#9623: update sip.conf for tls test account

2025-08-12 22:09:25 +08:00 · 2012-04-17 14:55:15 -04:00
parent 983beff34b
commit c84f06eb4c
1 changed files with 33 additions and 15 deletions
--- a/tools/asterisk/sip.conf
+++ b/tools/asterisk/sip.conf
@ -194,8 +194,8 @@ tcpenable=no                    ; Enable server for incoming TCP connections (de
 tcpbindaddr=0.0.0.0             ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
                                ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060)

-;tlsenable=no                   ; Enable server for incoming TLS (secure) connections (default is no)
-;tlsbindaddr=0.0.0.0            ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
+tlsenable=yes                   ; Enable server for incoming TLS (secure) connections (default is no)
+tlsbindaddr=0.0.0.0:5061        ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
                                ; Optionally add a port number, 192.168.1.1:5063 (default is port 5061)
                                ; Remember that the IP address must match the common name (hostname) in the
                                ; certificate, so you don't want to bind a TLS socket to multiple IP addresses.
@ -212,7 +212,7 @@ tcpbindaddr=0.0.0.0             ; IP address for TCP server to bind to (0.0.0.0
 				; unauthenticated sessions that will be allowed
                                ; to connect at any given time. (default: 100)

-srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
+;srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                                ; Note: Asterisk only uses the first host
                                ; in SRV records
                                ; Disabling DNS SRV lookups disables the
@ -447,37 +447,37 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                      ; Set to yes add Reason header and use Reason header if it is available.
 ;
 ;------------------------ TLS settings ------------------------------------------------------------
-;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections
-                                        ; default is to look for "asterisk.pem" in current directory
+tlscertfile=/etc/asterisk/keys/asterisk.pem ; Certificate file (*.pem format only) to use for TLS connections
+                                       ; default is to look for "asterisk.pem" in current directory

-;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections.
-                                      ; If no tlsprivatekey is specified, tlscertfile is searched for
-                                      ; for both public and private key.
+; tlsprivatekey=/etc/asterisk/keys/asterisk.key ; Private key file (*.pem format only) for TLS connections.
+                                     ; If no tlsprivatekey is specified, tlscertfile is searched for
+                                     ; for both public and private key.

-;tlscafile=</path/to/certificate>
+; tlscafile=/etc/asterisk/keys/ca.crt
 ;        If the server your connecting to uses a self signed certificate
 ;        you should have their certificate installed here so the code can
 ;        verify the authenticity of their certificate.

-;tlscapath=</path/to/ca/dir>
+; tlscapath=/etc/asterisk/keys/
 ;        A directory full of CA certificates.  The files must be named with
 ;        the CA subject name hash value.
 ;        (see man SSL_CTX_load_verify_locations for more info)

-;tlsdontverifyserver=[yes|no]
+; tlsdontverifyserver=[yes|no]
 ;        If set to yes, don't verify the servers certificate when acting as
 ;        a client.  If you don't have the server's CA certificate you can
 ;        set this and it will connect without requiring tlscafile to be set.
 ;        Default is no.

-;tlscipher=<SSL cipher string>
+; tlscipher=ALL
 ;        A string specifying which SSL ciphers to use or not use
 ;        A list of valid SSL cipher strings can be found at:
 ;                http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
 ;
-;tlsclientmethod=tlsv1     ; values include tlsv1, sslv3, sslv2.
-                           ; Specify protocol for outbound client connections.
-                           ; If left unspecified, the default is sslv2.
+; tlsclientmethod=tlsv1     ; values include tlsv1, sslv3, sslv2.
+                            ; Specify protocol for outbound client connections.
+                            ; If left unspecified, the default is sslv2.
 ;
 ;--------------------------- SIP timers ----------------------------------------------------
 ; These timers are used primarily in INVITE transactions.
@ -1358,3 +1358,21 @@ host=dynamic
 username=300
 canreinvite=no
 allow=all
+
+[400]
+type=friend
+host=dynamic
+username=400
+canreinvite=no
+allow=all
+
+[testphone1]
+context=default
+type=friend
+secret=savoirfairelinux
+host=dynamic
+insecure=invite,port
+dtmfmode=rfc2833
+transport=tls
+allow=all
+nat=yes