AST-2022-002 - res_stir_shaken/curl: Add ACL checks for Identity header.
Adds a new configuration option, stir_shaken_profile, in pjsip.conf that can be specified on a per endpoint basis. This option will reference a stir_shaken_profile that can be configured in stir_shaken.conf. The type of this option must be 'profile'. The stir_shaken option can be specified on this object with the same values as before (attest, verify, on), but it cannot be off since having the profile itself implies wanting STIR/SHAKEN support. You can also specify an ACL from acl.conf (along with permit and deny lines in the object itself) that will be used to limit what interfaces Asterisk will attempt to retrieve information from when reading the Identity header. ASTERISK-29476 Change-Id: I87fa61f78a9ea0cd42530691a30da3c781842406
parent
1fdb1a6e
No related branches found
No related tags found
Showing
- configs/samples/pjsip.conf.sample 4 additions, 0 deletionsconfigs/samples/pjsip.conf.sample
- configs/samples/stir_shaken.conf.sample 18 additions, 0 deletionsconfigs/samples/stir_shaken.conf.sample
- include/asterisk/res_pjsip.h 2 additions, 0 deletionsinclude/asterisk/res_pjsip.h
- include/asterisk/res_stir_shaken.h 54 additions, 0 deletionsinclude/asterisk/res_stir_shaken.h
- res/res_pjsip/pjsip_config.xml 7 additions, 0 deletionsres/res_pjsip/pjsip_config.xml
- res/res_pjsip/pjsip_configuration.c 1 addition, 0 deletionsres/res_pjsip/pjsip_configuration.c
- res/res_pjsip_stir_shaken.c 11 additions, 3 deletionsres/res_pjsip_stir_shaken.c
- res/res_stir_shaken.c 79 additions, 11 deletionsres/res_stir_shaken.c
- res/res_stir_shaken/curl.c 58 additions, 2 deletionsres/res_stir_shaken/curl.c
- res/res_stir_shaken/curl.h 4 additions, 1 deletionres/res_stir_shaken/curl.h
- res/res_stir_shaken/profile.c 241 additions, 0 deletionsres/res_stir_shaken/profile.c
- res/res_stir_shaken/profile.h 39 additions, 0 deletionsres/res_stir_shaken/profile.h
- res/res_stir_shaken/profile_private.h 40 additions, 0 deletionsres/res_stir_shaken/profile_private.h
Loading
Please register or sign in to comment