[asterisk-bugs] [JIRA] (ASTERISK-28750) TLS/SSL Key too small error

Sean Bright (JIRA) noreply at issues.asterisk.org
Wed Feb 19 09:34:25 CST 2020


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean Bright updated ASTERISK-28750:
-----------------------------------

    Attachment: 0001-tcptls.c-Log-more-informative-OpenSSL-errors.patch

> TLS/SSL Key too small error
> ---------------------------
>
>                 Key: ASTERISK-28750
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28750
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Core/HTTP
>    Affects Versions: 17.2.0
>            Reporter: Martin Zeh
>            Severity: Minor
>              Labels: patch, webrtc
>         Attachments: 0001-tcptls.c-Log-more-informative-OpenSSL-errors.patch
>
>
> Setup error while following documentation:
> "Configuring Asterisk for WebRTC Clients"
> contrib/scripts/ast_tls_cert does not generate a valid key
> For my self compiled asterisk 17.2.0 the generated certificate and key is too small. The key is only 1024 bytes and this is not enough for the openssl version i linked to the asterisk.
> So I want to request two enhancements:
> 1) amend the script "contrib/scripts/ast_tls_cert" to generate at least 2048 long keys - this is done by replace 1024 with 2048 in the script.
> 2) amend the source code tcptls.c 
>     The openssl function SSL_CTX_use_certificate_chain_file return an error, but the error is not printed to the logging facility.
> The user only see the error message 
> tcptls.c: TLS/SSL error loading cert file
> but not the reason - in my case: "SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:"



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list