{"diffoscope-json-version": 1, "source1": "/srv/reproducible-results/rbuild-debian/r-b-build.GH7Scfq9/b1/asterisk_22.0.0~dfsg+~cs6.14.60671435-1_armhf.changes", "source2": "/srv/reproducible-results/rbuild-debian/r-b-build.GH7Scfq9/b2/asterisk_22.0.0~dfsg+~cs6.14.60671435-1_armhf.changes", "unified_diff": null, "details": [{"source1": "Files", "source2": "Files", "unified_diff": "@@ -13,8 +13,8 @@\n  2360576628500771fe58b8f2692e70eb 64136 comm optional asterisk-mp3_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n  82b41b1ac21a7b89473edbbd7486825d 68620 debug optional asterisk-mysql-dbgsym_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n  55589ac1f7eef46327427e593c7b274c 63292 comm optional asterisk-mysql_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n  8dff8e0d54e5f2cd3c7d8d08a51a1bcc 1133664 debug optional asterisk-ooh323-dbgsym_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n  a00ed03291601653a3862aba0232a96c 336424 comm optional asterisk-ooh323_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n  e8a3a7ff2ffa26dc9e8965738ad3067b 1306236 debug optional asterisk-tests-dbgsym_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n  42bef43b1d73b27d6dca5aefd8905efc 556888 comm optional asterisk-tests_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n- 4092836b1115ff21c893a0d0f1d9e455 2188564 comm optional asterisk_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n+ 508a88c6cc1d834b9dc02f92caa7edc6 2188568 comm optional asterisk_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb\n"}, {"source1": "asterisk_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb", "source2": "asterisk_22.0.0~dfsg+~cs6.14.60671435-1_armhf.deb", "unified_diff": null, "details": [{"source1": "file list", "source2": "file list", "unified_diff": "@@ -1,3 +1,3 @@\n -rw-r--r--   0        0        0        4 2024-10-23 11:39:34.000000 debian-binary\n--rw-r--r--   0        0        0     8296 2024-10-23 11:39:34.000000 control.tar.xz\n+-rw-r--r--   0        0        0     8300 2024-10-23 11:39:34.000000 control.tar.xz\n -rw-r--r--   0        0        0  2180076 2024-10-23 11:39:34.000000 data.tar.xz\n"}, {"source1": "control.tar.xz", "source2": "control.tar.xz", "unified_diff": null, "details": [{"source1": "control.tar", "source2": "control.tar", "unified_diff": null, "details": [{"source1": "./md5sums", "source2": "./md5sums", "unified_diff": null, "details": [{"source1": "./md5sums", "source2": "./md5sums", "comments": ["Files differ"], "unified_diff": null}]}]}]}, {"source1": "data.tar.xz", "source2": "data.tar.xz", "unified_diff": null, "details": [{"source1": "data.tar", "source2": "data.tar", "unified_diff": null, "details": [{"source1": "./usr/share/asterisk/documentation/core-en_US.xml", "source2": "./usr/share/asterisk/documentation/core-en_US.xml", "unified_diff": null, "details": [{"source1": "./usr/share/asterisk/documentation/core-en_US.xml", "source2": "./usr/share/asterisk/documentation/core-en_US.xml", "comments": ["Ordering differences only"], "unified_diff": "@@ -33778,298 +33778,14 @@\n         </configOption>\n       </configObject>\n     </configFile>\n   </configInfo>\n   <module language=\"en_US\" name=\"agent\">\n     <support_level>extended</support_level>\n   </module>\n-  <configInfo name=\"res_stir_shaken\" language=\"en_US\">\n-    <synopsis>STIR/SHAKEN module for Asterisk</synopsis>\n-    <configFile name=\"stir_shaken.conf\">\n-      <configObject name=\"attestation\">\n-        <synopsis>STIR/SHAKEN attestation options</synopsis>\n-        <configOption name=\"global_disable\" default=\"false\">\n-          <synopsis>Globally disable verification</synopsis>\n-        </configOption>\n-        <configOption name=\"private_key_file\" default=\"\">\n-          <synopsis>File path to a certificate</synopsis>\n-        </configOption>\n-        <configOption name=\"public_cert_url\" default=\"\">\n-          <synopsis>URL to the public certificate</synopsis>\n-          <description>\n-            <para>Must be a valid http, or https, URL.</para>\n-          </description>\n-        </configOption>\n-        <configOption name=\"attest_level\">\n-          <synopsis>Attestation level</synopsis>\n-        </configOption>\n-        <configOption name=\"check_tn_cert_public_url\" default=\"false\">\n-          <synopsis>On load, Retrieve all TN's certificates and validate their dates</synopsis>\n-        </configOption>\n-        <configOption name=\"send_mky\" default=\"no\">\n-          <synopsis>Send a media key (mky) grant in the attestation for DTLS calls.\n-\t\t\t\t\t(not common)</synopsis>\n-        </configOption>\n-      </configObject>\n-      <configObject name=\"tn\">\n-        <synopsis>STIR/SHAKEN TN options</synopsis>\n-        <configOption name=\"type\">\n-          <synopsis>Must be of type 'tn'.</synopsis>\n-        </configOption>\n-        <configOption name=\"private_key_file\" default=\"\">\n-          <synopsis>File path to a certificate</synopsis>\n-        </configOption>\n-        <configOption name=\"public_cert_url\" default=\"\">\n-          <synopsis>URL to the public certificate</synopsis>\n-          <description>\n-            <para>Must be a valid http, or https, URL.</para>\n-          </description>\n-        </configOption>\n-        <configOption name=\"attest_level\">\n-          <synopsis>Attestation level</synopsis>\n-        </configOption>\n-        <configOption name=\"check_tn_cert_public_url\" default=\"false\">\n-          <synopsis>On load, Retrieve all TN's certificates and validate their dates</synopsis>\n-        </configOption>\n-        <configOption name=\"send_mky\" default=\"no\">\n-          <synopsis>Send a media key (mky) grant in the attestation for DTLS calls.\n-\t\t\t\t\t(not common)</synopsis>\n-        </configOption>\n-      </configObject>\n-      <configObject name=\"verification\">\n-        <synopsis>STIR/SHAKEN verification options</synopsis>\n-        <configOption name=\"global_disable\" default=\"false\">\n-          <synopsis>Globally disable verification</synopsis>\n-        </configOption>\n-        <configOption name=\"load_system_certs\" default=\"\">\n-          <synopsis>A boolean indicating whether trusted CA certificates should be loaded from the system</synopsis>\n-        </configOption>\n-        <configOption name=\"ca_file\" default=\"\">\n-          <synopsis>Path to a file containing one or more CA certs in PEM format</synopsis>\n-          <description>\n-            <para>These certs are used to verify the chain of trust for the\n-\t\t\t\t\t\tcertificate retrieved from the X5U Identity header parameter.  This\n-\t\t\t\t\t\tfile must have the root CA certificate, the certificate of the\n-\t\t\t\t\t\tissuer of the X5U certificate, and any intermediate certificates\n-\t\t\t\t\t\tbetween them.</para>\n-            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n-          </description>\n-        </configOption>\n-        <configOption name=\"ca_path\" default=\"\">\n-          <synopsis>Path to a directory containing one or more hashed CA certs</synopsis>\n-          <description>\n-            <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='ca_file']/description/node())\"/>\n-            <para>\n-              For this option, the individual certificates must be placed in\n-\t\t\t\t\t\tthe directory specified and hashed using the\n-              <literal>openssl rehash</literal>\n-              command.\n-            </para>\n-            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n-          </description>\n-        </configOption>\n-        <configOption name=\"crl_file\" default=\"\">\n-          <synopsis>Path to a file containing one or more CRLs in PEM format</synopsis>\n-          <description>\n-            <para>If you with to check if the certificate in the X5U Identity header\n-\t\t\t\t\t\tparameter has been revoked, you'll need the certificate revocation\n-\t\t\t\t\t\tlist generated by the issuer.</para>\n-            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n-          </description>\n-        </configOption>\n-        <configOption name=\"crl_path\" default=\"\">\n-          <synopsis>Path to a directory containing one or more hashed CRLs</synopsis>\n-          <description>\n-            <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='crl_file']/description/node())\"/>\n-            <para>\n-              For this option, the individual CRLs must be placed in\n-\t\t\t\t\t\tthe directory specified and hashed using the\n-              <literal>openssl rehash</literal>\n-              command.\n-            </para>\n-            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n-          </description>\n-        </configOption>\n-        <configOption name=\"untrusted_cert_file\" default=\"\">\n-          <synopsis>Path to a file containing one or more untrusted cert in PEM format used to verify CRLs</synopsis>\n-          <description>\n-            <para>If you with to check if the certificate in the X5U Identity header\n-\t\t\t\t\tparameter has been revoked, you'll need the certificate revocation\n-\t\t\t\t\tlist generated by the issuer.  Unfortunately, sometimes the CRLs are signed by a\n-\t\t\t\t\tdifferent CA than the certificate being verified.  In this case, you\n-\t\t\t\t\tmay need to provide the untrusted certificate to verify the CRL.</para>\n-            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n-          </description>\n-        </configOption>\n-        <configOption name=\"untrusted_cert_path\" default=\"\">\n-          <synopsis>Path to a directory containing one or more hashed untrusted certs used to verify CRLs</synopsis>\n-          <description>\n-            <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='untrusted_cert_file']/description/node())\"/>\n-            <para>\n-              For this option, the individual certificates must be placed in\n-\t\t\t\t\t\tthe directory specified and hashed using the\n-              <literal>openssl rehash</literal>\n-              command.\n-            </para>\n-            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n-          </description>\n-        </configOption>\n-        <configOption name=\"cert_cache_dir\" default=\"\">\n-          <synopsis>Directory to cache retrieved verification certs</synopsis>\n-        </configOption>\n-        <configOption name=\"curl_timeout\" default=\"2\">\n-          <synopsis>Maximum time to wait to CURL certificates</synopsis>\n-        </configOption>\n-        <configOption name=\"max_cache_entry_age\" default=\"60\">\n-          <synopsis>Number of seconds a cache entry may be behind current time</synopsis>\n-        </configOption>\n-        <configOption name=\"max_cache_size\" default=\"1000\">\n-          <synopsis>Maximum size to use for caching public keys</synopsis>\n-        </configOption>\n-        <configOption name=\"max_iat_age\" default=\"15\">\n-          <synopsis>Number of seconds an iat grant may be behind current time</synopsis>\n-        </configOption>\n-        <configOption name=\"max_date_header_age\" default=\"15\">\n-          <synopsis>Number of seconds a SIP Date header may be behind current time</synopsis>\n-        </configOption>\n-        <configOption name=\"failure_action\" default=\"continue\">\n-          <synopsis>The default failure action when not set on a profile</synopsis>\n-          <description>\n-            <enumlist>\n-              <enum name=\"continue\">\n-                <para>\n-                  If set to\n-                  <literal>continue</literal>\n-                  , continue and let\n-\t\t\t\t\t\t\tthe dialplan decide what action to take.\n-                </para>\n-              </enum>\n-              <enum name=\"reject_request\">\n-                <para>\n-                  If set to\n-                  <literal>reject_request</literal>\n-                  , reject the incoming\n-\t\t\t\t\t\t\trequest with response codes defined in RFC8224.\n-                </para>\n-              </enum>\n-              <enum name=\"continue_return_reason\">\n-                <para>\n-                  If set to\n-                  <literal>return_reason</literal>\n-                  , continue to the\n-\t\t\t\t\t\t\tdialplan but add a\n-                  <literal>Reason</literal>\n-                  header to the sender in\n-\t\t\t\t\t\t\tthe next provisional response.\n-                </para>\n-              </enum>\n-            </enumlist>\n-          </description>\n-        </configOption>\n-        <configOption name=\"use_rfc9410_responses\" default=\"no\">\n-          <synopsis>RFC9410 uses the STIR protocol on Reason headers\n-\t\t\t\t\tinstead of the SIP protocol</synopsis>\n-        </configOption>\n-        <configOption name=\"relax_x5u_port_scheme_restrictions\" default=\"no\">\n-          <synopsis>Relaxes check for &quot;https&quot; and port 443 or 8443\n-\t\t\t\t\tin incoming Identity header x5u URLs.</synopsis>\n-        </configOption>\n-        <configOption name=\"relax_x5u_path_restrictions\" default=\"no\">\n-          <synopsis>Relaxes check for query parameters, user/password, etc.\n-\t\t\t\t\tin incoming Identity header x5u URLs.</synopsis>\n-        </configOption>\n-        <configOption name=\"x5u_acl\" default=\"\">\n-          <synopsis>An existing ACL from acl.conf to use when checking\n-\t\t\t\t\thostnames in incoming Identity header x5u URLs.</synopsis>\n-        </configOption>\n-        <configOption name=\"x5u_permit\" default=\"\">\n-          <synopsis>An IP or subnet to permit when checking\n-\t\t\t\t\thostnames in incoming Identity header x5u URLs.</synopsis>\n-        </configOption>\n-        <configOption name=\"x5u_deny\" default=\"\">\n-          <synopsis>An IP or subnet to deny  checking\n-\t\t\t\t\thostnames in incoming Identity header x5u URLs.</synopsis>\n-        </configOption>\n-      </configObject>\n-      <configObject name=\"profile\">\n-        <synopsis>STIR/SHAKEN profile configuration options</synopsis>\n-        <configOption name=\"type\">\n-          <synopsis>Must be of type 'profile'.</synopsis>\n-        </configOption>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='load_system_certs'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='ca_file'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='ca_path'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='crl_file'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='crl_path'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='untrusted_cert_file'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='untrusted_cert_path'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='cert_cache_dir'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='curl_timeout'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='max_iat_age'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='max_date_header_age'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='max_cache_entry_age'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='max_cache_size'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='failure_action'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='use_rfc9410_responses'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='relax_x5u_port_scheme_restrictions'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='relax_x5u_path_restrictions'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='x5u_acl'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='x5u_permit'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='x5u_deny'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='check_tn_cert_public_url'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='private_key_file'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='public_cert_url'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='attest_level'])\"/>\n-        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='send_mky'])\"/>\n-        <configOption name=\"endpoint_behavior\" default=\"off\">\n-          <synopsis>Actions performed when an endpoint references this profile</synopsis>\n-          <description>\n-            <enumlist>\n-              <enum name=\"off\">\n-                <para>Don't do any STIR/SHAKEN processing.</para>\n-              </enum>\n-              <enum name=\"attest\">\n-                <para>Attest on outgoing calls.</para>\n-              </enum>\n-              <enum name=\"verify\">\n-                <para>Verify incoming calls.</para>\n-              </enum>\n-              <enum name=\"on\">\n-                <para>Attest outgoing calls and verify incoming calls.</para>\n-              </enum>\n-            </enumlist>\n-          </description>\n-        </configOption>\n-      </configObject>\n-    </configFile>\n-  </configInfo>\n-  <function name=\"STIR_SHAKEN\" language=\"en_US\">\n-    <synopsis>Gets the number of STIR/SHAKEN results or a specific STIR/SHAKEN value from a result on the channel.</synopsis>\n-    <syntax>\n-      <parameter name=\"index\" required=\"true\">\n-        <para>The index of the STIR/SHAKEN result to get. If only 'count' is passed in, gets the number of STIR/SHAKEN results instead.</para>\n-      </parameter>\n-      <parameter name=\"value\" required=\"false\">\n-        <para>The value to get from the STIR/SHAKEN result. Only used when an index is passed in (instead of 'count'). Allowable values:</para>\n-        <enumlist>\n-          <enum name=\"identity\"/>\n-          <enum name=\"attestation\"/>\n-          <enum name=\"verify_result\"/>\n-        </enumlist>\n-      </parameter>\n-    </syntax>\n-    <description>\n-      <para>This function will either return the number of STIR/SHAKEN identities, or return information on the specified identity.\n-\t\t\tTo get the number of identities, just pass 'count' as the only parameter to the function. If you want to get information on a\n-\t\t\tspecific STIR/SHAKEN identity, you can get the number of identities and then pass an index as the first parameter and one of\n-\t\t\tthe values you would like to retrieve as the second parameter.</para>\n-      <example title=\"Get count and retrieve value\">same =&gt; n,NoOp(Number of STIR/SHAKEN identities: ${STIR_SHAKEN(count)})\n-\t\t\tsame =&gt; n,NoOp(Identity ${STIR_SHAKEN(0, identity)} has attestation level ${STIR_SHAKEN(0, attestation)})</example>\n-    </description>\n-  </function>\n   <configInfo name=\"res_pjsip\" language=\"en_US\">\n     <synopsis>SIP Resource using PJProject</synopsis>\n     <configFile name=\"pjsip.conf\">\n       <configObject name=\"endpoint\">\n         <synopsis>Endpoint</synopsis>\n         <description>\n           <para>\n@@ -38221,14 +37937,298 @@\n             <parameter name=\"EventList\"/>\n             <parameter name=\"ListItems\"/>\n           </syntax>\n         </managerEventInstance>\n       </managerEvent>\n     </responses>\n   </manager>\n+  <configInfo name=\"res_stir_shaken\" language=\"en_US\">\n+    <synopsis>STIR/SHAKEN module for Asterisk</synopsis>\n+    <configFile name=\"stir_shaken.conf\">\n+      <configObject name=\"attestation\">\n+        <synopsis>STIR/SHAKEN attestation options</synopsis>\n+        <configOption name=\"global_disable\" default=\"false\">\n+          <synopsis>Globally disable verification</synopsis>\n+        </configOption>\n+        <configOption name=\"private_key_file\" default=\"\">\n+          <synopsis>File path to a certificate</synopsis>\n+        </configOption>\n+        <configOption name=\"public_cert_url\" default=\"\">\n+          <synopsis>URL to the public certificate</synopsis>\n+          <description>\n+            <para>Must be a valid http, or https, URL.</para>\n+          </description>\n+        </configOption>\n+        <configOption name=\"attest_level\">\n+          <synopsis>Attestation level</synopsis>\n+        </configOption>\n+        <configOption name=\"check_tn_cert_public_url\" default=\"false\">\n+          <synopsis>On load, Retrieve all TN's certificates and validate their dates</synopsis>\n+        </configOption>\n+        <configOption name=\"send_mky\" default=\"no\">\n+          <synopsis>Send a media key (mky) grant in the attestation for DTLS calls.\n+\t\t\t\t\t(not common)</synopsis>\n+        </configOption>\n+      </configObject>\n+      <configObject name=\"tn\">\n+        <synopsis>STIR/SHAKEN TN options</synopsis>\n+        <configOption name=\"type\">\n+          <synopsis>Must be of type 'tn'.</synopsis>\n+        </configOption>\n+        <configOption name=\"private_key_file\" default=\"\">\n+          <synopsis>File path to a certificate</synopsis>\n+        </configOption>\n+        <configOption name=\"public_cert_url\" default=\"\">\n+          <synopsis>URL to the public certificate</synopsis>\n+          <description>\n+            <para>Must be a valid http, or https, URL.</para>\n+          </description>\n+        </configOption>\n+        <configOption name=\"attest_level\">\n+          <synopsis>Attestation level</synopsis>\n+        </configOption>\n+        <configOption name=\"check_tn_cert_public_url\" default=\"false\">\n+          <synopsis>On load, Retrieve all TN's certificates and validate their dates</synopsis>\n+        </configOption>\n+        <configOption name=\"send_mky\" default=\"no\">\n+          <synopsis>Send a media key (mky) grant in the attestation for DTLS calls.\n+\t\t\t\t\t(not common)</synopsis>\n+        </configOption>\n+      </configObject>\n+      <configObject name=\"verification\">\n+        <synopsis>STIR/SHAKEN verification options</synopsis>\n+        <configOption name=\"global_disable\" default=\"false\">\n+          <synopsis>Globally disable verification</synopsis>\n+        </configOption>\n+        <configOption name=\"load_system_certs\" default=\"\">\n+          <synopsis>A boolean indicating whether trusted CA certificates should be loaded from the system</synopsis>\n+        </configOption>\n+        <configOption name=\"ca_file\" default=\"\">\n+          <synopsis>Path to a file containing one or more CA certs in PEM format</synopsis>\n+          <description>\n+            <para>These certs are used to verify the chain of trust for the\n+\t\t\t\t\t\tcertificate retrieved from the X5U Identity header parameter.  This\n+\t\t\t\t\t\tfile must have the root CA certificate, the certificate of the\n+\t\t\t\t\t\tissuer of the X5U certificate, and any intermediate certificates\n+\t\t\t\t\t\tbetween them.</para>\n+            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n+          </description>\n+        </configOption>\n+        <configOption name=\"ca_path\" default=\"\">\n+          <synopsis>Path to a directory containing one or more hashed CA certs</synopsis>\n+          <description>\n+            <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='ca_file']/description/node())\"/>\n+            <para>\n+              For this option, the individual certificates must be placed in\n+\t\t\t\t\t\tthe directory specified and hashed using the\n+              <literal>openssl rehash</literal>\n+              command.\n+            </para>\n+            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n+          </description>\n+        </configOption>\n+        <configOption name=\"crl_file\" default=\"\">\n+          <synopsis>Path to a file containing one or more CRLs in PEM format</synopsis>\n+          <description>\n+            <para>If you with to check if the certificate in the X5U Identity header\n+\t\t\t\t\t\tparameter has been revoked, you'll need the certificate revocation\n+\t\t\t\t\t\tlist generated by the issuer.</para>\n+            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n+          </description>\n+        </configOption>\n+        <configOption name=\"crl_path\" default=\"\">\n+          <synopsis>Path to a directory containing one or more hashed CRLs</synopsis>\n+          <description>\n+            <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='crl_file']/description/node())\"/>\n+            <para>\n+              For this option, the individual CRLs must be placed in\n+\t\t\t\t\t\tthe directory specified and hashed using the\n+              <literal>openssl rehash</literal>\n+              command.\n+            </para>\n+            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n+          </description>\n+        </configOption>\n+        <configOption name=\"untrusted_cert_file\" default=\"\">\n+          <synopsis>Path to a file containing one or more untrusted cert in PEM format used to verify CRLs</synopsis>\n+          <description>\n+            <para>If you with to check if the certificate in the X5U Identity header\n+\t\t\t\t\tparameter has been revoked, you'll need the certificate revocation\n+\t\t\t\t\tlist generated by the issuer.  Unfortunately, sometimes the CRLs are signed by a\n+\t\t\t\t\tdifferent CA than the certificate being verified.  In this case, you\n+\t\t\t\t\tmay need to provide the untrusted certificate to verify the CRL.</para>\n+            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n+          </description>\n+        </configOption>\n+        <configOption name=\"untrusted_cert_path\" default=\"\">\n+          <synopsis>Path to a directory containing one or more hashed untrusted certs used to verify CRLs</synopsis>\n+          <description>\n+            <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='untrusted_cert_file']/description/node())\"/>\n+            <para>\n+              For this option, the individual certificates must be placed in\n+\t\t\t\t\t\tthe directory specified and hashed using the\n+              <literal>openssl rehash</literal>\n+              command.\n+            </para>\n+            <para>See https://docs.asterisk.org/Deployment/STIR-SHAKEN/ for more information.</para>\n+          </description>\n+        </configOption>\n+        <configOption name=\"cert_cache_dir\" default=\"\">\n+          <synopsis>Directory to cache retrieved verification certs</synopsis>\n+        </configOption>\n+        <configOption name=\"curl_timeout\" default=\"2\">\n+          <synopsis>Maximum time to wait to CURL certificates</synopsis>\n+        </configOption>\n+        <configOption name=\"max_cache_entry_age\" default=\"60\">\n+          <synopsis>Number of seconds a cache entry may be behind current time</synopsis>\n+        </configOption>\n+        <configOption name=\"max_cache_size\" default=\"1000\">\n+          <synopsis>Maximum size to use for caching public keys</synopsis>\n+        </configOption>\n+        <configOption name=\"max_iat_age\" default=\"15\">\n+          <synopsis>Number of seconds an iat grant may be behind current time</synopsis>\n+        </configOption>\n+        <configOption name=\"max_date_header_age\" default=\"15\">\n+          <synopsis>Number of seconds a SIP Date header may be behind current time</synopsis>\n+        </configOption>\n+        <configOption name=\"failure_action\" default=\"continue\">\n+          <synopsis>The default failure action when not set on a profile</synopsis>\n+          <description>\n+            <enumlist>\n+              <enum name=\"continue\">\n+                <para>\n+                  If set to\n+                  <literal>continue</literal>\n+                  , continue and let\n+\t\t\t\t\t\t\tthe dialplan decide what action to take.\n+                </para>\n+              </enum>\n+              <enum name=\"reject_request\">\n+                <para>\n+                  If set to\n+                  <literal>reject_request</literal>\n+                  , reject the incoming\n+\t\t\t\t\t\t\trequest with response codes defined in RFC8224.\n+                </para>\n+              </enum>\n+              <enum name=\"continue_return_reason\">\n+                <para>\n+                  If set to\n+                  <literal>return_reason</literal>\n+                  , continue to the\n+\t\t\t\t\t\t\tdialplan but add a\n+                  <literal>Reason</literal>\n+                  header to the sender in\n+\t\t\t\t\t\t\tthe next provisional response.\n+                </para>\n+              </enum>\n+            </enumlist>\n+          </description>\n+        </configOption>\n+        <configOption name=\"use_rfc9410_responses\" default=\"no\">\n+          <synopsis>RFC9410 uses the STIR protocol on Reason headers\n+\t\t\t\t\tinstead of the SIP protocol</synopsis>\n+        </configOption>\n+        <configOption name=\"relax_x5u_port_scheme_restrictions\" default=\"no\">\n+          <synopsis>Relaxes check for &quot;https&quot; and port 443 or 8443\n+\t\t\t\t\tin incoming Identity header x5u URLs.</synopsis>\n+        </configOption>\n+        <configOption name=\"relax_x5u_path_restrictions\" default=\"no\">\n+          <synopsis>Relaxes check for query parameters, user/password, etc.\n+\t\t\t\t\tin incoming Identity header x5u URLs.</synopsis>\n+        </configOption>\n+        <configOption name=\"x5u_acl\" default=\"\">\n+          <synopsis>An existing ACL from acl.conf to use when checking\n+\t\t\t\t\thostnames in incoming Identity header x5u URLs.</synopsis>\n+        </configOption>\n+        <configOption name=\"x5u_permit\" default=\"\">\n+          <synopsis>An IP or subnet to permit when checking\n+\t\t\t\t\thostnames in incoming Identity header x5u URLs.</synopsis>\n+        </configOption>\n+        <configOption name=\"x5u_deny\" default=\"\">\n+          <synopsis>An IP or subnet to deny  checking\n+\t\t\t\t\thostnames in incoming Identity header x5u URLs.</synopsis>\n+        </configOption>\n+      </configObject>\n+      <configObject name=\"profile\">\n+        <synopsis>STIR/SHAKEN profile configuration options</synopsis>\n+        <configOption name=\"type\">\n+          <synopsis>Must be of type 'profile'.</synopsis>\n+        </configOption>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='load_system_certs'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='ca_file'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='ca_path'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='crl_file'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='crl_path'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='untrusted_cert_file'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='untrusted_cert_path'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='cert_cache_dir'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='curl_timeout'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='max_iat_age'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='max_date_header_age'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='max_cache_entry_age'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='max_cache_size'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='failure_action'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='use_rfc9410_responses'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='relax_x5u_port_scheme_restrictions'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='relax_x5u_path_restrictions'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='x5u_acl'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='x5u_permit'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='verification']/configOption[@name='x5u_deny'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='check_tn_cert_public_url'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='private_key_file'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='public_cert_url'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='attest_level'])\"/>\n+        <xi:include xpointer=\"xpointer(/docs/configInfo[@name='res_stir_shaken']/configFile[@name='stir_shaken.conf']/configObject[@name='attestation']/configOption[@name='send_mky'])\"/>\n+        <configOption name=\"endpoint_behavior\" default=\"off\">\n+          <synopsis>Actions performed when an endpoint references this profile</synopsis>\n+          <description>\n+            <enumlist>\n+              <enum name=\"off\">\n+                <para>Don't do any STIR/SHAKEN processing.</para>\n+              </enum>\n+              <enum name=\"attest\">\n+                <para>Attest on outgoing calls.</para>\n+              </enum>\n+              <enum name=\"verify\">\n+                <para>Verify incoming calls.</para>\n+              </enum>\n+              <enum name=\"on\">\n+                <para>Attest outgoing calls and verify incoming calls.</para>\n+              </enum>\n+            </enumlist>\n+          </description>\n+        </configOption>\n+      </configObject>\n+    </configFile>\n+  </configInfo>\n+  <function name=\"STIR_SHAKEN\" language=\"en_US\">\n+    <synopsis>Gets the number of STIR/SHAKEN results or a specific STIR/SHAKEN value from a result on the channel.</synopsis>\n+    <syntax>\n+      <parameter name=\"index\" required=\"true\">\n+        <para>The index of the STIR/SHAKEN result to get. If only 'count' is passed in, gets the number of STIR/SHAKEN results instead.</para>\n+      </parameter>\n+      <parameter name=\"value\" required=\"false\">\n+        <para>The value to get from the STIR/SHAKEN result. Only used when an index is passed in (instead of 'count'). Allowable values:</para>\n+        <enumlist>\n+          <enum name=\"identity\"/>\n+          <enum name=\"attestation\"/>\n+          <enum name=\"verify_result\"/>\n+        </enumlist>\n+      </parameter>\n+    </syntax>\n+    <description>\n+      <para>This function will either return the number of STIR/SHAKEN identities, or return information on the specified identity.\n+\t\t\tTo get the number of identities, just pass 'count' as the only parameter to the function. If you want to get information on a\n+\t\t\tspecific STIR/SHAKEN identity, you can get the number of identities and then pass an index as the first parameter and one of\n+\t\t\tthe values you would like to retrieve as the second parameter.</para>\n+      <example title=\"Get count and retrieve value\">same =&gt; n,NoOp(Number of STIR/SHAKEN identities: ${STIR_SHAKEN(count)})\n+\t\t\tsame =&gt; n,NoOp(Identity ${STIR_SHAKEN(0, identity)} has attestation level ${STIR_SHAKEN(0, attestation)})</example>\n+    </description>\n+  </function>\n   <configInfo name=\"res_geolocation\" language=\"en_US\">\n     <synopsis>Core Geolocation Support</synopsis>\n     <configFile name=\"geolocation.conf\">\n       <configObject name=\"location\">\n         <synopsis>Location</synopsis>\n         <description>\n           <para>Parameters for defining a Location object</para>\n"}]}]}]}]}]}