[Asterisk-code-review] tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA)... (asterisk[master])
Richard Mudgett
asteriskteam at digium.com
Mon May 11 14:07:04 CDT 2015
Richard Mudgett has posted comments on this change.
Change subject: tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket.
......................................................................
Patch Set 2: Code-Review-1
(2 comments)
https://gerrit.asterisk.org/#/c/431/2/configs/samples/pjsip.conf.sample
File configs/samples/pjsip.conf.sample:
Line 772: ; mediates, private key), to support multiple algorithms for
: ; server authentication (RSA, DSA, ECDSA). If the chains are
red blobs (trailing whitespace)
https://gerrit.asterisk.org/#/c/431/2/main/tcptls.c
File main/tcptls.c:
Line 764: SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cert_file, SSL_FILETYPE_PEM);
Hmm. We're quite here if this fails where for the _rsa. file we give an error message.
Do we need to call SSL_CTX_check_private_key() in addition like as done for the _rsa. file?
--
To view, visit https://gerrit.asterisk.org/431
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iada5e00d326db5ef86e0af7069b4dfa1b979da9a
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-HasComments: Yes
More information about the asterisk-code-review
mailing list