[asterisk-bugs] [JIRA] (ASTERISK-28798) [patch] chan_sip: TCP/TLS client without server.

Alexander Traud (JIRA) noreply at issues.asterisk.org
Wed Apr 1 11:48:25 CDT 2020 

Alexander Traud created ASTERISK-28798:
------------------------------------------

             Summary: [patch] chan_sip: TCP/TLS client without server.
                 Key: ASTERISK-28798
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28798
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Channels/chan_sip/TCP-TLS
    Affects Versions: 17.3.0, 16.9.0, 13.32.0
            Reporter: Alexander Traud
            Severity: Minor


The channel driver {{chan_sip}} can be configured for various SIP transports like UDP, TCP, and TLS. Because it is a back-to-back user agent (B2BUA), it can be configured as client and/or server. For example, when you add just
{code}register => tcp://user:secret@host{code}
to the {{\[general\]}} context in the configuration file {{sip.conf}} (just that, nothing else; the file is empty), a client connection to a remote VoIP/SIP server like a PSTN service is established. However in the SIP-REGISTER message, the headers Via and Contact do not contain the local IP address but the value {{(null)}}. Such a value is rejected by a remote party normally.

Currently, the source code expects that the local server also has TCP enabled. Consequently, for a client connect you have to write at least:
{code}tcpenable=yes
register => tcp://user:secret@host{code}
In case of TLS, something like
{code}
tlscapath=/etc/ssl/certs/
register => tls://user:secret@host
{code}should be sufficient. However, that gives the same, the value {{(null)}} in the SIP-REGISTER for the Via and Contact headers. Again, the TLS server must be enabled locally which requires a public certificate with private key:
{code}
tlsenable=yes
tlscertfile=asterisk.pem
tlscapath=/etc/ssl/certs/
register => tls://user:secret@host
{code}Consequently, I have to create a (server) certificate locally, do create a remote TLS client connection successfully. This is counter-intuitive. The situation is even worse because there is no log message and the SIP-REGISTER is sent with wrong information. Only at debug level 3, one can see that the local bind address is null.

The cause for this is the function {{ast_sip_ouraddrfor(.)}} which does not check whether the {{local_address}} is null. See the attached patch.

However, there are two more places in code which do not check for null:
1. function {{get_address_family_filter(.)}}
2. {{p->socket.port}} in function {{transmit_register(.)}}
I have no idea what to do with those.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list