Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DTLS certificate configuration #257

Closed
ghjansen opened this issue Sep 26, 2016 · 2 comments
Closed

DTLS certificate configuration #257

ghjansen opened this issue Sep 26, 2016 · 2 comments
Labels
designing DTLS enhancement WebRTC
Milestone
5.1.0

Comments

@ghjansen
Copy link
Contributor

This issue is related to #254 and #255.

Cipher suite certificates are currently used as a internal resource, but maybe the location of the file should be configurable. Investigate and adapt as needed.
@ghjansen ghjansen added this to the 6.0.0 milestone Sep 26, 2016
ghjansen added a commit that referenced this issue Sep 27, 2016
@ghjansen
Cipher suite configuration initial structure with path for certificat…
25e081c 
…e and key. Issues #254 and #257.
@ghjansen ghjansen mentioned this issue Sep 27, 2016
Closed
@hrosa hrosa changed the title Cipher suite certificates configuration DTLS certificates configuration Sep 28, 2016
@hrosa hrosa changed the title DTLS certificates configuration DTLS certificate configuration Sep 28, 2016
@hrosa
Copy link
Contributor

hrosa commented Sep 28, 2016
edited
Loading

The configuration file should adopt the following format

<dtls>
    <minVersion>1.0</minVersion>
    <maxVersion>1.2</maxVersion>
    <cipherSuite> cipherA,cipherB,...,cipherN</cipherSuite>
    <certificates>
        <certificate path="/path/to/certA.pem" key="/path/to/keyA.pem" algorithm="rsa">
        <certificate path="/path/to/certB.pem" key="/path/to/keyB.pem" algorithm="ecdsa">
    <certificates>
</dtls>

Keep in mind that suitable default values should be provided to load the sample RSA and ECDSA certificates. Make special mention in the docs that this implies a serious security risk and that users should provider their own certificates.

Also noticed how you're explicitly identifying the certificate's algorithm. This is useful when configuring this.

@hrosa hrosa added the DTLS label Sep 28, 2016
@hrosa hrosa modified the milestones: 6.0.0, 5.1.0 Sep 28, 2016
ghjansen added a commit that referenced this issue Oct 5, 2016
@ghjansen
Revert "Cipher suite configuration initial structure with path for ce…
481173c 
…rtificate and key. Issues #254 and #257."

This reverts commit 25e081c.
@ghjansen
Copy link
Contributor Author

ghjansen commented Oct 9, 2016

@hrosa the current implementation of DtlsSrtpServer works with multiple certificate resources and only one key resource, in a cardinality N -> 1. But the configuration suggested by this issue allows to configure multiple certificate resources, each one containing a specific key resource, forming a cardinality 1 -> 1. So, i'm not sure what is the desired final result in comparison with the current one. Do you mind to elaborate a little on how the new configuration should be used by DtlsSrtpServer? Thanks.

@ghjansen ghjansen mentioned this issue Oct 10, 2016
Closed
ghjansen added a commit that referenced this issue Oct 10, 2016
@ghjansen
DTLS certificate configuration. Issue #257.
c0d971f
ghjansen added a commit that referenced this issue Oct 11, 2016
@ghjansen
Enumeration for signature algorithm and client certificate, also test…
8331b95 
…s for certificate configuration. Issue #257.
ghjansen added a commit that referenced this issue Oct 12, 2016
@ghjansen
Adjustments for DTLS certificate configuration. Issue #257.
6f9f1d9
This was referenced Oct 12, 2016
Open
Merged
ghjansen added a commit that referenced this issue Oct 12, 2016
@ghjansen
Setting EDCSA as default signature algorithm. Issue #257.
6208121
ghjansen added a commit that referenced this issue Oct 12, 2016
@ghjansen
Adjustments for ECDSA configuration and resources management. Issue #257
a3a66ea 
.
@hrosa hrosa closed this as completed in 0c172e2 Oct 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
designing DTLS enhancement WebRTC
Projects
None yet
Milestone
5.1.0
Development

No branches or pull requests
2 participants
@ghjansen @hrosa