| | | |
Offset 34017, 1517 lines modified | Offset 34017, 14 lines modified |
34017 | ········</configOption> | 34017 | ········</configOption> |
34018 | ······</configObject> | 34018 | ······</configObject> |
34019 | ····</configFile> | 34019 | ····</configFile> |
34020 | ··</configInfo> | 34020 | ··</configInfo> |
34021 | ··<module·language="en_US"·name="agent"> | 34021 | ··<module·language="en_US"·name="agent"> |
34022 | ····<support_level>extended</support_level> | 34022 | ····<support_level>extended</support_level> |
34023 | ··</module> | 34023 | ··</module> |
34024 | ··<configInfo·name="res_stir_shaken"·language="en_US"> | |
34025 | ····<synopsis>STIR/SHAKEN·module·for·Asterisk</synopsis> | |
34026 | ····<configFile·name="stir_shaken.conf"> | |
34027 | ······<configObject·name="attestation"> | |
34028 | ········<synopsis>STIR/SHAKEN·attestation·options</synopsis> | |
34029 | ········<configOption·name="global_disable"·default="false"> | |
34030 | ··········<synopsis>Globally·disable·verification</synopsis> | |
34031 | ········</configOption> | |
34032 | ········<configOption·name="private_key_file"·default=""> | |
34033 | ··········<synopsis>File·path·to·a·certificate</synopsis> | |
34034 | ········</configOption> | |
34035 | ········<configOption·name="public_cert_url"·default=""> | |
34036 | ··········<synopsis>URL·to·the·public·certificate</synopsis> | |
34037 | ··········<description> | |
34038 | ············<para>Must·be·a·valid·http,·or·https,·URL.</para> | |
34039 | ··········</description> | |
34040 | ········</configOption> | |
34041 | ········<configOption·name="attest_level"> | |
34042 | ··········<synopsis>Attestation·level</synopsis> | |
34043 | ········</configOption> | |
34044 | ········<configOption·name="check_tn_cert_public_url"·default="false"> | |
34045 | ··········<synopsis>On·load,·Retrieve·all·TN's·certificates·and·validate·their·dates</synopsis> | |
34046 | ········</configOption> | |
34047 | ········<configOption·name="send_mky"·default="no"> | |
34048 | ··········<synopsis>Send·a·media·key·(mky)·grant·in·the·attestation·for·DTLS·calls. | |
34049 | » » » » » (not·common)</synopsis> | |
34050 | ········</configOption> | |
34051 | ······</configObject> | |
34052 | ······<configObject·name="tn"> | |
34053 | ········<synopsis>STIR/SHAKEN·TN·options</synopsis> | |
34054 | ········<configOption·name="type"> | |
34055 | ··········<synopsis>Must·be·of·type·'tn'.</synopsis> | |
34056 | ········</configOption> | |
34057 | ········<configOption·name="private_key_file"·default=""> | |
34058 | ··········<synopsis>File·path·to·a·certificate</synopsis> | |
34059 | ········</configOption> | |
34060 | ········<configOption·name="public_cert_url"·default=""> | |
34061 | ··········<synopsis>URL·to·the·public·certificate</synopsis> | |
34062 | ··········<description> | |
34063 | ············<para>Must·be·a·valid·http,·or·https,·URL.</para> | |
34064 | ··········</description> | |
34065 | ········</configOption> | |
34066 | ········<configOption·name="attest_level"> | |
34067 | ··········<synopsis>Attestation·level</synopsis> | |
34068 | ········</configOption> | |
34069 | ········<configOption·name="check_tn_cert_public_url"·default="false"> | |
34070 | ··········<synopsis>On·load,·Retrieve·all·TN's·certificates·and·validate·their·dates</synopsis> | |
34071 | ········</configOption> | |
34072 | ········<configOption·name="send_mky"·default="no"> | |
34073 | ··········<synopsis>Send·a·media·key·(mky)·grant·in·the·attestation·for·DTLS·calls. | |
34074 | » » » » » (not·common)</synopsis> | |
34075 | ········</configOption> | |
34076 | ······</configObject> | |
34077 | ······<configObject·name="verification"> | |
34078 | ········<synopsis>STIR/SHAKEN·verification·options</synopsis> | |
34079 | ········<configOption·name="global_disable"·default="false"> | |
34080 | ··········<synopsis>Globally·disable·verification</synopsis> | |
34081 | ········</configOption> | |
34082 | ········<configOption·name="load_system_certs"·default=""> | |
34083 | ··········<synopsis>A·boolean·indicating·whether·trusted·CA·certificates·should·be·loaded·from·the·system</synopsis> | |
34084 | ········</configOption> | |
34085 | ········<configOption·name="ca_file"·default=""> | |
34086 | ··········<synopsis>Path·to·a·file·containing·one·or·more·CA·certs·in·PEM·format</synopsis> | |
34087 | ··········<description> | |
34088 | ············<para>These·certs·are·used·to·verify·the·chain·of·trust·for·the | |
34089 | » » » » » » certificate·retrieved·from·the·X5U·Identity·header·parameter.··This | |
34090 | » » » » » » file·must·have·the·root·CA·certificate,·the·certificate·of·the | |
34091 | » » » » » » issuer·of·the·X5U·certificate,·and·any·intermediate·certificates | |
34092 | » » » » » » between·them.</para> | |
34093 | ············<para>See·https://docs.asterisk.org/Deployment/STIR-SHAKEN/·for·more·information.</para> | |
34094 | ··········</description> | |
34095 | ········</configOption> | |
34096 | ········<configOption·name="ca_path"·default=""> | |
34097 | ··········<synopsis>Path·to·a·directory·containing·one·or·more·hashed·CA·certs</synopsis> | |
34098 | ··········<description> | |
34099 | ············<xi:include·xpointer="xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='ca_file']/description/node())"/> | |
34100 | ············<para> | |
34101 | ··············For·this·option,·the·individual·certificates·must·be·placed·in | |
34102 | » » » » » » the·directory·specified·and·hashed·using·the | |
34103 | ··············<literal>openssl·rehash</literal> | |
34104 | ··············command. | |
34105 | ············</para> | |
34106 | ············<para>See·https://docs.asterisk.org/Deployment/STIR-SHAKEN/·for·more·information.</para> | |
34107 | ··········</description> | |
34108 | ········</configOption> | |
34109 | ········<configOption·name="crl_file"·default=""> | |
34110 | ··········<synopsis>Path·to·a·file·containing·one·or·more·CRLs·in·PEM·format</synopsis> | |
34111 | ··········<description> | |
34112 | ············<para>If·you·with·to·check·if·the·certificate·in·the·X5U·Identity·header | |
34113 | » » » » » » parameter·has·been·revoked,·you'll·need·the·certificate·revocation | |
34114 | » » » » » » list·generated·by·the·issuer.</para> | |
34115 | ············<para>See·https://docs.asterisk.org/Deployment/STIR-SHAKEN/·for·more·information.</para> | |
34116 | ··········</description> | |
34117 | ········</configOption> | |
34118 | ········<configOption·name="crl_path"·default=""> | |
34119 | ··········<synopsis>Path·to·a·directory·containing·one·or·more·hashed·CRLs</synopsis> | |
34120 | ··········<description> | |
34121 | ············<xi:include·xpointer="xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='crl_file']/description/node())"/> | |
34122 | ············<para> | |
34123 | ··············For·this·option,·the·individual·CRLs·must·be·placed·in | |
34124 | » » » » » » the·directory·specified·and·hashed·using·the | |
34125 | ··············<literal>openssl·rehash</literal> | |
34126 | ··············command. | |
34127 | ············</para> | |
34128 | ············<para>See·https://docs.asterisk.org/Deployment/STIR-SHAKEN/·for·more·information.</para> | |
34129 | ··········</description> | |
34130 | ········</configOption> | |
34131 | ········<configOption·name="untrusted_cert_file"·default=""> | |
34132 | ··········<synopsis>Path·to·a·file·containing·one·or·more·untrusted·cert·in·PEM·format·used·to·verify·CRLs</synopsis> | |
34133 | ··········<description> | |
34134 | ············<para>If·you·with·to·check·if·the·certificate·in·the·X5U·Identity·header | |
34135 | » » » » » parameter·has·been·revoked,·you'll·need·the·certificate·revocation | |
34136 | » » » » » list·generated·by·the·issuer.··Unfortunately,·sometimes·the·CRLs·are·signed·by·a | |
34137 | » » » » » different·CA·than·the·certificate·being·verified.··In·this·case,·you | |
34138 | » » » » » may·need·to·provide·the·untrusted·certificate·to·verify·the·CRL.</para> | |
34139 | ············<para>See·https://docs.asterisk.org/Deployment/STIR-SHAKEN/·for·more·information.</para> | |
34140 | ··········</description> | |
34141 | ········</configOption> | |
34142 | ········<configOption·name="untrusted_cert_path"·default=""> | |
34143 | ··········<synopsis>Path·to·a·directory·containing·one·or·more·hashed·untrusted·certs·used·to·verify·CRLs</synopsis> | |
Max diff block lines reached; 83652/166238 bytes (50.32%) of diff not shown.
|