[asterisk-dev] SSL encryption for Asterisk Manager Interface

[Johansson Olle E]

>
> Yes, this was my point, though I suppose I didn't word it clearly  
> enough.  I'd hope that the existing SSL patch doesn't get held up  
> waiting for Godot (or waiting for client certs, as the case may  
> be.) I would suggest that the Challenge: method is "good enough"  
> for the moment, but nothing precludes client certs from being used  
> in the future.  I just don't think this patch should be delayed on  
> inclusion to TRUNK because it is waiting for that theoretical code  
> to appear...
>
> Perhaps that wasn't even the base for Olle's comments, so I may be  
> mis-reading things.
You are, Kevin and I was discussing what we thought was needed and  
gave you feedback on that. We don't know what kind of
developers you have, nor do we know the amount of work needed to fix  
this feature request...

We also want to consider SSL support in Asterisk from a more generic  
point of view than only the manager interface. We don't want
to introduce code in a release that we need to change all over in a  
later release or get stuck with due to the requirement
on backwards compatibility.

The HTTP server, SIP and maybe FastAGI may at some point need SSL/TLS  
as well.

Don't take me wrong, I've been waiting for this for a long time. I've  
told every Asterisk student I had to be very
careful with AMI until we have TLS support in it.

>
>  (though it still needs to be tested, and that will delay it unless  
> some other people step up and patch their systems. There's even a  
> client app included for testing without writing your own client  
> tools!)

Test on!

/O