kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-05-04 20:33:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9cc1d6fc2260e9033cb7c080255987c6b2a4e343
asterisk/configs/samples/stir_shaken.conf.sample
Ben Ford 0564d12280 STIR/SHAKEN: Switch to base64 URL encoding. 
STIR/SHAKEN encodes using base64 URL format. Currently, we just use
base64. New functions have been added that convert to and from base64
encoding.

The origid field should also be an UUID. This means there's no reason to
have it as an option in stir_shaken.conf, as we can simply generate one
when creating the Identity header.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Icf094a2a54e87db91d6b12244c9f5ba4fc2e0b8c
2021-05-12 06:42:55 -05:00

86 lines
2.9 KiB
Plaintext
Raw Blame History

;
; This file is used by the res_stir_shaken module to configure parameters
; used for STIR/SHAKEN.
;
; There are 2 sides to STIR/SHAKEN: attestation and verification.
;
; Attestation is done on outgoing calls and makes use out of the certificate
; objects. The cert located at path will be used to sign, and the cert
; located at public_cert_url will be placed in the Identity header to let the
; remote side know where to download the public cert from. These 2 certs must
; match; that is, the cert located at public_cert_url must be the public cert
; derived from the private cert located at path.
;
; Verification is done on incoming calls and doesn't rely on cert objects
; defined in this file.
;
; The general section applies to all STIR/SHAKEN operations. However,
; cache_max_size, curl_timeout, and signature_timeout only apply to the
; verification side.
;
; It's important to note that downloaded certificates are stored in
; <ast_config_AST_DATA_DIR>/keys/stir_shaken, which is usually
; /etc/asterisk/keys/stir_shaken, but may be changed depending on where your
; config directory is.
;
; Visit the wiki page:
; https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN
;
; [general]
;
; File path to the certificate authority certificate
;ca_file=/etc/asterisk/stir/ca.crt
;
; File path to a chain of trust
;ca_path=/etc/asterisk/stir/ca
;
; Maximum size to use for caching public keys
;cache_max_size=1000
;
; Maximum time (in seconds) to wait to CURL certificates
;curl_timeout=2
;
; Amount of time (in seconds) a signature is valid for
;signature_timeout=15
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; A certificate store is used to examine, and load all certificates found in a
; given directory. When using this type the public key URL is generated based
; upon the filename, and variable substitution.
;[certificates]
;
; type must be "store"
;type=store
;
; Path to a directory containing certificates
;path=/etc/asterisk/stir
;
; URL to the public certificate(s). Must contain variable '${CERTIFICATE}' used for
; substitution. '${CERTIFICATE}' will be replaced by the names of the files located
; at path.
; This will be put in the Identity header when signing.
;public_cert_url=http://mycompany.com/${CERTIFICATE}.pem
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; Individual certificates are declared by using the certificate type.
;[alice]
;
; type must be "certificate"
;type=certificate
;
; File path to a certificate. This can be RSA or ECDSA, but eventually only ECDSA will be supported.
;path=/etc/asterisk/stir/alice.pem
;
; URL to the public certificate. Must be of type X509 and be derived from the
; certificate located at path.
; This will be put in the identity header when signing.
;public_cert_url=http://mycompany.com/alice.pem
;
; The caller ID number to match on
;caller_id_number=1234567
;
; Must have an attestation of A, B, or C
;attestation=C
Reference in New Issue View Git Blame Copy Permalink