tcptls: Prevent unsupported options from being set
authorKinsey Moore <kmoore@digium.com>
Fri, 15 Mar 2013 12:53:03 +0000 (12:53 +0000)
committerKinsey Moore <kmoore@digium.com>
Fri, 15 Mar 2013 12:53:03 +0000 (12:53 +0000)
commitad5f3a5759a6e86e364811198432dcc7597f6109
tree5a5415e74d28c7b64af35964795e9e18d5b14b72
parentcacc356bbe211d04a9fea57b6433e0ffa52369df
tcptls: Prevent unsupported options from being set

AMI, HTTP, and chan_sip all support TLS in some way, but none of them
support all the options that Asterisk's TLS core is capable of
interpreting. This prevents consumers of the TLS/SSL layer from setting
TLS/SSL options that they do not support.

This also gets tlsverifyclient closer to a working state by requesting
the client certificate when tlsverifyclient is set. Currently, there is
no consumer of main/tcptls.c in Asterisk that supports this feature and
so it can not be properly tested.

Review: https://reviewboard.asterisk.org/r/2370/
Reported-by: John Bigelow
Patch-by: Kinsey Moore
(closes issue AST-1093)
........

Merged revisions 383165 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 383166 from http://svn.asterisk.org/svn/asterisk/branches/11

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383167 65c4cc65-6c06-0410-ace0-fbb531ad65f3
channels/chan_sip.c
main/http.c
main/manager.c
main/tcptls.c