pjsip: Add TLS transport reload support for certificate and key.

This change adds support using the pjsip_tls_transport_restart function for reloading the TLS certificate and key, if the filenames remain unchanged. This is useful for Let's Encrypt and other situations. Note that no restart of the transport will occur if the certificate and key remain unchanged. ASTERISK-30186 Change-Id: I9bc95a6bf791830a9491ad9fa43c17d4010028d0
2026-05-04 20:33:53 +00:00 · 2022-08-19 10:24:33 -03:00
parent b2fdccc6a4
commit cffaf12d19
11 changed files with 396 additions and 134 deletions
--- a/configs/samples/pjsip.conf.sample
+++ b/configs/samples/pjsip.conf.sample
@@ -1054,11 +1054,16 @@
                ; and/or "asterisk_ecc.pem" are loaded (certificate, inter-
                ; mediates, private key), to support multiple algorithms for
                ; server authentication (RSA, DSA, ECDSA). If the chains are
-                ; different, at least OpenSSL 1.0.2 is required.
+                ; different, at least OpenSSL 1.0.2 is required. This option
+                ; can be reloaded resulting in an updated certificate if the
+                ; filename remains unchanged.
                ; (default: "")
 ;cipher=        ; Preferred cryptography cipher names TLS ONLY (default: "")
 ;method=        ; Method of SSL transport TLS ONLY (default: "")
-;priv_key_file= ; Private key file TLS ONLY (default: "")
+;priv_key_file= ; Private key file TLS ONLY. This option can be reloaded
+                ; resulting in an updated private key if the filename remains
+                ; unchanged.
+                ; (default: "")
 ;verify_client= ; Require verification of client certificate TLS ONLY (default:
                ; "")
 ;verify_server= ; Require verification of server certificate TLS ONLY (default: