[asterisk-dev] SSL encryption for Asterisk Manager Interface

[John Todd]

I know that I muttered at a variety of you about this code, and in 
fact I have even been discussing it in some detail with some of you. 
I've finally gotten off my posterior and cleaned up the doc file and 
done final testing on a clean-slate machine to verify that everything 
works as has been claimed.  Some of you have already tested it - let 
me know what you've seen as problems, if any.

To those of you developing Asterisk Manager Interface control 
programs: please give me your feedback on this patch, and test it. 
You know who you are.  You also know how dangerous AMI is right now; 
let's do something to clean this up before it becomes a flag to wave 
for "competing" products ("Oh, Asterisk's API isn't secure!" is 
something I never want to hear.)  We've been sweeping the security 
issues around AMI under the rug for a while, but I'm getting pressure 
from enterprise clients that this needs to happen before they will go 
around exposing every single call on their Asterisk servers to the 
"wild Internet" between me and them.  It's a valid concern, and one 
that shouldn't be fixed with hacks like stunnel or ssh port 
forwarding - native encryption, secure-by-default is the way to go if 
this is to be adopted widely.

OK, so I've put forward the solution.  Someone other than me should 
test it.  I'd like to get this approved and in SVN TRUNK before the 
next freeze so it can be part of the distribution.  Please take a few 
moments away from Olle's gargantuan list of test cases and poke at 
this for a bit to see if you can find any flaws.  ;-)

http://bugs.digium.com/view.php?id=6812

JT