[asterisk-bugs] [JIRA] (ASTERISK-28750) TLS/SSL Key too small error
Martin Zeh (JIRA)
noreply at issues.asterisk.org
Wed Feb 19 08:17:25 CST 2020
Martin Zeh created ASTERISK-28750:
-------------------------------------
Summary: TLS/SSL Key too small error
Key: ASTERISK-28750
URL: https://issues.asterisk.org/jira/browse/ASTERISK-28750
Project: Asterisk
Issue Type: Improvement
Security Level: None
Components: Core/HTTP
Affects Versions: 17.2.0
Reporter: Martin Zeh
Severity: Minor
Setup error while following documentation:
"Configuring Asterisk for WebRTC Clients"
contrib/scripts/ast_tls_cert does not generate a valid key
For my self compiled asterisk 17.2.0 the generated certificate and key is too small. The key is only 1024 bytes and this is not enough for the openssl version i linked to the asterisk.
So I want to request two enhancements:
1) amend the script "contrib/scripts/ast_tls_cert" to generate at least 2048 long keys - this is done by replace 1024 with 2048 in the script.
2) amend the source code tcptls.c
The openssl function SSL_CTX_use_certificate_chain_file return an error, but the error is not printed to the logging facility.
The user only see the error message
tcptls.c: TLS/SSL error loading cert file
but not the reason - in my case: "SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:"
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list