The correct incantations to enable certification common name / subject
alternative name verification, per our code, are `subjects_all`,
`subjects_in`, and `subjects_out` in a Sofia profile's
`tls-verify-policy`. What we've had in our examples and documentation
for years are `all_subjects`, `in_subjects`, and `out_subjects`.
The result of this is that we've almost certainly confused people into
using the incorrect forms. Those poor people will believe that they
are verifying the CN/SAN of the received host certificate against the
list in `tls-verify-in-subjects` when in fact they are not.
One clear issue in this case was that the incorrect forms failed to
have any effect without providing any warning or error. This issue
could not have persisted if we had made more noise about incorrect
input.
Given how long this has been broken, it's tempting to alias the
incorrect forms to the correct ones. However this would certainly
break many existing installations that have, because of this error,
never actually tested their setup with CN/SAN validation enabled.
In this commit, we fix the examples and documentation, and add an
error-level log output when unknown values are passed to
`tls-verify-policy`.
Thanks-to: Andrew Patrikalakis <anrp+freeswitch@anrp.net>
Two new params added to autoload_configs/rayo.conf.xml
offer-algorithm
all: offer to all clients (default and old behavior)
first: offer to first client, fails over to next client in list
random: offer to random client, fails over to next random client
offer-timeout-ms
0: disable
> 0 and < 120000: time to wait for reply from offer. On timeout, next client is offered call.
If no other clients available, call is rejected. 5000 is default.
Ephemeral ECDH (ECDHE) was supported already. This patch adds Ephemeral
DH (DHE). To enable it, add DH parameters into the private-key file of
your server (agent.pem). For example via:
openssl dhparam -out dh.pem 2048
FS-7561 #resolve
FS-7338: remove libsilk from tree, use system lib instead
FS-7338: change to always use system liblua
FS-7338: remove libbroadvoice from tree, use system lib instead
FS-7338: remove libilbc from tree, use system lib instead
FS-7338: remove libs using system libs from bootstrap
FS-7338: remove libg722_1 from tree, use system lib instead
FS-7338: remove mod_celt, it has be superseded by mod_opus
FS-7338: remove libcodec2 from tree, use system lib instead
FS-7338: remove libopus from tree, use system lib instead
FS-7338: remove libsoundtouch build from tree, use system lib instead
FS-7338: remove flite build from tree, use system lib instead
FS-7338: remove openldap build from tree, use system lib instead
FS-7338: remove libmongoc build from tree, use system lib instead
FS-7338: remove mod_mongo deps that are no longer actually required
FS-7338: remove some dup demo modules and don't include demo code in packages
Travis Cross