[Asterisk-code-review] tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA)... (asterisk[master])

Richard Mudgett asteriskteam at digium.com
Thu May 14 15:20:44 CDT 2015


Richard Mudgett has posted comments on this change.

Change subject: tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket.
......................................................................


Patch Set 5: Code-Review-1

(1 comment)

https://gerrit.asterisk.org/#/c/431/5/main/tcptls.c
File main/tcptls.c:

Line 761: 		if (SSL_CTX_use_certificate_chain_file(cfg->ssl_ctx, cert_file) == 0) {
        : 			ast_log(LOG_ERROR, "TLS/SSL error loading %s cert file (step 1). <%s>\n", key_type, cert_file);
        : 		} else if (SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cert_file, SSL_FILETYPE_PEM) == 0) {
        : 			ast_log(LOG_ERROR, "TLS/SSL error loading %s cert file (step 2). <%s>\n", key_type, cert_file);
        : 		} else if (SSL_CTX_check_private_key(cfg->ssl_ctx) == 0) {
        : 			ast_log(LOG_ERROR, "TLS/SSL error loading %s cert file (step 3). <%s>\n", key_type, cert_file);
        : 		}
These messages should be changed to LOG_WARNING instead of LOG_ERROR since they don't fail setting up the call.

Users should not have to look at the code to have a clue as to what is going wrong.  You are doing three things here with the file:
ast_log(LOG_WARNING, "TLS/SSL error loading %s certificates from file <%s>.\n", key_type, cert_file);
ast_log(LOG_WARNING, "TLS/SSL error loading %s private keys from a file <%s>.\n", key_type, cert_file);
ast_log(LOG_WARNING, "TLS/SSL error checking %s private keys from a file <%s>.\n", key_type, cert_file);


-- 
To view, visit https://gerrit.asterisk.org/431
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Iada5e00d326db5ef86e0af7069b4dfa1b979da9a
Gerrit-PatchSet: 5
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Ashley Sanders <asanders at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-HasComments: Yes



More information about the asterisk-code-review mailing list