Kristijan Vrban wrote: > i will use --enable-srtp_tls, --enable-vrban, well... :) the work if > have done was to port the two old * > patches to CW. They are not written by me. In the moment you only need > --enable-srtp, > TLS/TCP is activ by default in the branch. > > Based on this two old * patches: > > SRTP patch: > http://bugs.digium.com/view.php?id=5413 > > TCP/TLS patch: > http://bugs.digium.com/view.php?id=4903 > > ssl certificate into /usr/local/share/callweaver/keys:
pls respect ./configure'd (fhs) fs layouts. > get them here: > http://bugs.digium.com/file_download.php?file_id=7153&type=bug > > But then you need to set "asterisk" as serverkeypassword in sip.conf. > So i suggest to create your own ssl certificates. > > You can test srtp/tls with the softphone phonerlite (windows only, but > works fine with wine) and snom phones. > srtp and tcp (without tls) also with grandstream. Twinkle has support already. libopal? R.Jongbloed has called for testing but i dont know if opal supports it automatically with Ekiga 2.9 SVN. and someone needs to fix the unresolved symbols linker err with srtp in opal by .so linking with Ekiga, and srtp code in opal looks little incomplete to me. > > The only (german) Provider with srtp(without tls) i know is dus.net. > > Kristijan y tom > > thomas schorpp schrieb: >> Kristijan Vrban wrote: >> >>> sure, i iam also a friend of stability. But srtp and tls are disabled by >>> default. To activate you will >>> still need a --enable-encryption (what i will add later). So the risk to >>> breaking something is >>> >> wrong name, use --enable-srtp_tls, "encryption" misses auth. >> >> >>> minimized. Most stuff is jailed in #ifdef's >>> >> ok. >> >> >>> But the trueness is... i threatened to put the patch into 1.2 to awaken >>> some people to test the >>> srtp_tls branch and get some feedback on it :) >>> >> i know ;) >> so lets use --enable-vrban to credit the great work by person cult :D >> >> tell me some peers and sip-providers supporting it. >> >> >>> >>> Kristijan >>> >>> >> y >> tom >> >> >>> thomas schorpp schrieb: >>> >>>> Duane at e164 dot org wrote: >>>> >>>> >>>>> Kristijan Vrban wrote: >>>>> >>>>> >>>>>> that's why i wanted to put it into 1.2. As long as it sleeps in my >>>>>> private branch, i am the only tester. >>>>>> My limited tests show: it compiles, produced no crash and srtp and tls >>>>>> are working. >>>>>> >>>>>> >>>>> I'm happy to give it a go, will compile it up shortly and see how things >>>>> go. >>>>> >>>>> >>>>> >>>> i would second that. but for trunk only. risk of breaking stable branch >>>> due to "limited tests" is too high. >>>> >>>> y >>>> tom >>>> _______________________________________________ Callweaver-dev mailing list [email protected] http://lists.callweaver.org/mailman/listinfo/callweaver-dev
