POSIX says poll.h and signal.h should not be prefixed with sys/ (ie
poll.h instead of sys/poll.h)
limits.h also defines a TZNAME_MAX so we change name of the define for
spandsp.
I found a problem here but it may not completely match your expectations.
I reviewed the RFC 4028 and checked against the code and I discovered we should not be putting a Min-SE in any response at all besides a 422:
section 5:
The Min-SE header field MUST NOT be used in responses except for
those with a 422 response code. It indicates the minimum value of
the session interval that the server is willing to accept.
I corrected this problem and implemented the 422 response so if you request a value lower than the minimum specified for the profile.
If the value is equal or higher to the minimum, it will be reflected in the Session-Expires header in the response and no Min-SE will be present.
If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.
This is CVE-2012-4929.
FS-6360 --resolve
Thanks-to: Brian West <brian@freeswitch.org>
Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites. In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
commit ee51fa4e2993ab71339e29691aec8b924c810c53
Author: Frode Isaksen <frode.isaksen@bewan.com>
Date: Thu Aug 18 16:40:58 2011 +0300
su: fix su_time() on 64-bit OS X
The field tv_sec in struct timeval is 64bits instead of 32bits as in
su_time_t, so you cannot cast su_time_t to struct timeval.
This shows the cipher name, TLS version, the number of cipher bits and
algorithm bits, and a description of the cipher in Sofia's debug
logging output on level 9.
This separates out the Linux socket TCP keepalive timeout interval
from Sofia's internal mechanisms. Earlier we tied these together. In
retrospect this seems improper.
These two values can now be set separately.
You might, for example, want to keep the Sofia internal mechanism
disabled completely while enabling the platform-based mechanism if
your platform supports it.
We also here reform the default value of the socket TCP keepalive
parameter to 30 seconds.
This is what commit a0e9639a1f should
have been.
FS-6104
Anthony Minessale
Michael Jerris
Natanael Copa
Brian West
Travis Cross
Moises Silva