[asterisk-bugs] [JIRA] (ASTERISK-30334) res_pjsip: ca_list_path directive in pjsip.conf
Ray Crumrine (JIRA)
noreply at issues.asterisk.org
Sun Nov 27 03:09:51 CST 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=260733#comment-260733 ]
Ray Crumrine commented on ASTERISK-30334:
-----------------------------------------
I thought this might have to be fixed in pjsip after I read the note on Github. Just thought it might save someone else grief. I have two endpoints so there are two certificate files to be read. There is a note in the sample pjsip.conf that says "PJProject version 2.4 or higher is required for this option to be used". It may be more convenient to use "ca_list_path" [would not be necessary to concatenate all of the certificates] so I set it to "ca_list_path=/usr/share/ca-certificates/mozilla/" which should work. Was forced to set "verify_server" to "no" because only the first file in the folder was used. . The 2nd certificate was not read so the second endpoint always came back "Not trusted" and the DIAL command failed. After concatenating the two certificates into a single file and changing the directive to "ca_list_file" it works fine.
> res_pjsip: ca_list_path directive in pjsip.conf
> -----------------------------------------------
>
> Key: ASTERISK-30334
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30334
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip
> Affects Versions: 18.15.0
> Environment: Debian 10
> Reporter: Ray Crumrine
> Assignee: Ray Crumrine
>
> Don't know anything about kamailio but there is a discussion about this on Github. https://github.com/kamailio/kamailio/issues/2682
> Was unable to make "ca_list_path" directive work. Tried about 3 different versions of the command. Works fine with the "old" way of specifying the certificate file. i.e., "ca_list_file=/path-to/ca_file.pem"
> Only reads one file [the first one]. Always sends "untrusted" for the second
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list