[asterisk-bugs] [JIRA] (ASTERISK-28750) TLS/SSL Key too small error
Sean Bright (JIRA)
noreply at issues.asterisk.org
Wed Feb 19 13:40:25 CST 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-28750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean Bright reassigned ASTERISK-28750:
--------------------------------------
Assignee: Sean Bright (was: Martin Zeh)
> TLS/SSL Key too small error
> ---------------------------
>
> Key: ASTERISK-28750
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28750
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Core/HTTP
> Affects Versions: 17.2.0
> Reporter: Martin Zeh
> Assignee: Sean Bright
> Severity: Minor
> Labels: patch, webrtc
> Attachments: 0001-tcptls.c-Log-more-informative-OpenSSL-errors.patch
>
>
> Setup error while following documentation:
> "Configuring Asterisk for WebRTC Clients"
> contrib/scripts/ast_tls_cert does not generate a valid key
> For my self compiled asterisk 17.2.0 the generated certificate and key is too small. The key is only 1024 bytes and this is not enough for the openssl version i linked to the asterisk.
> So I want to request two enhancements:
> 1) amend the script "contrib/scripts/ast_tls_cert" to generate at least 2048 long keys - this is done by replace 1024 with 2048 in the script.
> 2) amend the source code tcptls.c
> The openssl function SSL_CTX_use_certificate_chain_file return an error, but the error is not printed to the logging facility.
> The user only see the error message
> tcptls.c: TLS/SSL error loading cert file
> but not the reason - in my case: "SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:"
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list