[asterisk-commits] sgriepentrog: branch 12 r426928 - in /branches/12: configs/ res/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Fri Oct 31 11:33:48 CDT 2014
Author: sgriepentrog
Date: Fri Oct 31 11:33:44 2014
New Revision: 426928
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=426928
Log:
pjsip: clarify tls cert and key file usage
A question arose as to whether a .pem file
could be provided in place of the .crt and
.key files in a PJSIP TLS configuration. I
tested this and discovered that although a
cert will be read from the pem file, a key
will not, and thus the priv_key_file entry
is still required. This update to the fine
documentation clarifies the option usage.
AST-1448 #close
Review: https://reviewboard.asterisk.org/r/4129/
Reported by: John Bigelow
Modified:
branches/12/configs/pjsip.conf.sample
branches/12/res/res_pjsip.c
Modified: branches/12/configs/pjsip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/branches/12/configs/pjsip.conf.sample?view=diff&rev=426928&r1=426927&r2=426928
==============================================================================
--- branches/12/configs/pjsip.conf.sample (original)
+++ branches/12/configs/pjsip.conf.sample Fri Oct 31 11:33:44 2014
@@ -699,7 +699,10 @@
; "")
;ca_list_file= ; File containing a list of certificates to read TLS ONLY
; (default: "")
-;cert_file= ; Certificate file for endpoint TLS ONLY (default: "")
+;cert_file= ; Certificate file for endpoint TLS ONLY
+ ; Will read .crt or .pem file but only uses cert,
+ ; a .key file must be specified via priv_key_file
+ ; (default: "")
;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "")
;domain= ; Domain the transport comes from (default: "")
;external_media_address= ; External IP address to use in RTP handling
Modified: branches/12/res/res_pjsip.c
URL: http://svnview.digium.com/svn/asterisk/branches/12/res/res_pjsip.c?view=diff&rev=426928&r1=426927&r2=426928
==============================================================================
--- branches/12/res/res_pjsip.c (original)
+++ branches/12/res/res_pjsip.c Fri Oct 31 11:33:44 2014
@@ -817,6 +817,12 @@
</configOption>
<configOption name="cert_file">
<synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
+ <description><para>
+ A path to a .crt or .pem file can be provided. However, only
+ the certificate is read from the file, not the private key.
+ The <literal>priv_key_file</literal> option must supply a
+ matching key file.
+ </para></description>
</configOption>
<configOption name="cipher">
<synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis>
More information about the asterisk-commits
mailing list