[asterisk-bugs] [JIRA] (ASTERISK-28078) Missing support for TLS CRL in pjsip
Giuseppe Ravasio (JIRA)
noreply at issues.asterisk.org
Thu Sep 27 04:17:54 CDT 2018
Giuseppe Ravasio created ASTERISK-28078:
-------------------------------------------
Summary: Missing support for TLS CRL in pjsip
Key: ASTERISK-28078
URL: https://issues.asterisk.org/jira/browse/ASTERISK-28078
Project: Asterisk
Issue Type: Improvement
Security Level: None
Components: pjproject/pjsip
Affects Versions: 13.22.0
Environment: Sangoma Freepbx
Reporter: Giuseppe Ravasio
Hi,
I'm using asterisk with a bundled pjsip version 2.7.2 but checked the docs and there seems to be the same problem with pjsip 2.8 series.
I'm using a TLS transport with client certificate authentication in pjsip:
verify_client=yes
require_client_cert=yes
It's working flawlessly except for the fact that the system doesn't honor the CRL declared in the certificates and it doesn't even allow to specify a CRL file to check certificates validity.
I think that this is a crucial feature for everyone that wants to use client certificate authentication, because otherwise there is no way to invalidate a stolen certificate.
if this authentication would be fully implemented many people could switch from VoIP vpns to this type of security.
I know that this is more a pjsip problem and I'm also writing to their ML.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list