If this is set to true (default false) we assume the storage-dir is
shared, organized by realm/domain, with uses other than voicemail, so
we adopt a directory structure of:
<storage_dir>/<realm>/voicemail/<id>
This replaces the semantics of the storage-dir parameter without the
deprecation notice. The behavior of storage-dir never should have
been deprecated, though it was probably correct to deprecate the name
itself.
Rather than having both vm-storage-dir and vm-domain-storage-dir it
might be nice if the config system could just notice at what level it
was defined and do the right thing. Indeed, this is why I'd left
things as-is for so long.
But as Master Foo famously said, "which one will reach the other side
of the river: the one who dreams of a raft, or the one that hitchhikes
to the next bridge?"
FS-5329
Some OSes like linux provide a mechanism for sending TCP keepalive
pings. Sofia provides its own mechanism for doing this in userspace.
We shouldn't conflate these two mechanisms.
FS-6104
This separates out the Linux socket TCP keepalive timeout interval
from Sofia's internal mechanisms. Earlier we tied these together. In
retrospect this seems improper.
These two values can now be set separately.
You might, for example, want to keep the Sofia internal mechanism
disabled completely while enabling the platform-based mechanism if
your platform supports it.
We also here reform the default value of the socket TCP keepalive
parameter to 30 seconds.
This is what commit 1bf17857c9a322df50305606ca41203053001818 should
have been.
FS-6104
Sofia keeps the TCP keepalive timeout in milliseconds, but Linux
expects the value in seconds. Before this change, it's unlikely the
TCP_KEEPIDLE and TCP_KEEPINTVL calls were having much effect as we
would have been passing them a huge value.
FS-6104
Make private inlines in C files 'static inline', not just 'inline', or the compiler
can discard the definition if it chooses not to inline it.
Make functions declared in header files not be declared inline (if they're defined in a
.c file). It looks like no functions in this category are used in LibSRTP's critical
path, only for unit tests or generating AES tables.
To see the problem prior to this commit, compile with "gcc -O0 -std=gnu99".
Signed-off-by: Travis Cross <tc@traviscross.com>
This cherry-picks commit e2774dbd551ffe5f872eaec2b2d40b712a54e1ba from
libsrtp upstream.
FS-6196 --resolve
This adds support for the ephemeral elliptic curve Diffie-Hellman key
exchange, which provides for forward secrecy in the event that
long-term keys are compromised.
For the moment, we've hard-coded the curve as prime256v1.
Previously there was no way to override the hard-coded cipher suite
specification of "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
This commit does leave in place the hardcoded cipher spec for WebRTC
of "HIGH:!DSS:!aNULL@STRENGTH".
Previously if tls-version was set to tlsv1 we supported only TLSv1,
but if it was set to sslv23 we supported all versions of TLS. This
was a weird incorrectly documented behavior that we hope no one was
relying on.
Now we can pass a comma-separated list of TLS/SSL versions that we
would like to support in tls-version.
FS-5839 --resolve
Previously if the TPTAG_TLS_VERSION was set to a non-zero value we
supported only TLSv1 (but not TLSv1.1 or TLSv1.2), and if was set to
zero we supported all versions of TLS and SSL (including the
ridiculous SSLv2).
Now we take an integer field where various bits can be set indicating
which versions of TLS we would like to support.
This commit changes behavior such that if --disable-core-odbc-support
is provided we'll build without ODBC even if the libraries are there.
Previously we would always quietly build with ODBC support if it was
on the system.
Contrary to what was said in commit 72a804983, my 2012 commit
ffc8e81b7 did not affect the behavior of --disable-core-odbc-support.
We never recognized the flag as being different from not providing the
option at all.
What the commit did do was to cause us to fail loudly if
--enable-core-odbc-support was provided but the system libraries were
not there. This behavior is preserved.
(That commit also caused us to potentially run certain checks twice,
which this commit resolves.)
You can also now provide --enable-core-odbc-support=optional which has
the same effect as the default behavior.
FS-6173 --resolve
Thanks-to: James Le Cuirot <chewi@aura-online.co.uk>
