#9623: update sip.conf for tls test account

tools/asterisk/sip.conf

@@ -194,8 +194,8 @@ tcpenable=no                    ; Enable server for incoming TCP connections (de
 tcpbindaddr=0.0.0.0             ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
                                 ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060)
 
-;tlsenable=no                   ; Enable server for incoming TLS (secure) connections (default is no)
-;tlsbindaddr=0.0.0.0            ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
+tlsenable=yes                   ; Enable server for incoming TLS (secure) connections (default is no)
+tlsbindaddr=0.0.0.0:5061        ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
                                 ; Optionally add a port number, 192.168.1.1:5063 (default is port 5061)
                                 ; Remember that the IP address must match the common name (hostname) in the
                                 ; certificate, so you don't want to bind a TLS socket to multiple IP addresses.
@@ -212,7 +212,7 @@ tcpbindaddr=0.0.0.0             ; IP address for TCP server to bind to (0.0.0.0
 				; unauthenticated sessions that will be allowed
                                 ; to connect at any given time. (default: 100)
 
-srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
+;srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                                 ; Note: Asterisk only uses the first host
                                 ; in SRV records
                                 ; Disabling DNS SRV lookups disables the
@@ -447,19 +447,19 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                       ; Set to yes add Reason header and use Reason header if it is available.
 ;
 ;------------------------ TLS settings ------------------------------------------------------------
-;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections
+tlscertfile=/etc/asterisk/keys/asterisk.pem ; Certificate file (*.pem format only) to use for TLS connections
                                        ; default is to look for "asterisk.pem" in current directory
 
-;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections.
+; tlsprivatekey=/etc/asterisk/keys/asterisk.key ; Private key file (*.pem format only) for TLS connections.
                                      ; If no tlsprivatekey is specified, tlscertfile is searched for
                                      ; for both public and private key.
 
-;tlscafile=</path/to/certificate>
+; tlscafile=/etc/asterisk/keys/ca.crt
 ;        If the server your connecting to uses a self signed certificate
 ;        you should have their certificate installed here so the code can
 ;        verify the authenticity of their certificate.
 
-;tlscapath=</path/to/ca/dir>
+; tlscapath=/etc/asterisk/keys/
 ;        A directory full of CA certificates.  The files must be named with
 ;        the CA subject name hash value.
 ;        (see man SSL_CTX_load_verify_locations for more info)
@@ -470,7 +470,7 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;        set this and it will connect without requiring tlscafile to be set.
 ;        Default is no.
 
-;tlscipher=<SSL cipher string>
+; tlscipher=ALL
 ;        A string specifying which SSL ciphers to use or not use
 ;        A list of valid SSL cipher strings can be found at:
 ;                http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
@@ -1358,3 +1358,21 @@ host=dynamic
 username=300
 canreinvite=no
 allow=all
+
+[400]
+type=friend
+host=dynamic
+username=400
+canreinvite=no
+allow=all
+
+[testphone1]
+context=default
+type=friend
+secret=savoirfairelinux
+host=dynamic
+insecure=invite,port
+dtmfmode=rfc2833
+transport=tls
+allow=all
+nat=yes