[asterisk-commits] sgriepentrog: branch 13 r426930 - in /branches/13: ./ configs/samples/ res/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Oct 31 11:40:21 CDT 2014


Author: sgriepentrog
Date: Fri Oct 31 11:40:17 2014
New Revision: 426930

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=426930
Log:
pjsip: clarify tls cert and key file usage

A question arose as to whether a .pem file
could be provided in place of the .crt and
.key files in a PJSIP TLS configuration. I
tested this and discovered that although a
cert will be read from the pem file, a key
will not, and thus the priv_key_file entry
is still required. This update to the fine
documentation clarifies the option usage.

AST-1448 #close
Review: https://reviewboard.asterisk.org/r/4129/
Reported by: John Bigelow
........

Merged revisions 426928 from http://svn.asterisk.org/svn/asterisk/branches/12

Modified:
    branches/13/   (props changed)
    branches/13/configs/samples/pjsip.conf.sample
    branches/13/res/res_pjsip.c

Propchange: branches/13/
------------------------------------------------------------------------------
Binary property 'branch-12-merged' - no diff available.

Modified: branches/13/configs/samples/pjsip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/branches/13/configs/samples/pjsip.conf.sample?view=diff&rev=426930&r1=426929&r2=426930
==============================================================================
--- branches/13/configs/samples/pjsip.conf.sample (original)
+++ branches/13/configs/samples/pjsip.conf.sample Fri Oct 31 11:40:17 2014
@@ -747,7 +747,10 @@
         ; "")
 ;ca_list_file=  ; File containing a list of certificates to read TLS ONLY
                 ; (default: "")
-;cert_file=     ; Certificate file for endpoint TLS ONLY (default: "")
+;cert_file=     ; Certificate file for endpoint TLS ONLY
+                ; Will read .crt or .pem file but only uses cert,
+                ; a .key file must be specified via priv_key_file
+                ; (default: "")
 ;cipher=        ; Preferred cryptography cipher names TLS ONLY (default: "")
 ;domain=        ; Domain the transport comes from (default: "")
 ;external_media_address=        ; External IP address to use in RTP handling

Modified: branches/13/res/res_pjsip.c
URL: http://svnview.digium.com/svn/asterisk/branches/13/res/res_pjsip.c?view=diff&rev=426930&r1=426929&r2=426930
==============================================================================
--- branches/13/res/res_pjsip.c (original)
+++ branches/13/res/res_pjsip.c Fri Oct 31 11:40:17 2014
@@ -817,6 +817,12 @@
 				</configOption>
 				<configOption name="cert_file">
 					<synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
+					<description><para>
+						A path to a .crt or .pem file can be provided.  However, only
+						the certificate is read from the file, not the private key.
+						The <literal>priv_key_file</literal> option must supply a
+						matching key file.
+					</para></description>
 				</configOption>
 				<configOption name="cipher">
 					<synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis>




More information about the asterisk-commits mailing list