[asterisk-bugs] [JIRA] (ASTERISK-28798) [patch] chan_sip: TCP/TLS client without server.
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Thu Nov 19 15:39:17 CST 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-28798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=252795#comment-252795 ]
Friendly Automation commented on ASTERISK-28798:
------------------------------------------------
Change 15143 merged by Kevin Harwell:
chan_sip: Remove unused sip_socket->port.
[https://gerrit.asterisk.org/c/asterisk/+/15143|https://gerrit.asterisk.org/c/asterisk/+/15143]
> [patch] chan_sip: TCP/TLS client without server.
> ------------------------------------------------
>
> Key: ASTERISK-28798
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28798
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/TCP-TLS
> Affects Versions: 13.32.0, 16.9.0, 17.3.0
> Reporter: Alexander Traud
> Assignee: Alexander Traud
> Severity: Minor
> Labels: patch
> Target Release: 13.33.0, 16.10.0, 17.4.0
>
> Attachments: client_without_server.patch
>
>
> The channel driver {{chan_sip}} can be configured for various SIP transports like UDP, TCP, and TLS. Because it is a back-to-back user agent (B2BUA), it can be configured as client and/or server. For example, when you add just
> {code}register => tcp://user:secret@host{code}
> to the {{\[general\]}} context in the configuration file {{sip.conf}} (just that, nothing else; the file is empty), a client connection to a remote VoIP/SIP server like a PSTN service is established. However in the SIP-REGISTER message, the headers Via and Contact do not contain the local IP address but the value {{(null)}}. Such a value is rejected by a remote party normally.
> Currently, the source code expects that the local server also has TCP enabled. Consequently, for a client connect you have to write at least:
> {code}tcpenable=yes
> register => tcp://user:secret@host{code}
> In case of TLS, something like
> {code}
> tlscapath=/etc/ssl/certs/
> register => tls://user:secret@host
> {code}should be sufficient. However, that gives the same, the value {{(null)}} in the SIP-REGISTER for the Via and Contact headers. Again, the TLS server must be enabled locally which requires a public certificate with private key:
> {code}
> tlsenable=yes
> tlscertfile=asterisk.pem
> tlscapath=/etc/ssl/certs/
> register => tls://user:secret@host
> {code}Consequently, I have to create a (server) certificate locally, do create a remote TLS client connection successfully. This is counter-intuitive. The situation is even worse because there is no log message and the SIP-REGISTER is sent with wrong information. Only at debug level 3, one can see that the local bind address is null.
> The cause for this is the function {{ast_sip_ouraddrfor(.)}} which does not check whether the {{local_address}} is null. See the attached patch.
> However, there are two more places in code which do not check for null:
> 1. function {{get_address_family_filter(.)}}
> 2. {{p->socket.port}} in function {{transmit_register(.)}}
> I have no idea what to do with those.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list