[asterisk-bugs] [JIRA] Created: (ASTERISK-20563) SIP TCP/TLS: When checking the CA certificate fails, the call still goes through

Matt Jordan (JIRA) noreply at issues.asterisk.org
Mon Oct 15 08:43:27 CDT 2012


SIP TCP/TLS: When checking the CA certificate fails, the call still goes through
--------------------------------------------------------------------------------

                 Key: ASTERISK-20563
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20563
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Channels/chan_sip/TCP-TLS
    Affects Versions: 1.8.17.0, 10.9.0, 11.0.0-beta2
         Environment: SIP TCP/TLS connection with differing CA certificates set on either side of the connection.  Each side of the call has a valid CA certificate for its respective key, but the CA certificates are not valid for the key on the remote side.
            Reporter: Kinsey Moore
            Severity: Blocker


When calling in this situation and tlsdontverifyserver is set to no, Asterisk produces the error message:
ERROR[16872]: tcptls.c:199 handle_tcptls_connection: Certificate did not verify: certificate signature failure

This should cause the call to fail, but it does not.  The call completes successfully.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list