Filter
Top Products
297
Dialogic Corporation
4.24.2.1 Allocating, Initializing, and Configuring a SIP_TLS_ENGINE Data
Structure
The process of configuring the TLS feature for a virtual board begins by allocating a
SIP_TLS_ENGINE data structure and initializing it to default values using the
INIT_SIP_TLS_ENGINE( ) function.
After the SIP_TLS_ENGINE structure is initialized, it must be configured for TLS client
operation, TLS server operation, or both. The default values in the structure do not set the
minimum configuration for either server or client operation. If an initialized but unconfigured
SIP_TLS_ENGINE structure is referenced in an IP_VIRTBOARD structure that is passed to
gc_Start( ), the library start operation will fail.
Changing the Default TLS Port Number
The default values set in SIP_TLS_ENGINE by the initialization function specify port number
5061 as the TLS port (the default UDP and TCP ports are 5060). The default value is valid and only
needs to be changed if the application specifically requires a different port number. The port
number is specified in the sip_tls_port field of the structure.
Configuring for Local Certificates for TLS Server Operation
To configure a virtual board to operate as a TLS server, the application must configure an RSA
certificate and/or a DSS certificate in the SIP_TLS_ENGINE structure. In either case, the
certificate and its associated key should be issued by a CA and should identify the local host name.
The TLS engine can hold one of each type certificate, and Global Call will report the appropriate
one to a remote UA depending on the cipher selected during the TLS handshake.
One or both of the local certificate/key pairs must be configured if Global Call will be operating as
a TLS server. If Global Call will be operating as a TLS client, it will need to configure one or both
local certificates (and optionally a certificate chain) to support mutual authentication.
For either type of certificate, the application must configure three items:
• private key filename—the name of the file that contains the private key, either an RSA key for
the RSA certificate or a DSS certificate for a DSA certificate. In either case, the file may be in
plain text format or may be encrypted.
• private key password—the password string that is required to use the private key if the private
key file is encrypted. If the private key for either certificate is not encrypted, the corresponding
password field in SIP_TLS_ENGINE should be left at its default NULL value.
• certificate filename—the name of the file that contains the certificate that identifies the local
host name
Configuring a Certificate Chain
In addition to the local certificates, applications can optionally configure the a certificate chain
using the chain_cert_number and chain_cert_filename fields. A certificate chain configuration is
typically necessary if the local certificate is issued by an intermediate CA rather than a root CA.
Note that the TLS engine contains only a single certificate chain, which is appended to both the