[asterisk-bugs] [JIRA] (ASTERISK-28750) TLS/SSL Key too small error
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Fri Feb 21 09:04:25 CST 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-28750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=249827#comment-249827 ]
Friendly Automation commented on ASTERISK-28750:
------------------------------------------------
Change 13813 merged by George Joseph:
tcptls.c: Log more informative OpenSSL errors
[https://gerrit.asterisk.org/c/asterisk/+/13813|https://gerrit.asterisk.org/c/asterisk/+/13813]
> TLS/SSL Key too small error
> ---------------------------
>
> Key: ASTERISK-28750
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28750
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Core/HTTP
> Affects Versions: 17.2.0
> Reporter: Martin Zeh
> Assignee: Sean Bright
> Severity: Minor
> Labels: patch, webrtc
> Attachments: 0001-tcptls.c-Log-more-informative-OpenSSL-errors.patch
>
>
> Setup error while following documentation:
> "Configuring Asterisk for WebRTC Clients"
> contrib/scripts/ast_tls_cert does not generate a valid key
> For my self compiled asterisk 17.2.0 the generated certificate and key is too small. The key is only 1024 bytes and this is not enough for the openssl version i linked to the asterisk.
> So I want to request two enhancements:
> 1) amend the script "contrib/scripts/ast_tls_cert" to generate at least 2048 long keys - this is done by replace 1024 with 2048 in the script.
> 2) amend the source code tcptls.c
> The openssl function SSL_CTX_use_certificate_chain_file return an error, but the error is not printed to the logging facility.
> The user only see the error message
> tcptls.c: TLS/SSL error loading cert file
> but not the reason - in my case: "SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:"
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list