- thread variable copy of url_index global pointer to prevent the concurrent access having wrong state change if the posting to the current http server was unsuccessfull;
- overriding the default curl connection timeout
Based on need to figure out the smallest block of code need to mutex, and that libcurl (and its wrapper) is definitely thread safe.
sofia_glue.c tries to issue an SQL "ALTER TABLE" statement to add the
ping_status column to sip_registrations, but fails because the default
is incorrectly quoted (double quotes vs single quotes).
added xml fetch for channels to externally support nightmare transfer
depends on channel-xml-fetch-on-nightmare-transfer profile param (default is disabled)
Ephemeral ECDH (ECDHE) was supported already. This patch adds Ephemeral
DH (DHE). To enable it, add DH parameters into the private-key file of
your server (agent.pem). For example via:
openssl dhparam -out dh.pem 2048
FS-7561 #resolve
The correct incantations to enable certification common name / subject
alternative name verification, per our code, are `subjects_all`,
`subjects_in`, and `subjects_out` in a Sofia profile's
`tls-verify-policy`. What we've had in our examples and documentation
for years are `all_subjects`, `in_subjects`, and `out_subjects`.
The result of this is that we've almost certainly confused people into
using the incorrect forms. Those poor people will believe that they
are verifying the CN/SAN of the received host certificate against the
list in `tls-verify-in-subjects` when in fact they are not.
One clear issue in this case was that the incorrect forms failed to
have any effect without providing any warning or error. This issue
could not have persisted if we had made more noise about incorrect
input.
Given how long this has been broken, it's tempting to alias the
incorrect forms to the correct ones. However this would certainly
break many existing installations that have, because of this error,
never actually tested their setup with CN/SAN validation enabled.
In this commit, we fix the examples and documentation, and add an
error-level log output when unknown values are passed to
`tls-verify-policy`.
Thanks-to: Andrew Patrikalakis <anrp+freeswitch@anrp.net>
