[asterisk-bugs] [JIRA] (ASTERISK-28078) Missing support for TLS CRL in pjsip

Asterisk Team (JIRA) noreply at issues.asterisk.org
Thu Sep 27 04:17:54 CDT 2018 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=244980#comment-244980 ] 

Asterisk Team commented on ASTERISK-28078:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

> Missing support for TLS CRL in pjsip
> ------------------------------------
>
>                 Key: ASTERISK-28078
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28078
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 13.22.0
>         Environment: Sangoma Freepbx
>            Reporter: Giuseppe Ravasio
>              Labels: pjsip
>
> Hi,
> I'm using asterisk with a bundled pjsip version 2.7.2 but checked the docs and there seems to be the same problem with pjsip 2.8 series.
> I'm using a TLS transport with client certificate authentication in pjsip:
> verify_client=yes
> require_client_cert=yes
> It's working flawlessly except for the fact that the system doesn't honor the CRL declared in the certificates and it doesn't even allow to specify a CRL file to check certificates validity.
> I think that this is a crucial feature for everyone that wants to use client certificate authentication, because otherwise there is no way to invalidate a stolen certificate.
> if this authentication would be fully implemented many people could switch from VoIP vpns to this type of security.
> I know that this is more a pjsip problem and I'm also writing to their ML.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list