mirror of https://github.com/asterisk/asterisk
releases/22
releases/21
releases/20
20
master
22
21
certified/18.9
certified/20.7
18
releases/certified-20.7
releases/certified-18.9
releases/18
revert-549-master-issue-548
16
19
releases/19
releases/16
20.2
18.17
20.1
19.8
18.16
16.30
20.0
19.7
18.15
16.29
16.19
19.6
18.14
16.28
development/16/python3
development/16/geolocation
19.5
18.13
16.27
19.4
18.12
16.26
19.3
18.11
16.25
certified/16.8
19.2
18.10
16.24
certified/16.3
19.1
18.9
16.23
19.0
18.8
16.22
16.21
18.7
18.6
16.20
18.5
17.9
13.38
17
13
18.4
16.18
18.3
16.17
18.2
16.16
18.1
16.15
jenkinstest-16
18.0
17.8
16.14
13.37
17.7
16.13
13.36
certified/13.21
17.6
16.12
13.35
17.5
16.11
13.34
17.4
16.10
13.33
17.3
16.9
13.32
17.2
16.8
13.31
17.1
16.7
13.30
17.0
16.6
13.29
16.5
15.7
13.28
15
16.4
13.27
16.3
13.26
16.2
13.25
16.1
13.24
16.0
15.6
13.23
14.7
14
certified/13.18
certified/13.13
certified/11.6
11
certified/13.8
certified/13.1
1.8
certified/1.8.28
12
certified/1.8.15
certified/11.2
10-digiumphones
10
certified/1.8.11
certified/1.8.6
1.6.2
1.4
1.6.1
1.6.0
1.2
1.2-netsec
1.0
22.4.0
21.9.0
20.14.0
22.4.0-rc1
21.9.0-rc1
20.14.0-rc1
22.3.0
21.8.0
20.13.0
22.3.0-rc1
21.8.0-rc1
20.13.0-rc1
22.2.0
21.7.0
20.12.0
22.2.0-rc2
21.7.0-rc2
20.12.0-rc2
22.2.0-rc1
21.7.0-rc1
20.12.0-rc1
certified-20.7-cert4
certified-18.9-cert13
22.1.1
21.6.1
20.11.1
18.26.1
22.1.0
21.6.0
20.11.0
18.26.0
22.1.0-rc1
21.6.0-rc1
20.11.0-rc1
18.26.0-rc1
18.25.0
20.10.0
21.5.0
22.0.0
22.0.0-rc2
21.5.0-rc2
20.10.0-rc2
18.25.0-rc2
22.0.0-rc1
21.5.0-rc1
20.10.0-rc1
18.25.0-rc1
certified-20.7-cert3
certified-18.9-cert12
21.4.3
20.9.3
18.24.3
22.0.0-pre1
21.4.2
20.9.2
18.24.2
certified-20.7-cert2
certified-18.9-cert11
21.4.1
20.9.1
18.24.1
21.4.0
20.9.0
18.24.0
certified-20.7-cert1
certified-18.9-cert10
21.4.0-rc1
20.9.0-rc1
18.24.0-rc1
21.3.1
20.8.1
18.23.1
21.3.0
20.8.0
18.23.0
certified-20.7-cert1-rc2
certified-18.9-cert9
20.8.0-rc1
21.3.0-rc1
18.23.0-rc1
certified-20.7-cert1-rc1
certified-20.7-cert1-pre1
21.2.0
20.7.0
18.22.0
certified-18.9-cert8
21.2.0-rc2
20.7.0-rc2
18.22.0-rc2
21.2.0-rc1
20.7.0-rc1
18.22.0-rc1
certified-18.9-cert8-rc2
certified-18.9-cert8-rc1
21.1.0
20.6.0
18.21.0
21.1.0-rc2
20.6.0-rc2
18.21.0-rc2
21.1.0-rc1
20.6.0-rc1
18.21.0-rc1
21.0.2
20.5.2
18.20.2
certified-18.9-cert7
certified-18.9-cert6
21.0.1
20.5.1
18.20.1
21.0.0
20.5.0
18.20.0
21.0.0-rc1
20.5.0-rc1
18.20.0-rc1
21.0.0-pre1
18.19.0
20.4.0
20.4.0-rc2
18.19.0-rc2
20.4.0-rc1
18.19.0-rc1
20.3.1
certified-18.9-cert5
19.8.1
18.18.1
16.30.1
certified-18.9-cert4
20.3.0
18.18.0
20.3.0-rc1
18.18.0-rc1
20.2.1
18.17.1
20.2.0
18.17.0
20.2.0-rc1
18.17.0-rc1
certified/18.9-cert4
20.1.0
19.8.0
18.16.0
16.30.0
20.1.0-rc2
19.8.0-rc2
18.16.0-rc2
16.30.0-rc2
20.1.0-rc1
18.16.0-rc1
19.8.0-rc1
16.30.0-rc1
certified/18.9-cert3
20.0.1
19.7.1
18.15.1
16.29.1
19.7.0
20.0.0
18.15.0
16.29.0
certified/18.9-cert2
20.0.0-rc2
19.7.0-rc2
18.15.0-rc2
16.29.0-rc2
20.0.0-rc1
19.7.0-rc1
18.15.0-rc1
16.29.0-rc1
19.6.0
18.14.0
16.28.0
19.6.0-rc2
18.14.0-rc2
16.28.0-rc2
19.6.0-rc1
18.14.0-rc1
16.28.0-rc1
19.5.0
18.13.0
16.27.0
19.5.0-rc1
18.13.0-rc1
16.27.0-rc1
19.4.1
18.12.1
16.26.1
19.4.0
18.12.0
16.26.0
19.4.0-rc1
18.12.0-rc1
16.26.0-rc1
certified/18.9-cert1
19.3.3
18.11.3
16.25.3
certified/16.8-cert14
19.3.2
18.11.2
16.25.2
19.3.1
18.11.1
16.25.1
19.3.0
18.11.0
16.25.0
19.3.0-rc1
18.11.0-rc1
16.25.0-rc1
certified/16.8-cert13
19.2.1
18.10.1
16.24.1
19.2.0
18.10.0
16.24.0
19.2.0-rc1
18.10.0-rc1
16.24.0-rc1
certified/18.9-cert1-rc1
19.1.0
18.9.0
16.23.0
19.1.0-rc1
18.9.0-rc1
16.23.0-rc1
19.0.0
18.8.0
16.22.0
certified/16.8-cert12
19.0.0-rc1
18.8.0-rc1
16.22.0-rc1
16.21.1
18.7.1
18.7.0
16.21.0
18.7.0-rc3
16.21.0-rc3
18.7.0-rc2
16.21.0-rc2
18.7.0-rc1
16.21.0-rc1
certified/16.8-cert11
18.6.0
16.20.0
18.6.0-rc1
16.20.0-rc1
certified/16.8-cert10
18.5.1
17.9.4
16.19.1
13.38.3
18.5.0
16.19.0
certified/16.8-cert9
18.5.0-rc1
16.19.0-rc1
18.4.0
16.18.0
18.4.0-rc1
16.18.0-rc1
certified/16.8-cert8
18.3.0
16.17.0
18.3.0-rc2
16.17.0-rc2
18.3.0-rc1
16.17.0-rc1
certified/16.8-cert7
18.2.2
17.9.3
16.16.2
certified/16.8-cert6
18.2.1
17.9.2
16.16.1
13.38.2
18.2.0
16.16.0
18.2.0-rc1
16.16.0-rc1
18.1.1
17.9.1
16.15.1
13.38.1
18.1.0
17.9.0
16.15.0
13.38.0
18.1.0-rc1
17.9.0-rc1
16.15.0-rc1
13.38.0-rc1
18.0.1
17.8.1
16.14.1
certified/16.8-cert5
13.37.1
certified/16.8-cert4
certified/16.8-cert4-rc4
18.0.0
17.8.0
16.14.0
13.37.0
18.0.0-rc2
certified/16.8-cert4-rc3
18.0.0-rc1
17.8.0-rc1
16.14.0-rc1
13.37.0-rc1
17.7.0
16.13.0
13.36.0
17.7.0-rc2
16.13.0-rc2
13.36.0-rc2
17.7.0-rc1
16.13.0-rc1
13.36.0-rc1
certified/16.8-cert4-rc2
17.6.0
16.12.0
13.35.0
17.6.0-rc1
16.12.0-rc1
13.35.0-rc1
certified/16.8-cert4-rc1
certified/16.8-cert3
17.5.1
16.11.1
17.5.0
16.11.0
13.34.0
17.5.0-rc3
16.11.0-rc3
13.34.0-rc3
17.5.0-rc2
16.11.0-rc2
13.34.0-rc2
17.5.0-rc1
16.11.0-rc1
13.34.0-rc1
certified/16.8-cert2
17.4.0
16.10.0
13.33.0
certified/16.8-cert1
17.4.0-rc2
16.10.0-rc2
13.33.0-rc2
17.4.0-rc1
16.10.0-rc1
13.33.0-rc1
certified/16.8-cert1-rc5
certified/16.8-cert1-rc4
17.3.0
16.9.0
13.32.0
17.3.0-rc1
16.9.0-rc1
13.32.0-rc1
certified/16.8-cert1-rc3
certified/16.8-cert1-rc2
certified/16.8-cert1-rc1
17.2.0
16.8.0
13.31.0
17.2.0-rc2
16.8.0-rc2
13.31.0-rc2
17.2.0-rc1
16.8.0-rc1
13.31.0-rc1
certified/16.3-cert1
certified/13.21-cert6
17.1.0
16.7.0
13.30.0
17.1.0-rc2
16.7.0-rc2
13.30.0-rc2
17.1.0-rc1
16.7.0-rc1
13.30.0-rc1
certified/13.21-cert5
17.0.1
16.6.2
13.29.2
17.0.0
17.0.0-rc3
16.6.1
13.29.1
16.6.0
13.29.0
16.6.0-rc2
13.29.0-rc2
17.0.0-rc2
16.6.0-rc1
13.29.0-rc1
16.5.1
15.7.4
13.28.1
17.0.0-rc1
16.5.0
13.28.0
16.5.0-rc1
13.28.0-rc1
certified/13.21-cert4
16.4.1
15.7.3
13.27.1
16.4.0
13.27.0
16.4.0-rc1
13.27.0-rc1
16.3.0
13.26.0
16.3.0-rc1
13.26.0-rc1
16.2.1
15.7.2
16.2.0
13.25.0
13.25.0-rc3
16.2.0-rc2
13.25.0-rc2
16.2.0-rc1
13.25.0-rc1
16.1.1
15.7.1
13.24.1
16.1.0
13.24.0
15.7.0
16.1.0-rc1
15.7.0-rc1
13.24.0-rc1
16.0.1
15.6.2
16.0.0
16.0.0-rc3
certified/13.21-cert3
15.6.1
14.7.8
13.23.1
16.0.0-rc2
15.6.0
13.23.0
15.6.0-rc1
13.23.0-rc1
16.0.0-rc1
15.5.0
13.22.0
15.5.0-rc1
13.22.0-rc1
15.4.1
14.7.7
certified/13.21-cert2
certified/13.18-cert4
13.21.1
certified/13.21-cert1
certified/13.21-cert1-rc2
certified/13.21-cert1-rc1
15.4.0
13.21.0
15.4.0-rc2
15.4.0-rc1
13.21.0-rc1
15.3.0
13.20.0
15.3.0-rc2
13.20.0-rc2
15.3.0-rc1
13.20.0-rc1
15.2.2
certified/13.18-cert3
14.7.6
13.19.2
13.19.1
15.2.1
15.2.0
13.19.0
15.2.0-rc2
13.19.0-rc2
certified/13.18-cert2
15.1.5
14.7.5
13.18.5
certified/13.18-cert1
15.2.0-rc1
13.19.0-rc1
certified/13.18-cert1-rc3
certified/13.13-cert9
15.1.4
14.7.4
13.18.4
15.1.3
certified/13.13-cert8
14.7.3
13.18.3
certified/13.18-cert1-rc2
15.1.2
14.7.2
13.18.2
certified/13.18-cert1-rc1
certified/13.13-cert7
15.1.1
14.7.1
13.18.1
15.1.0
14.7.0
13.18.0
15.1.0-rc2
14.7.0-rc2
13.18.0-rc2
15.1.0-rc1
14.7.0-rc1
13.18.0-rc1
15.0.0
certified/13.13-cert6
certified/11.6-cert18
14.6.2
13.17.2
11.25.3
15.0.0-rc1
14.6.1
certified/13.13-cert5
13.17.1
certified/11.6-cert17
11.25.2
15.0.0-beta1
14.6.0
13.17.0
14.6.0-rc1
13.17.0-rc1
14.5.0
13.16.0
14.5.0-rc2
13.16.0-rc2
14.5.0-rc1
13.16.0-rc1
certified/13.13-cert4
14.4.1
13.15.1
14.4.0
13.15.0
14.4.0-rc3
13.15.0-rc3
14.3.1
13.14.1
certified/13.13-cert3
13.15.0-rc2
14.4.0-rc2
14.4.0-rc1
13.15.0-rc1
certified/13.13-cert2
14.3.0
13.14.0
certified/13.13-cert1
14.3.0-rc2
13.14.0-rc2
certified/13.13-cert1-rc4
14.3.0-rc1
13.14.0-rc1
certified/13.13-cert1-rc3
certified/13.13-cert1-rc2
certified/11.6-cert16
certified/13.8-cert4
14.2.1
13.13.1
11.25.1
certified/13.13-cert1-rc1
14.2.0
13.13.0
14.2.0-rc2
13.13.0-rc2
11.25.0
14.2.0-rc1
13.13.0-rc1
11.25.0-rc1
14.1.2
13.12.2
14.1.1
13.12.1
11.24.1
14.1.0
13.12.0
11.24.0
14.1.0-rc1
13.12.0-rc1
11.24.0-rc1
14.0.2
14.0.1
14.0.0
14.0.0-rc2
14.0.0-rc1
13.11.2
certified/11.6-cert15
certified/13.8-cert3
11.23.1
13.11.1
13.11.0
13.11.0-rc2
14.0.0-beta2
certified/11.6-cert14
certified/11.6-cert14-rc2
certified/13.8-cert2
certified/13.8-cert2-rc1
certified/11.6-cert14-rc1
13.11.0-rc1
14.0.0-beta1
11.23.0
13.10.0
certified/13.1-cert8
13.10.0-rc3
certified/13.8-cert1
13.10.0-rc2
11.23.0-rc1
13.10.0-rc1
certified/13.8-cert1-rc3
13.9.1
13.9.0
certified/13.8-cert1-rc2
13.9.0-rc2
certified/13.1-cert7
13.9.0-rc1
certified/13.1-cert6
13.8.2
13.8.1
certified/13.1-cert5
certified/13.8-cert1-rc1
13.8.0
11.22.0
certified/13.1-cert4
certified/11.6-cert13
11.21.2
13.7.2
11.20.0
13.6.0
13.5.0
11.19.0
certified/13.1-cert3-rc1
13.4.0
11.18.0
0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.3.0
0.4.0
0.5.0
0.7.0
0.7.1
0.7.2
0.9.0
1.0.0
1.0.0-rc1
1.0.0-rc2
1.0.1
1.0.10
1.0.11
1.0.11.1
1.0.12
1.0.2
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.2.0
1.2.0-beta1
1.2.0-beta2
1.2.0-rc1
1.2.0-rc2
1.2.1
1.2.10
1.2.10-netsec
1.2.11
1.2.11-netsec
1.2.12
1.2.12-netsec
1.2.12.1
1.2.12.1-netsec
1.2.13
1.2.13-netsec
1.2.14
1.2.14-netsec
1.2.15
1.2.15-netsec
1.2.16
1.2.16-netsec
1.2.17
1.2.17-netsec
1.2.18
1.2.18-netsec
1.2.19
1.2.19-netsec
1.2.2
1.2.2-netsec
1.2.20
1.2.20-netsec
1.2.21
1.2.21-netsec
1.2.21.1
1.2.21.1-netsec
1.2.22
1.2.22-netsec
1.2.23
1.2.23-netsec
1.2.24
1.2.24-netsec
1.2.25
1.2.25-netsec
1.2.26
1.2.26-netsec
1.2.26.1
1.2.26.1-netsec
1.2.26.2
1.2.26.2-netsec
1.2.27
1.2.28
1.2.28.1
1.2.29
1.2.3
1.2.3-netsec
1.2.30
1.2.30.1
1.2.30.2
1.2.30.3
1.2.30.4
1.2.31
1.2.31.1
1.2.31.2
1.2.32
1.2.33
1.2.34
1.2.35
1.2.36
1.2.37
1.2.38
1.2.39
1.2.4
1.2.4-netsec
1.2.40
1.2.5
1.2.5-netsec
1.2.6
1.2.6-netsec
1.2.7
1.2.7-netsec
1.2.7.1
1.2.7.1-netsec
1.2.8
1.2.8-netsec
1.2.9
1.2.9-netsec
1.2.9.1
1.2.9.1-netsec
1.4.0
1.4.0-beta1
1.4.0-beta2
1.4.0-beta3
1.4.0-beta4
1.4.1
1.4.10
1.4.10.1
1.4.11
1.4.12
1.4.12.1
1.4.13
1.4.14
1.4.15
1.4.16
1.4.16.1
1.4.16.2
1.4.17
1.4.18
1.4.18.1
1.4.19
1.4.19-rc1
1.4.19-rc2
1.4.19-rc3
1.4.19-rc4
1.4.19.1
1.4.19.2
1.4.2
1.4.20
1.4.20-rc1
1.4.20-rc2
1.4.20-rc3
1.4.20.1
1.4.21
1.4.21-rc1
1.4.21-rc2
1.4.21.1
1.4.21.2
1.4.22
1.4.22-rc1
1.4.22-rc2
1.4.22-rc3
1.4.22-rc4
1.4.22-rc5
1.4.22.1
1.4.22.2
1.4.23
1.4.23-rc1
1.4.23-rc2
1.4.23-rc3
1.4.23-rc4
1.4.23-testing
1.4.23.1
1.4.23.2
1.4.24
1.4.24-rc1
1.4.24.1
1.4.25
1.4.25-rc1
1.4.25.1
1.4.26
1.4.26-rc1
1.4.26-rc2
1.4.26-rc3
1.4.26-rc4
1.4.26-rc5
1.4.26-rc6
1.4.26.1
1.4.26.2
1.4.26.3
1.4.27
1.4.27-rc1
1.4.27-rc2
1.4.27-rc3
1.4.27-rc4
1.4.27-rc5
1.4.27.1
1.4.28
1.4.28-rc1
1.4.29
1.4.29-rc1
1.4.29.1
1.4.3
1.4.30
1.4.30-rc1
1.4.30-rc2
1.4.30-rc3
1.4.31
1.4.31-rc1
1.4.31-rc2
1.4.32
1.4.32-rc1
1.4.32-rc2
1.4.33
1.4.33-rc1
1.4.33-rc2
1.4.33.1
1.4.34
1.4.34-rc1
1.4.34-rc2
1.4.35
1.4.35-rc1
1.4.36
1.4.36-rc1
1.4.37
1.4.37-rc1
1.4.37.1
1.4.38
1.4.38-rc1
1.4.38.1
1.4.39
1.4.39-rc1
1.4.39.1
1.4.39.2
1.4.4
1.4.40
1.4.40-rc1
1.4.40-rc2
1.4.40-rc3
1.4.40.1
1.4.40.2
1.4.41
1.4.41-rc1
1.4.41.1
1.4.41.2
1.4.42
1.4.42-rc1
1.4.42-rc2
1.4.43
1.4.44
1.4.5
1.4.6
1.4.7
1.4.7.1
1.4.8
1.4.9
1.6.0
1.6.0-beta1
1.6.0-beta2
1.6.0-beta3
1.6.0-beta4
1.6.0-beta5
1.6.0-beta6
1.6.0-beta7
1.6.0-beta7.1
1.6.0-beta8
1.6.0-beta9
1.6.0-rc1
1.6.0-rc2
1.6.0-rc3
1.6.0-rc4
1.6.0-rc5
1.6.0-rc6
1.6.0.1
1.6.0.10
1.6.0.11-rc1
1.6.0.11-rc2
1.6.0.12
1.6.0.13
1.6.0.13-rc1
1.6.0.14
1.6.0.14-rc1
1.6.0.15
1.6.0.16
1.6.0.16-rc1
1.6.0.16-rc2
1.6.0.17
1.6.0.18
1.6.0.18-rc1
1.6.0.18-rc2
1.6.0.18-rc3
1.6.0.19
1.6.0.2
1.6.0.20
1.6.0.20-rc1
1.6.0.21
1.6.0.21-rc1
1.6.0.22
1.6.0.23
1.6.0.23-rc1
1.6.0.23-rc2
1.6.0.24
1.6.0.25
1.6.0.26
1.6.0.26-rc1
1.6.0.27
1.6.0.27-rc1
1.6.0.27-rc2
1.6.0.27-rc3
1.6.0.28
1.6.0.28-rc1
1.6.0.28-rc2
1.6.0.3
1.6.0.3-rc1
1.6.0.3.1
1.6.0.4-rc1
1.6.0.4-testing
1.6.0.5
1.6.0.6
1.6.0.6-rc1
1.6.0.7
1.6.0.7-rc1
1.6.0.7-rc2
1.6.0.8
1.6.0.9
1.6.1-beta1
1.6.1-beta2
1.6.1-beta3
1.6.1-beta4
1.6.1-rc1
1.6.1.0
1.6.1.0-rc2
1.6.1.0-rc3
1.6.1.0-rc4
1.6.1.0-rc5
1.6.1.1
1.6.1.10
1.6.1.10-rc1
1.6.1.10-rc2
1.6.1.10-rc3
1.6.1.11
1.6.1.12
1.6.1.12-rc1
1.6.1.13
1.6.1.13-rc1
1.6.1.14
1.6.1.15-rc1
1.6.1.15-rc2
1.6.1.16
1.6.1.17
1.6.1.18
1.6.1.18-rc1
1.6.1.18-rc2
1.6.1.19
1.6.1.19-rc1
1.6.1.19-rc2
1.6.1.19-rc3
1.6.1.2
1.6.1.20
1.6.1.20-rc1
1.6.1.20-rc2
1.6.1.21
1.6.1.22
1.6.1.23
1.6.1.24
1.6.1.25
1.6.1.3-rc1
1.6.1.4
1.6.1.5
1.6.1.5-rc1
1.6.1.6
1.6.1.7-rc1
1.6.1.7-rc2
1.6.1.8
1.6.1.9
1.6.2.0
1.6.2.0-beta1
1.6.2.0-beta2
1.6.2.0-beta3
1.6.2.0-beta4
1.6.2.0-rc1
1.6.2.0-rc2
1.6.2.0-rc3
1.6.2.0-rc4
1.6.2.0-rc5
1.6.2.0-rc6
1.6.2.0-rc7
1.6.2.0-rc8
1.6.2.1
1.6.2.1-rc1
1.6.2.10
1.6.2.10-rc1
1.6.2.10-rc2
1.6.2.11
1.6.2.11-rc1
1.6.2.11-rc2
1.6.2.12
1.6.2.12-rc1
1.6.2.13
1.6.2.14
1.6.2.14-rc1
1.6.2.15
1.6.2.15-rc1
1.6.2.15.1
1.6.2.16
1.6.2.16-rc1
1.6.2.16.1
1.6.2.16.2
1.6.2.17
1.6.2.17-rc1
1.6.2.17-rc2
1.6.2.17-rc3
1.6.2.17.1
1.6.2.17.2
1.6.2.17.3
1.6.2.18
1.6.2.18-rc1
1.6.2.18.1
1.6.2.18.2
1.6.2.19
1.6.2.19-rc1
1.6.2.2
1.6.2.20
1.6.2.21
1.6.2.22
1.6.2.23
1.6.2.24
1.6.2.3-rc1
1.6.2.3-rc2
1.6.2.4
1.6.2.5
1.6.2.6
1.6.2.6-rc1
1.6.2.6-rc2
1.6.2.7
1.6.2.7-rc1
1.6.2.7-rc2
1.6.2.7-rc3
1.6.2.8
1.6.2.8-rc1
1.6.2.8-rc2
1.6.2.9
1.6.2.9-rc1
1.6.2.9-rc2
1.6.2.9-rc3
1.8.0
1.8.0-beta1
1.8.0-beta2
1.8.0-beta3
1.8.0-beta4
1.8.0-beta5
1.8.0-rc1
1.8.0-rc2
1.8.0-rc3
1.8.0-rc4
1.8.0-rc5
1.8.1
1.8.1-rc1
1.8.1.1
1.8.1.2
1.8.10.0
1.8.10.0-rc1
1.8.10.0-rc2
1.8.10.0-rc3
1.8.10.0-rc4
1.8.10.1
1.8.11.0
1.8.11.0-rc1
1.8.11.0-rc2
1.8.11.0-rc3
1.8.11.1
1.8.12.0
1.8.12.0-rc1
1.8.12.0-rc2
1.8.12.0-rc3
1.8.12.1
1.8.12.2
1.8.13.0
1.8.13.0-rc1
1.8.13.0-rc2
1.8.13.1
1.8.14.0
1.8.14.0-rc1
1.8.14.0-rc2
1.8.14.1
1.8.15-cert4
1.8.15.0
1.8.15.0-rc1
1.8.15.1
1.8.16.0
1.8.16.0-rc1
1.8.16.0-rc2
1.8.17.0
1.8.17.0-rc1
1.8.17.0-rc2
1.8.17.0-rc3
1.8.18.0
1.8.18.0-rc1
1.8.18.1
1.8.19.0
1.8.19.0-rc1
1.8.19.0-rc2
1.8.19.0-rc3
1.8.19.0-tc1
1.8.19.1
1.8.2
1.8.2-rc1
1.8.2.1
1.8.2.2
1.8.2.3
1.8.2.4
1.8.20.0
1.8.20.0-rc1
1.8.20.0-rc2
1.8.20.1
1.8.20.2
1.8.21.0
1.8.21.0-rc1
1.8.21.0-rc2
1.8.22.0
1.8.22.0-rc1
1.8.22.0-rc2
1.8.23.0
1.8.23.0-rc1
1.8.23.0-rc2
1.8.23.1
1.8.24.0
1.8.24.0-rc1
1.8.24.0-rc2
1.8.24.1
1.8.25.0
1.8.25.0-rc1
1.8.25.0-rc2
1.8.26.0
1.8.26.0-rc1
1.8.26.0-rc2
1.8.26.1
1.8.27.0
1.8.27.0-rc1
1.8.27.0-rc2
1.8.28-cert5
1.8.28.0
1.8.28.0-rc1
1.8.28.1
1.8.28.2
1.8.29.0
1.8.29.0-rc1
1.8.3
1.8.3-rc1
1.8.3-rc2
1.8.3-rc3
1.8.3.1
1.8.3.2
1.8.3.3
1.8.30.0
1.8.30.0-rc1
1.8.31.0
1.8.31.0-rc1
1.8.31.1
1.8.32.0
1.8.32.0-rc1
1.8.32.0-rc2
1.8.32.1
1.8.32.2
1.8.32.3
1.8.4
1.8.4-rc1
1.8.4-rc2
1.8.4-rc3
1.8.4.1
1.8.4.2
1.8.4.3
1.8.4.4
1.8.5-rc1
1.8.5.0
1.8.5.1
1.8.6.0
1.8.6.0-rc1
1.8.6.0-rc2
1.8.6.0-rc3
1.8.7.0
1.8.7.0-rc1
1.8.7.0-rc2
1.8.7.1
1.8.7.2
1.8.8.0
1.8.8.0-rc1
1.8.8.0-rc2
1.8.8.0-rc3
1.8.8.0-rc4
1.8.8.0-rc5
1.8.8.1
1.8.8.2
1.8.9.0
1.8.9.0-rc1
1.8.9.0-rc2
1.8.9.0-rc3
1.8.9.1
1.8.9.2
1.8.9.3
10.0.0
10.0.0-beta1
10.0.0-beta2
10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.0-rc4
10.0.1
10.1.0
10.1.0-rc1
10.1.0-rc2
10.1.1
10.1.2
10.1.3
10.10.0
10.10.0-digiumphones
10.10.0-digiumphones-rc1
10.10.0-digiumphones-rc2
10.10.0-rc1
10.10.0-rc2
10.10.1
10.10.1-digiumphones
10.11.0
10.11.0-digiumphones
10.11.0-digiumphones-rc1
10.11.0-digiumphones-rc2
10.11.0-digiumphones-rc3
10.11.0-rc1
10.11.0-rc2
10.11.0-rc3
10.11.1
10.11.1-digiumphones
10.12.0
10.12.0-digiumphones
10.12.0-digiumphones-rc1
10.12.0-digiumphones-rc2
10.12.0-rc1
10.12.0-rc2
10.12.1
10.12.1-digiumphones
10.12.2
10.12.2-digiumphones
10.12.3
10.12.3-digiumphones
10.12.4
10.12.4-digiumphones
10.2.0
10.2.0-rc1
10.2.0-rc2
10.2.0-rc3
10.2.0-rc4
10.2.1
10.3.0
10.3.0-rc1
10.3.0-rc2
10.3.0-rc3
10.3.1
10.4.0
10.4.0-digiumphones-rc1
10.4.0-digiumphones-rc2
10.4.0-rc1
10.4.0-rc2
10.4.0-rc3
10.4.1
10.4.2
10.5.0
10.5.0-digiumphones
10.5.0-digiumphones-rc1
10.5.0-digiumphones-rc2
10.5.0-rc1
10.5.0-rc2
10.5.1
10.5.1-digiumphones
10.5.2
10.5.2-digiumphones
10.6.0
10.6.0-digiumphones
10.6.0-digiumphones-rc1
10.6.0-digiumphones-rc2
10.6.0-rc1
10.6.0-rc2
10.6.1
10.6.1-digiumphones
10.7.0
10.7.0-digiumphones
10.7.0-digiumphones-rc1
10.7.0-rc1
10.7.1
10.7.1-digiumphones
10.8.0
10.8.0-digiumphones
10.8.0-digiumphones-rc1
10.8.0-digiumphones-rc2
10.8.0-rc1
10.8.0-rc2
10.9.0
10.9.0-digiumphones
10.9.0-digiumphones-rc1
10.9.0-digiumphones-rc2
10.9.0-digiumphones-rc3
10.9.0-rc1
10.9.0-rc2
10.9.0-rc3
11.0.0
11.0.0-beta1
11.0.0-beta2
11.0.0-rc1
11.0.0-rc2
11.0.1
11.0.2
11.1.0
11.1.0-rc1
11.1.0-rc2
11.1.0-rc3
11.1.1
11.1.2
11.10.0
11.10.0-rc1
11.10.1
11.10.2
11.11.0
11.11.0-rc1
11.12.0
11.12.0-rc1
11.12.1
11.13.0
11.13.0-rc1
11.13.1
11.14.0
11.14.0-rc1
11.14.0-rc2
11.14.1
11.14.2
11.15.0
11.15.0-rc1
11.15.0-rc2
11.15.1
11.16.0
11.16.0-rc1
11.17.0
11.17.0-rc1
11.17.1
11.18.0-rc1
11.19.0-rc1
11.2.0
11.2.0-rc1
11.2.0-rc2
11.2.1
11.2.2
11.20.0-rc1
11.20.0-rc2
11.20.0-rc3
11.21.0
11.21.0-rc1
11.21.0-rc2
11.21.0-rc3
11.21.1
11.22.0-rc1
11.3.0
11.3.0-rc1
11.3.0-rc2
11.4.0
11.4.0-rc1
11.4.0-rc2
11.4.0-rc3
11.5.0
11.5.0-rc1
11.5.0-rc2
11.5.1
11.6-cert11
11.6.0
11.6.0-rc1
11.6.0-rc2
11.6.1
11.7.0
11.7.0-rc1
11.7.0-rc2
11.8.0
11.8.0-rc1
11.8.0-rc2
11.8.0-rc3
11.8.1
11.9.0
11.9.0-rc1
11.9.0-rc2
11.9.0-rc3
12.0.0
12.0.0-alpha1
12.0.0-alpha2
12.0.0-beta1
12.0.0-beta2
12.1.0
12.1.0-rc1
12.1.0-rc2
12.1.0-rc3
12.1.1
12.2.0
12.2.0-rc1
12.2.0-rc2
12.2.0-rc3
12.3.0
12.3.0-rc1
12.3.0-rc2
12.3.1
12.3.2
12.4.0
12.4.0-rc1
12.5.0
12.5.0-rc1
12.5.1
12.6.0
12.6.0-rc1
12.6.1
12.7.0
12.7.0-rc1
12.7.0-rc2
12.7.1
12.7.2
12.8.0
12.8.0-rc1
12.8.0-rc2
12.8.1
12.8.2
13.0.0
13.0.0-beta1
13.0.0-beta2
13.0.0-beta3
13.0.1
13.0.2
13.1-cert2
13.1.0
13.1.0-rc1
13.1.0-rc2
13.1.1
13.2.0
13.2.0-rc1
13.2.1
13.3.0
13.3.0-rc1
13.3.1
13.3.2
13.4.0-rc1
13.5.0-rc1
13.6.0-rc1
13.6.0-rc2
13.6.0-rc3
13.7.0
13.7.0-rc1
13.7.0-rc2
13.7.0-rc3
13.7.1
13.8.0-rc1
certified/1.8.11-cert1
certified/1.8.11-cert10
certified/1.8.11-cert2
certified/1.8.11-cert3-rc1
certified/1.8.11-cert3-rc2
certified/1.8.11-cert4
certified/1.8.11-cert5
certified/1.8.11-cert5-rc1
certified/1.8.11-cert5-rc2
certified/1.8.11-cert6
certified/1.8.11-cert7
certified/1.8.11-cert8
certified/1.8.11-cert9
certified/1.8.11-cert9-rc1
certified/1.8.15-cert1
certified/1.8.15-cert1-rc1
certified/1.8.15-cert1-rc2
certified/1.8.15-cert1-rc3
certified/1.8.15-cert2
certified/1.8.15-cert3
certified/1.8.15-cert4
certified/1.8.15-cert5
certified/1.8.15-cert6
certified/1.8.15-cert7
certified/1.8.28-cert1
certified/1.8.28-cert1-rc1
certified/1.8.28-cert2
certified/1.8.28-cert3
certified/1.8.28-cert4
certified/1.8.28-cert5
certified/1.8.6-cert1
certified/11.2-cert1
certified/11.2-cert1-rc1
certified/11.2-cert1-rc2
certified/11.2-cert2
certified/11.2-cert3
certified/11.6-cert1
certified/11.6-cert1-rc1
certified/11.6-cert1-rc2
certified/11.6-cert10
certified/11.6-cert11
certified/11.6-cert12
certified/11.6-cert2
certified/11.6-cert3
certified/11.6-cert4
certified/11.6-cert5
certified/11.6-cert6
certified/11.6-cert7
certified/11.6-cert8
certified/11.6-cert9
certified/13.1-cert1
certified/13.1-cert1-rc1
certified/13.1-cert1-rc2
certified/13.1-cert1-rc3
certified/13.1-cert2
certified/13.1-cert3
${ noResults }
98 Commits (9d6161ee6a269a30fdcb157317eb1709a54bc101)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Sean Bright
|
42ff856216 |
Use non-blocking socket() and pipe() wrappers
Change-Id: I050ceffe5a133d5add2dab46687209813d58f597 |
7 years ago |
Richard Mudgett
|
0989b63047 |
autoservice: Don't start channel autoservice if the thread is a user interface.
Executing dialplan functions from either AMI or ARI by getting a variable could place the channel into autoservice. However, these user interface threads do not handle the channel's media so we wind up with two threads attempting to handle the media. There can be one and only one thread handling a channel's media at a time. Otherwise, we don't know which thread is going to handle the media frames. ASTERISK-27625 Change-Id: If2dc94ce15ddabf923ed1e2a65ea0ef56e013e49 |
7 years ago |
Joshua Colp
|
2151903a16 |
Merge "tcptls: Allow OpenSSL configured with no-dh."
|
7 years ago |
George Joseph
|
76339b1962 |
Merge "tcptls.h: Repair ./configure --with-ssl=PATH."
|
7 years ago |
Alexander Traud
|
24503fb600 |
tcptls.h: Repair ./configure --with-ssl=PATH.
asterisk/tcptls.h was included (explicitly, implicitly, or transitively). Those inclusions got replaced by forward declarations. As side effect, the inclusions got completed. ASTERISK-27878 Change-Id: I9d102728e30336d6522e5e4ae9e964013a0835f7 |
7 years ago |
|
Alexander Traud
|
d36338ce2b |
tcptls: Allow OpenSSL configured with no-dh.
Additionally, this change allows auto-negotiation of the elliptic curve/group for servers, not only with OpenSSL 1.0.2 but also with OpenSSL 1.1.0 and newer. This enables X25519 (since OpenSSL 1.1.0) and X448 (since OpenSSL 1.1.1) as a side-effect. ASTERISK-27876 Change-Id: I62c2aba4a630aefc231b71f646207e8c027d9497 |
7 years ago |
|
Alexander Traud
|
91616f4524 |
tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated.
ASTERISK-27874 Change-Id: Ica65113511c7a1c13f7988e7d9e7d9e7f3f620dd |
7 years ago |
|
Alexander Traud
|
2228ae3f27 |
tcptls: Repair ./configure --with-ssl=PATH.
SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 got discovered without honoring a PATH. ASTERISK-27865 Change-Id: I8cd358eed7411726d08fa7b01691bef122fbeb71 |
7 years ago |
|
Sean Bright
|
2ffe52a116 |
utils: Add convenience function for setting fd flags
There are many places in the code base where we ignore the return value of fcntl() when getting/setting file descriptior flags. This patch introduces a convenience function that allows setting or clearing file descriptor flags and will also log an error on failure for later analysis. Change-Id: I8b81901e1b1bd537ca632567cdb408931c6eded7 |
8 years ago |
|
Alexander Traud
|
19332e6968 |
tcptls: Print notice when TLS is enabled but not configured.
Asterisk can be compiled without a SSL/TLS library, without the Development Headers of OpenSSL. However, if TLS (SIP) or Secure-WebSockets (WebRTC) was enabled in a configuration file, Asterisk did not notice the user. Asterisk failed silently, only the corresponding TCP ports were not open. ASTERISK-27394 Reported-by: mossley74 Change-Id: Ib8b7539a5b2af8154c22e5f7a40fc68f95d95b93 |
8 years ago |
Jenkins2
|
3a2b132411 |
Merge "declare optional openssl dependencies in moduleinfo"
|
8 years ago |
|
Alexander Traud
|
44d9446eb5 |
tcptls: NULL-check the parameter of ast_ssl_teardown before accessing it.
This avoids a crash on stopping a chan_sip which failed to start its TLS server. ASTERISK-27339 #close Change-Id: I327fc70db68eaaca5b50a15c7fd687fde79263d5 |
8 years ago |
Tzafrir Cohen
|
b228f5c5e6 |
declare optional openssl dependencies in moduleinfo
Declare optional openssl dependencies in: * res_rtp_asterisk.c * tcptls.c ASTERISK-27328 #close Change-Id: I2636f1c05b8104b4fe6f36cce0ebd9a98b9c78ab |
8 years ago |
|
Alexander Traud
|
feeb0974eb |
tcptls: Do not re-bind to wildcard on client creation.
Since ASTERISK-26922, this issue affected only those chan_sip which were * enabled for dual-stack (bindaddr=::), and * enabled for TCP (tcpenable=yes) and/or TLS (tlsenable=yes), and * tried to register and/or invite a IPv4-only service, * via TCP and/or TLS. Now, ast_tcptls_client_create does not re-bind to [::] anymore. ASTERISK-27324 #close Change-Id: I4b242837bdeb1ec7130dc82505c6180a946fd9b5 |
8 years ago |
|
Joshua Colp
|
01f2220bec |
tcptls: Change error message to debug.
The Websocket implementation will steal the underlying stream of TCP/TLS sessions. This results in an error message being output about a stream not being present when in reality this is actually fine. This change moves it to a debug message instead. Change-Id: I66cc639080b4b4599beadb4faa7d313f2721d094 |
8 years ago |
Corey Farrell
|
70d2ccb9da |
Core: Add support for systemd socket activation.
This change adds support for socket activation of certain SOCK_STREAM listeners in Asterisk: * AMI / AMI over TLS * CLI * HTTP / HTTPS Example systemd units are provided. This support extends to any socket which is initialized using ast_tcptls_server_start, so any unknown modules using this function will support socket activation. Asterisk continues to function as normal if socket activation is not enabled or if systemd development headers are not available during build. ASTERISK-27063 #close Change-Id: Id814ee6a892f4b80d018365c8ad8d89063474f4d |
8 years ago |
|
Richard Mudgett
|
d76bc0565c |
tcptls.c: Cleanup TCP/TLS listener thread on abnormal exit.
Temporarily running out of file descriptors should not terminate the listener thread. Otherwise, when there becomes more file descriptors available, nothing is listening. * Added EMFILE exception to abnormal thread exit. * Added an abnormal TCP/TLS listener exit error message. * Closed the TCP/TLS listener socket on abnormal exit so Asterisk does not appear dead if something tries to connect to the socket. ASTERISK-26903 #close Change-Id: I10f2f784065136277f271159f0925927194581b5 |
8 years ago |
|
Richard Mudgett
|
0b427f9b59 |
tcptls.c: Add some missing allocation failure checks.
* Fix tcptls_session ref and fd leak in ast_tcptls_server_root(). Change-Id: I0ddf01cd3c10d3b6666d7bf68d4e206a37f4fbdb |
8 years ago |
|
Tzafrir Cohen
|
bc041ca14a |
tcptls: use TLS_client_method with OpenSSL 1.1
OpenSSL 1.1 introduced TLS_client_method() and deprecated the previous version-specific methods (such as TLSv1_client_method(). Other than being simpler to use and more correct (gain support for TLS newer that TLS1, in our case), the older ones produce a deprecation warning that fails the build in dev-mode. Change-Id: I257b1c8afd09dcb0d96cda3a41cb9f7a15d0ba07 |
8 years ago |
|
Joshua Colp
|
cd5d9d1d69 |
Merge "tcptls: Use new certificate upon sip reload"
|
9 years ago |
|
Tzafrir Cohen
|
26c8552fff |
OpenSSL 1.1.0 support
OpenSSL 1.1.0 includes some major changes in the interface. See https://wiki.openssl.org/index.php/1.1_API_Changes . Status: Right now there are still a few deprecation notes with OpenSSL 1.1.0. But it's a start. Changes: * CRYPTO_LOCK is no longer available. Replace it with its value for now. I don't completely understand what it is used for there. * Remove several functions from libasteriskssl that seem to no longer be needed. * Structures have become opaque and are accesses with accessors. * ERR_remove_thread_state() no longer needed. * SSLv2 code now could no longer be used in 1.1. ASTERISK-26109 #close Change-Id: I5e29d477d486ca29b6aae0dc2f5dff960c1cb82b |
9 years ago |
Michael Kuron
|
635b0a0a55 |
tcptls: Use new certificate upon sip reload
Previously, a TLS server socket would only be restarted upon sip reload if the bind address had changed. This commit adds checking for changes to TLS parameters like certificate, ciphers, etc. so they get picked up without requiring a reload of the entire chan_sip module. This does not affect open connections in any way, but new connections will use the new TLS parameters. The changes also apply to HTTP and Manager. ASTERISK-26604 #close Change-Id: I169e86cefc6dcd627c915134015a6a1ab1aadbe6 |
9 years ago |
Timo Teräs
|
070a51bf7c |
Implement internal abstraction for iostreams
fopencookie/funclose is a non-standard API and should not be used in portable software. Additionally, the way FILE's fd is used in non-blocking mode is undefined behaviour and cannot be relied on. This introduces internal abstraction for io streams, that allows implementing the desired virtualization of read/write operations with necessary timeout handling. ASTERISK-24515 #close ASTERISK-24517 #close Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85 |
9 years ago |
|
Corey Farrell
|
a6e5bae3ef |
Remove ASTERISK_REGISTER_FILE.
ASTERISK_REGISTER_FILE no longer has any purpose so this commit removes all traces of it. Previously exported symbols removed: * __ast_register_file * __ast_unregister_file * ast_complete_source_filename This also removes the mtx_prof static variable that was declared when MTX_PROFILE was enabled. This variable was only used in lock.c so it is now initialized in that file only. ASTERISK-26480 #close Change-Id: I1074af07d71f9e159c48ef36631aa432c86f9966 |
9 years ago |
|
Timo Teräs
|
39b69ab537 |
Fixes to include signal.h
POSIX defines signal.h. sys/signal.h should not be used as it is c-library internal header which may or may not exist. Notably with musl it generates warning of being incorrect. Change-Id: Ia56b0aa1d84b5c590114867b1b384a624f39a6fc |
9 years ago |
Mark Michelson
|
3b426a8b09 |
Check for OpenSSL defines before trying to use them.
The SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 defines did not exist prior to OpenSSL version 1.0.1. A recent commit attempts to, by default, set these options, which can cause problems on systems with older OpenSSL installations. This commit adds a configure script check for those defines and will not attempt to make use of those if they do not exist. We will print a warning urging the user to upgrade their OpenSSL installation if those defines are not present. Change-Id: I6a2eb9a43fd0738b404d8f6f2cf4b5c22d9d752d |
9 years ago |
|
Joshua Colp
|
0de74fad55 |
AST-2016-001 http: Provide greater control of TLS and set modern defaults.
This change exposes the configuration of various aspects of the TLS support and sets the default to the modern standards. The TLS cipher is now set to the best values according to the Mozilla OpSec team, different TLS versions can now be disabled, and the cipher order can be forced to be that of the server instead of the client. ASTERISK-24972 #close Change-Id: I0a10f2883f7559af5e48dee0901251dbf30d45b8 |
9 years ago |
Joerg Sonnenberger
|
5f712e82ac |
tcptls.c: Don't use OpenSSL functions when no SSL support is present.
Change-Id: I68a85a7fcbdb282140ff333c6274b6763d5f82a3 |
10 years ago |
|
Joshua Colp
|
e7124a3002 |
Merge "Add X.509 subject alternative name support to TLS certificate verification."
|
10 years ago |
|
Alexander Traud
|
8f3f414d8c |
tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket.
When a client connects to a server via SSL/TLS, the server commonly utilizes an RSA key-pair. However, other such algorithms exist (i.e. DSA and ECDSA), and if the server socket is configured with a certificate for either one of those, it would lose its compatibility with RSA-only clients. Now, the server socket can be configured with up to one RSA, ECDSA and DSA key each. For example, if a client is not compatible with SHA-2 hashed certificates like Nokia mobile phones, the server socket still can use RSA/SHA-1 for legacy clients and ECDSA/SHA-2 for everyone else. ASTERISK-24815 #close Reported by: Alexander Traud patches: tls_rsa_ecc_dsa.patch uploaded by Alexander Traud (License 6520) Change-Id: Iada5e00d326db5ef86e0af7069b4dfa1b979da9a |
10 years ago |
Maciej Szmigiero
|
2415a14ce9 |
Add X.509 subject alternative name support to TLS certificate
verification. This way one X.509 certificate can be used for hosts that can be reached under multiple DNS names or for multiple hosts. Signed-off-by: Maciej Szmigiero <mail@maciej.szmigiero.name> ASTERISK-25063 #close Change-Id: I13302c80490a0b44c43f1b45376c9bd7b15a538f |
10 years ago |
|
Alexander Traud
|
247fef6653 |
tcptls: Avoiding ERR_remove_state in OpenSSL.
ERR_remove_state was deprecated with OpenSSL 1.0.0 and was replaced by ERR_remove_thread_state. ERR_load_SSL_strings and ERR_load_BIO_strings were called by SSL_load_error_strings already and got removed. These changes allow OpenSSL forks like BoringSSL to be used with Asterisk. ASTERISK-25043 #close Reported by: Alexander Traud patches: asterisk_with_BoringSSL.patch uploaded by Alexander Traud (License 6520) Change-Id: If1c0871ece21a7e0763fafbd2fa023ae49d4d629 |
10 years ago |
Matt Jordan
|
4a58261694 |
git migration: Refactor the ASTERISK_FILE_VERSION macro
Git does not support the ability to replace a token with a version
string during check-in. While it does have support for replacing a
token on clone, this is somewhat sub-optimal: the token is replaced
with the object hash, which is not particularly easy for human
consumption. What's more, in practice, the source file version was often
not terribly useful. Generally, when triaging bugs, the overall version
of Asterisk is far more useful than an individual SVN version of a file. As a
result, this patch removes Asterisk's support for showing source file
versions.
Specifically, it does the following:
* Rename ASTERISK_FILE_VERSION macro to ASTERISK_REGISTER_FILE, and
remove passing the version in with the macro. Other facilities
than 'core show file version' make use of the file names, such as
setting a debug level only on a specific file. As such, the act of
registering source files with the Asterisk core still has use. The
macro rename now reflects the new macro purpose.
* main/asterisk:
- Refactor the file_version structure to reflect that it no longer
tracks a version field.
- Remove the "core show file version" CLI command. Without the file
version, it is no longer useful.
- Remove the ast_file_version_find function. The file version is no
longer tracked.
- Rename ast_register_file_version/ast_unregister_file_version to
ast_register_file/ast_unregister_file, respectively.
* main/manager: Remove value from the Version key of the ModuleCheck
Action. The actual key itself has not been removed, as doing so would
absolutely constitute a backwards incompatible change. However, since
the file version is no longer tracked, there is no need to attempt to
include it in the Version key.
* UPGRADE: Add notes for:
- Modification to the ModuleCheck AMI Action
- Removal of the "core show file version" CLI command
Change-Id: I6cf0ff280e1668bf4957dc21f32a5ff43444a40e
|
10 years ago |
Jonathan Rose
|
8ec9a82b9a |
Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.
When registering to a SIP server with TLS, Asterisk will accept CA signed certificates with a common name that was signed for a domain other than the one requested if it contains a null character in the common name portion of the cert. This patch fixes that by checking that the common name length matches the the length of the content we actually read from the common name segment. Some certificate authorities automatically sign CA requests when the requesting CN isn't already taken, so an attacker could potentially register a CN with something like www.google.com\x00www.secretlyevil.net and have their certificate signed and Asterisk would accept that certificate as though it had been for www.google.com - this is a security fix and is noted in AST-2015-003. ASTERISK-24847 #close Reported by: Maciej Szmigiero Patches: asterisk-null-in-cn.patch submitted by mhej (license 6085) ........ Merged revisions 434337 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 434338 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 434384 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@434385 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
10 years ago |
|
Matthew Jordan
|
e3fd826cdb |
tcptls: Handle new OpenSSL compile time option to disable SSLv3
Some distributions are going to disable SSLv3 at compile time. This option can be checked using the directive OPENSSL_NO_SSL3_METHOD. This patch updates the TCP/TLS handling in Asterisk to look for that directive before attempting to use the SSLv3 specific methods. ASTERISK-24799 #close Reported by: Alexander Traud patches: no-ssl3-method.patch uploaded by Alexander Traud (License 6520) ........ Merged revisions 431936 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 431937 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431938 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
10 years ago |
Kevin Harwell
|
c7591ef6bc |
tcptls: Bad file descriptor error when reloading chan_sip
While running through some scenarios using chan_sip and tcp a problem would occur that resulted in a flood of bad file descriptor messages on the cli: tcptls.c:712 ast_tcptls_server_root: Accept failed: Bad file descriptor The message is received because the underlying socket has been closed, so is valid. This is probably happening because unloading of chan_sip is not atomic. That however is outside the scope of this patch. This patch simply stops the logging of multiple occurrences of that message. ASTERISK-24728 #close Reported by: Thomas Thompson Review: https://reviewboard.asterisk.org/r/4380/ ........ Merged revisions 431218 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 431219 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431220 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
10 years ago |
|
Matthew Jordan
|
dad0334cf1 |
AST-2014-011: Fix POODLE security issues
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
ecnryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
........
Merged revisions 425987 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 425991 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@426003 65c4cc65-6c06-0410-ace0-fbb531ad65f3
|
11 years ago |
Walter Doekes
|
b2afbc48e4 |
tcptls: Avoid compiler warning on non-dev-mode.
........ Merged revisions 420654 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 420655 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 420656 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 420657 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@420658 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Richard Mudgett
|
dbec5e0d8d |
HTTP: Add persistent connection support.
Persistent HTTP connection support is needed due to the increased usage of the Asterisk core HTTP transport and the frequency at which REST API calls are going to be issued. * Add http.conf session_keep_alive option to enable persistent connections. * Parse and discard optional chunked body extension information and trailing request headers. * Increased the maximum application/json and application/x-www-form-urlencoded body size allowed to 4k. The previous 1k was kind of small. * Removed a couple inlined versions of ast_http_manid_from_vars() by calling the function. manager.c:generic_http_callback() and res_http_post.c:http_post_callback() * Add missing va_end() in ast_ari_response_error(). * Eliminated unnecessary RAII_VAR() use in http.c:auth_create(). ASTERISK-23552 #close Reported by: Scott Griepentrog Review: https://reviewboard.asterisk.org/r/3691/ ........ Merged revisions 417880 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417901 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Matthew Jordan
|
758b13858b |
main/tcptls: Add checks for OpenSSL Elliptic Curve support
The patch for ASTERISK-23905 that added PFS support in Asterisk depends on the elliptic curve library support being present in OpenSSL. As it turns out, some versions of OpenSSL don't have this library - notably the version running on our build agents. This patch fixes the build by providing a configure check for the specific library calls that the PFS patch relies on. Review: https://reviewboard.asterisk.org/r/3709/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417900 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Matthew Jordan
|
eaee92198d |
main/tcptls: Add support for Perfect Forward Secrecy
This patch enables Perfect Forward Secrecy (PFS) in Asterisk's core TLS API. Modules that wish to enable PFS should consider the following: - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in a module's configuration, for example: tlscipher=AES128-SHA:DES-CBC3-SHA - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters into the private key file, i.e., tlsprivatekey. For an example, see the default dh2048.pem at http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt - Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, (see "openssl ciphers -v DEFAULT") consider re-ordering your cipher suites in the conf file. For example: tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH will use PFS when offered by the client. Clients which do not offer PFS fall-back to AES-128 (or even 3DES as recommend by RFC 3261). Review: https://reviewboard.asterisk.org/r/3647/ ASTERISK-23905 #close Reported by: Alexander Traud patches: tlsPFS_for_HEAD.patch uploaded by Alexander Traud (License 6520) tlsPFS.patch uploaded by Alexander Traud (License 6520) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417803 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Richard Mudgett
|
13e697f8c0 |
AST-2014-007: Fix of fix to allow AMI and SIP TCP to send messages.
ASTERISK-23673 #close Reported by: Richard Mudgett Review: https://reviewboard.asterisk.org/r/3617/ ........ Merged revisions 416066 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 416067 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 416070 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@416071 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Richard Mudgett
|
4ca5745dbe |
AST-2014-007: Fix DOS by consuming the number of allowed HTTP connections.
Simply establishing a TCP connection and never sending anything to the configured HTTP port in http.conf will tie up a HTTP connection. Since there is a maximum number of open HTTP sessions allowed at a time you can block legitimate connections. A similar problem exists if a HTTP request is started but never finished. * Added http.conf session_inactivity timer option to close HTTP connections that aren't doing anything. Defaults to 30000 ms. * Removed the undocumented manager.conf block-sockets option. It interferes with TCP/TLS inactivity timeouts. * AMI and SIP TLS connections now have better authentication timeout protection. Though I didn't remove the bizzare TLS timeout polling code from chan_sip. * chan_sip can now handle SSL certificate renegotiations in the middle of a session. It couldn't do that before because the socket was non-blocking and the SSL calls were not restarted as documented by the OpenSSL documentation. * Fixed an off nominal leak of the ssl struct in handle_tcptls_connection() if the FILE stream failed to open and the SSL certificate negotiations failed. The patch creates a custom FILE stream handler to give the created FILE streams inactivity timeout and timeout after a specific moment in time capability. This approach eliminates the need for code using the FILE stream to be redesigned to deal with the timeouts. This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of the SSL_read/SSL_write operations. ASTERISK-23673 #close Reported by: Richard Mudgett ........ Merged revisions 415841 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 415854 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 415896 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415907 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
Olle Johansson
|
7c276f9fef |
tcptls.c : Log errors as ERROR, not warning or something else.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413036 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
Scott Griepentrog
|
0d057e6791 |
http: response body often missing after specific request
This patch works around a problem with the HTTP body being dropped from the response to a specific client and under specific circumstances: a) Client request comes from node.js user agent "Shred" via use of swagger-client library. b) Asterisk and Client are *not* on the same host or TCP/IP stack In testing this problem, it has been determined that the write of the HTTP body is lost, even if the data is written using low level write function. The only solution found is to instruct the TCP stack with the shutdown function to flush the last write and finish the transmission. See review for more details. ASTERISK-23548 #close (closes issue ASTERISK-23548) Reported by: Sam Galarneau Review: https://reviewboard.asterisk.org/r/3402/ ........ Merged revisions 411462 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 411463 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 411465 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@411469 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Richard Mudgett
|
12668b6659 |
tcptls.c: Made TLS handle a certificate chain file.
Thanks to Guillaume Martres for doing the necessary research to validate
the change.
(closes issue ASTERISK-17727)
Reported by: LN
Patches:
use_certificate_chain.patch (license #5864) patch uploaded by st
documente_certificate_chain.patch (license #6576) patch uploaded by Guillaume Martres
........
Merged revisions 407272 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 407273 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 407274 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@407275 65c4cc65-6c06-0410-ace0-fbb531ad65f3
|
11 years ago |
|
Richard Mudgett
|
45261449ec |
tcptls.c: Add missing cleanup on off nominal path.
........ Merged revisions 406514 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 406515 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 406516 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@406517 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
David M. Lee
|
744556c01d |
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as 'dangerous', to inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. Also, the ABI was changed to something more reasonable, since Asterisk 12 does not yet have a public release. (closes issue ASTERISK-22905) Review: http://reviewboard.digium.internal/r/432/ ........ Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
12 years ago |
Kinsey Moore
|
ad5f3a5759 |
tcptls: Prevent unsupported options from being set
AMI, HTTP, and chan_sip all support TLS in some way, but none of them support all the options that Asterisk's TLS core is capable of interpreting. This prevents consumers of the TLS/SSL layer from setting TLS/SSL options that they do not support. This also gets tlsverifyclient closer to a working state by requesting the client certificate when tlsverifyclient is set. Currently, there is no consumer of main/tcptls.c in Asterisk that supports this feature and so it can not be properly tested. Review: https://reviewboard.asterisk.org/r/2370/ Reported-by: John Bigelow Patch-by: Kinsey Moore (closes issue AST-1093) ........ Merged revisions 383165 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 383166 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383167 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
12 years ago |
|
Kinsey Moore
|
372e29620c |
Ensure Asterisk fails TCP/TLS SIP calls when certificate checking fails
When placing a call to a TCP/TLS SIP endpoint whose certificate is not signed by a configured CA certificate, Asterisk would issue a warning and continue to process the call as if there was not an issue with the certificate. Asterisk now properly fails the call if the certificate fails verification or if the certificate does not exist when certificate checking is enabled (the default behavior). (closes issue ASTERISK-20559) Reported by: kmoore Review: https://reviewboard.asterisk.org/r/2163/ ........ Merged revisions 375146 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 375147 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 375148 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@375149 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |