[asterisk-dev] res_calendar and self signed certs

Andrew Latham lathama at gmail.com
Mon Jan 17 10:46:46 CST 2011


On Mon, Jan 17, 2011 at 1:23 PM, --[ UxBoD ]-- <uxbod at splatnix.net> wrote:
> Hello all,
>
> I have an idea for a potential feature request and looking for guidance on how it could be implemented.
>
> This was tested using Asterisk 1.8.2 with res_calendar pointing at a Zimbra server.
>
> When a HTTPS URL points to a server with a self signed cert one receives the following error message:
>
> [Jan 17 09:23:35] WARNING[27663]: res_calendar_icalendar.c:146
> fetch_icalendar: Unable to retrieve iCalendar 'testcal' from
> 'https://office.test.net/home/teamshare@test.net/Calendar/': Server
> certificate verification failed: issuer is not trusted
>
> I believe that if an additional option was added to calendar.conf eg:
>
> [testcal]
> type = ical
> url =    ; URL to shared calendar (Zimbra example)
> user =   ; web username
> secret = ; web password
> cert   = ; path to cert CA
>
> the CA could then be loaded using:
>
> void ne_ssl_trust_cert (ne_session *session, const ne_ssl_certificate
> *cert);
>
> as in example code from
> http://linux.die.net/man/3/ne_ssl_trust_default_ca
>
> I believe it is a trivial change and I would be willing to have a code at making the changes and testing with some help.
>
> Thoughts ?
> --
> Thanks, Phil


Stupid idea to add to you context.  With the expansion of the TLS /
SSL adpotion, is there a need for a TLS / SSL configuraion with
context?  eg...  do we need a tls.conf with contexts so that ITSP
level SIP calls can have many self signed certs?  I can see the need
for many configurations to need many certs and even overlap.

~~~ Andrew "lathama" Latham lathama at gmail.com ~~~



More information about the asterisk-dev mailing list