[asterisk-bugs] [Asterisk 0019156]: TLS doesn't get all certificate chain

Asterisk Bug Tracker noreply at bugs.digium.com
Wed Apr 20 11:18:21 CDT 2011


The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=19156 
====================================================================== 
Reported By:                luke1980
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   19156
Category:                   Channels/chan_sip/TCP-TLS
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           1.8.3.2 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2011-04-20 11:18 CDT
Last Modified:              2011-04-20 11:18 CDT
====================================================================== 
Summary:                    TLS doesn't get all certificate chain
Description: 
Dear All, dear Digium,

I use TLS on asterisk 1.8.1 with a cert file of trustwave.com CA root.

I expected to load the certificate chain in the "tlscafile" (define in
sip.conf) and the certificate released from the CA root in the
"tlscertfile" (define in sip.conf).

I see that the certificate chain is composed with the intermediate
certificate of TrustWave CA (SecureTrust) and the root certificate of
Entrust CA.

So I copy the intermediate certificate of TrustWave CA in the tlscafile
and append to that the root certificate of Entrust CA.

Instead, I copy the certificate released form the CA in the tlscertfile.

But after that, seems that asterisk read only the first certificate of the
chain in the file tlscafile and doesn't read both certificate (intermediate
cert of TrustWave and root cert of Entrust). So the general chain of the
certificate (CA, intermediate cert and root cert) results UNTRUSTED.

I think that this a bug.







tlscafile 
tlscertfile
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-04-20 11:18 luke1980       New Issue                                    
2011-04-20 11:18 luke1980       Asterisk Version          => 1.8.3.2         
2011-04-20 11:18 luke1980       Regression                => No              
2011-04-20 11:18 luke1980       SVN Branch (only for SVN checkouts, not tarball
releases) => N/A             
======================================================================




More information about the asterisk-bugs mailing list