Filter
Top Products
298
Dialogic Corporation
RSA and DSS certificates. Application cannot use different certificate chains for RSA and DSS
certificates at the same time.
Each member of the chain_cert_filename array identifies a single certificate in the chain that links
the local certificate to the root CA. The order of the chain certificates must start with the
intermediate certificate that issues the local certificate. The next certificate in the chain is the one
that issued the previous certificate and so on until the root CA certificate is reached. For example, if
root.pem signs serverCA1.pem, and serverCA1.pem signs serverCA2.pem, and serverCA2.pem
signs server.pem, then chain_cert_number should be set to 2, chain_cert_filename[0] should point
to serverCA2.pem, and chain_cert_filename[1] should point to serverCA1.pem.
Configuring CA Certificates for TLS Client Operation
To configure a virtual board to operate as a TLS server, the application must configure an array of
one or more CA certificates in the SIP_TLS_ENGINE structure using the ca_cert_number and
ca_cert_filename fields.
The ca_cert_filename field identifies as an array of one or more root CA certificates which it trusts.
The ca_cert_number field identifies the number of certificates in the array.
If a TLS client application needs to support mutual authentication, it will also need to configure the
one or both local certificate/private key pairs, and optionally a certificate chain. During mutual
authentication, the client needs to identify itself to the server in the same way that a server
identifies itself to a client.
Configuring Certificate Revocation Lists (CRLs)
An application may optionally configure the library to use one or more Certificate Revocation List
(CRL) files via the crl_number and crl_filename fields. In this configuration crl_filename is an
array that contains one or more files in PEM format; the size of the array is crl_number. When one
or more CRLs have been configured, Global Call consults these CRLs to decide whether the
certificate has been revoked when it examines incoming certificates.
Configuring the Cipher Suite
An application may optionally configure the local cipher suite that is used to negotiate encryption
algorithms with the remote UA. The local_cipher_suite field is a list of ciphers that is specified as a
specially formatted string defined by OpenSSL. OpenSSL allows for several keywords in the elist,
which are shortcuts for sets of ciphers. Details of the cipher list and keywords can be found in
openSSL manual page at http://www.openssl.org/docs/apps/ciphers.html.
Note: The local_cipher_suite field is a pointer to the formatted string itself rather than the name of the file
that contains the string.
The default value of local_cipher_suite is NULL which uses OpenSSL’s default string
“ALL:!ADH:+RC4:@STRENGTH”.