[asterisk-commits] rmudgett: branch 1.8 r407272 - in /branches/1.8: configs/ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Feb 4 11:50:08 CST 2014 

Author: rmudgett
Date: Tue Feb  4 11:50:04 2014
New Revision: 407272

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=407272
Log:
tcptls.c: Made TLS handle a certificate chain file.

Thanks to Guillaume Martres for doing the necessary research to validate
the change.

(closes issue ASTERISK-17727)
Reported by: LN
Patches:
      use_certificate_chain.patch (license #5864) patch uploaded by st
      documente_certificate_chain.patch (license #6576) patch uploaded by Guillaume Martres

Modified:
    branches/1.8/configs/sip.conf.sample
    branches/1.8/main/tcptls.c

Modified: branches/1.8/configs/sip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/configs/sip.conf.sample?view=diff&rev=407272&r1=407271&r2=407272
==============================================================================
--- branches/1.8/configs/sip.conf.sample (original)
+++ branches/1.8/configs/sip.conf.sample Tue Feb  4 11:50:04 2014
@@ -474,8 +474,10 @@
                       ; Set to yes add Reason header and use Reason header if it is available.
 ;
 ;------------------------ TLS settings ------------------------------------------------------------
-;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections
-                                        ; default is to look for "asterisk.pem" in current directory
+;tlscertfile=</path/to/certificate.pem> ; Certificate chain (*.pem format only) to use for TLS connections
+                                        ; The certificates must be sorted starting with the subject's certificate
+                                        ; and followed by intermediate CA certificates if applicable.
+                                        ; Default is to look for "asterisk.pem" in current directory
 
 ;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections.
                                       ; If no tlsprivatekey is specified, tlscertfile is searched for

Modified: branches/1.8/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/main/tcptls.c?view=diff&rev=407272&r1=407271&r2=407272
==============================================================================
--- branches/1.8/main/tcptls.c (original)
+++ branches/1.8/main/tcptls.c Tue Feb  4 11:50:04 2014
@@ -384,7 +384,7 @@
 
 	if (!ast_strlen_zero(cfg->certfile)) {
 		char *tmpprivate = ast_strlen_zero(cfg->pvtfile) ? cfg->certfile : cfg->pvtfile;
-		if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0) {
+		if (SSL_CTX_use_certificate_chain_file(cfg->ssl_ctx, cfg->certfile) == 0) {
 			if (!client) {
 				/* Clients don't need a certificate, but if its setup we can use it */
 				ast_verb(0, "SSL error loading cert file. <%s>", cfg->certfile);

More information about the asterisk-commits mailing list