ESL-88 --resolve
Signed-off-by: Travis Cross <tc@traviscross.com>

If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.

This is CVE-2012-4929.

FS-6360 --resolve

Thanks-to: Brian West <brian@freeswitch.org>

mod_rayo: add new config pause-when-offline - will pause inbound calling if there are no online clients to handle calls.  This is useful if you want FS to respond 503 to options ping when there are no online rayo clients.  Default behavior is to disable this param.

Conflicts:
	src/mod/endpoints/mod_sofia/sofia.c

FS-6287 --resolve When a broken registrar sends a 401 unauth then replies with a subsequent 401 unauth without the stale=true attribute, sofia tries to invalidate the auth handle and get stuck in a state where it cannot recover until the reg handle is destroyed.  In this case, the provider in question has a bug on thier end when the nonce count rolls from nc=000000ff to nc=00000100 they start sending several consecitive 401 rather than a 401 with stale=true or a 403.  This change will allow it to reset properly and try again with nc=00000001 on the next try.

Conflicts:
	libs/sofia-sip/.update

Cisco 7925G seem to work only with the correct conference_id2 and
rtptimeout set, so add protocol 11 definition fields and set
conference_id2 correctly.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>

Cisco 7925g send access status message with just 8 byte of payload data.
Since we don't interpret the unknown 3rd field anyway, remove it. This
will prevent the first register to fail.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>

WiFi phones like the 7925g may take longer than just one second to
acknowledge the open receive message. Increase the timeout to 5 seconds.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>

warning: passing argument 1 of 'SSL_CIPHER_description' discards qualifiers from pointer target type

Conflicts:
	src/mod/endpoints/mod_sofia/sofia.c

If the input started with 'sip:sips:' it would have been incorrectly
parsed.

Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites.  In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.

This was momentarily called force_send_silence_when_idle, but that was
non-obvious as you had to set that value to true to be able to not
send silence when idle.  This name describes the purpose much better.

We were handling the "send silence but not comfort noise" case in both
silence_stream_file_read and switch_generate_sln_silence.  This
changes the former to rely on the latter.