[asterisk-bugs] [JIRA] (ASTERISK-25409) Asterisk not reading entire TLSCERTFILE

Joshua Colp (JIRA) noreply at issues.asterisk.org
Wed Sep 30 10:24:33 CDT 2015


     [ https://issues.asterisk.org/jira/browse/ASTERISK-25409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-25409:
-----------------------------------

    Assignee: Sam Ultima
      Status: Waiting for Feedback  (was: Triage)

Can you provide more information on exactly how you want this to work? The "tlscertfile" option is for the certificate presented on outgoing connections to another device and only allows specifying one certificate (or a chain). I'd expect each individual phone to have a certificate issued from a certificate authority, and that certificate authority be available in Asterisk for verification. I'd also expect the certificate authority to be present on the phone so it can verify the certificate.

If you really do need individual outgoing certificates in chan_sip this is not currently possible and would require substantial work to chan_sip to support.

> Asterisk not reading entire TLSCERTFILE
> ---------------------------------------
>
>                 Key: ASTERISK-25409
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25409
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/TCP-TLS
>    Affects Versions: 13.5.0
>         Environment: SHMZ release 6.5 (Final), FreePBX 12.0.76.1, PBX Firmware: 6.12.65-30 , PBX Service Pack: 1.0.0.0, 4GB ram, dual processor cores.
>            Reporter: Sam Ultima
>            Assignee: Sam Ultima
>         Attachments: extensions_additional.conf, extensions.conf, full.txt, phonecertificates.txt, sip_additional.conf, sip.conf, sip_custom_post.conf, sip_general_additional.conf
>
>
> We have setup TLS+SRTP and thoroughly tested to verify successful operation using a single phone and security certificate.
> The problem starts when we added another phone then appended phone security certificate to the TLSCERT file. We have tried rearranging these without success. This file reads the first certificate at the top while others are ignored, causing phones to fail registration.
> logs & config files are attached.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list