can be found at: ; A list of valid SSL cipher strings can be found at:
; http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS ; http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
...@@ -1358,3 +1358,21 @@ host=dynamic ...@@ -1358,3 +1358,21 @@ host=dynamic
username=300 username=300
canreinvite=no canreinvite=no
allow=all allow=all
[400]
type=friend
host=dynamic
username=400
canreinvite=no
allow=all
[testphone1]
context=default
type=friend
secret=savoirfairelinux
host=dynamic
insecure=invite,port
dtmfmode=rfc2833
transport=tls
allow=all
nat=yes
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment