<param name="tls-cert-dir" value="$${external_ssl_dir}"/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
+ <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
+ <param name="tls-passphrase" value=""/>
</settings>
</profile>
<param name="tls-cert-dir" value="$${internal_ssl_dir}"/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
+ <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
+ <param name="tls-passphrase" value=""/>
<!-- turn on auto-flush during bridge (skip timer sleep when the socket already has data)
(reduces delay on latent connections default true, must be disabled explicitly)-->
NUTAG_SIPS_URL(profile->tls_bindurl)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
NUTAG_CERTIFICATE_DIR(profile->tls_cert_dir)),
+ TAG_IF(sofia_test_pflag(profile, PFLAG_TLS) && profile->tls_passphrase,
+ TPTAG_TLS_PASSPHRASE(profile->tls_passphrase)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
TPTAG_TLS_VERIFY_POLICY(0)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
}
} else if (!strcasecmp(var, "tls-cert-dir")) {
profile->tls_cert_dir = switch_core_strdup(profile->pool, val);
+ } else if (!strcasecmp(var, "tls-passphrase")) {
+ profile->tls_passphrase = switch_core_strdup(profile->pool, val);
} else if (!strcasecmp(var, "tls-version")) {
if (!strcasecmp(val, "tlsv1")) {