[asterisk-bugs] [JIRA] (ASTERISK-28798) [patch] chan_sip: TCP/TLS client without server.

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Thu Jun 25 12:03:25 CDT 2020 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-28798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Harwell closed ASTERISK-28798.
------------------------------------

    Resolution: Fixed

> [patch] chan_sip: TCP/TLS client without server.
> ------------------------------------------------
>
>                 Key: ASTERISK-28798
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28798
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/TCP-TLS
>    Affects Versions: 13.32.0, 16.9.0, 17.3.0
>            Reporter: Alexander Traud
>            Assignee: Alexander Traud
>            Severity: Minor
>              Labels: patch
>      Target Release: 17.4.0, 16.10.0, 13.33.0
>
>         Attachments: client_without_server.patch
>
>
> The channel driver {{chan_sip}} can be configured for various SIP transports like UDP, TCP, and TLS. Because it is a back-to-back user agent (B2BUA), it can be configured as client and/or server. For example, when you add just
> {code}register => tcp://user:secret@host{code}
> to the {{\[general\]}} context in the configuration file {{sip.conf}} (just that, nothing else; the file is empty), a client connection to a remote VoIP/SIP server like a PSTN service is established. However in the SIP-REGISTER message, the headers Via and Contact do not contain the local IP address but the value {{(null)}}. Such a value is rejected by a remote party normally.
> Currently, the source code expects that the local server also has TCP enabled. Consequently, for a client connect you have to write at least:
> {code}tcpenable=yes
> register => tcp://user:secret@host{code}
> In case of TLS, something like
> {code}
> tlscapath=/etc/ssl/certs/
> register => tls://user:secret@host
> {code}should be sufficient. However, that gives the same, the value {{(null)}} in the SIP-REGISTER for the Via and Contact headers. Again, the TLS server must be enabled locally which requires a public certificate with private key:
> {code}
> tlsenable=yes
> tlscertfile=asterisk.pem
> tlscapath=/etc/ssl/certs/
> register => tls://user:secret@host
> {code}Consequently, I have to create a (server) certificate locally, do create a remote TLS client connection successfully. This is counter-intuitive. The situation is even worse because there is no log message and the SIP-REGISTER is sent with wrong information. Only at debug level 3, one can see that the local bind address is null.
> The cause for this is the function {{ast_sip_ouraddrfor(.)}} which does not check whether the {{local_address}} is null. See the attached patch.
> However, there are two more places in code which do not check for null:
> 1. function {{get_address_family_filter(.)}}
> 2. {{p->socket.port}} in function {{transmit_register(.)}}
> I have no idea what to do with those.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list