[asterisk-bugs] [JIRA] (ASTERISK-20559) SIP TCP/TLS: When checking the CA certificate fails, the call still goes through
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Mon Dec 10 07:17:45 CST 2012
[ https://issues.asterisk.org/jira/browse/ASTERISK-20559?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-20559:
-----------------------------------
Target Release Version/s: 10.11.0-digiumphones
10.11.0
1.8.19.0
> SIP TCP/TLS: When checking the CA certificate fails, the call still goes through
> --------------------------------------------------------------------------------
>
> Key: ASTERISK-20559
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-20559
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/TCP-TLS
> Affects Versions: 1.8.17.0, 10.9.0, 11.0.0-beta2
> Environment: SIP TCP/TLS connection with differing CA certificates set on either side of the connection. Each side of the call has a valid CA certificate for its respective key, but the CA certificates are not valid for the key on the remote side.
> Reporter: Kinsey Moore
> Severity: Blocker
> Target Release: 1.8.19.0, 10.11.0, 10.11.0-digiumphones, 11.0.0
>
> Attachments: tcptls_fix.diff, tcptls_fix.diff
>
>
> When calling in this situation and tlsdontverifyserver is set to no, Asterisk produces the error message:
> ERROR[16872]: tcptls.c:199 handle_tcptls_connection: Certificate did not verify: certificate signature failure
> This should cause the call to fail, but it does not. The call completes successfully.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list