[asterisk-dev] res_calendar and self signed certs

--[ UxBoD ]-- uxbod at splatnix.net
Wed Jan 19 09:43:45 CST 2011


----- Original Message -----
> >> Stupid idea to add to you context. With the expansion of the TLS /
> >> SSL adpotion, is there a need for a TLS / SSL configuraion with
> >> context? eg... do we need a tls.conf with contexts so that ITSP
> >> level SIP calls can have many self signed certs? I can see the need
> >> for many configurations to need many certs and even overlap.
> >>
> >> ~~~ Andrew "lathama" Latham lathama at gmail.com ~~~
> >
> > Sorry for such a stupid idea! Perhaps if there was a way for self
> > signed certs to be accepted out of the box then I would not have had
> > to have posted.
> >
> > Internally we run our own CA so all our systems; including Asterisk
> > are running with self signed certs. Having a central configuration
> > would be an excellent idea; though in the meantime will see if I can
> > patch this code.

No problem Andrew :) Yeah understand exactly where you are coming from though that type of C and internal Asterisk code knowledge is way beyond me :( I am guessing that it would be quite a major change as it affects so many elements within Asterisk; and by virtue of that would be quite a while before we would see it introduced ?

Unless all companies are using wildcard commercial certs then this will start to hit a lot of people as they begin to explore the functionality within Asterisk 1.8.  I appreciate that you could just switch to HTTP though for the security conscience companies who run secure connections between all internal servers it would not be a very good compromise.

Thoughts on how we could get the ball rolling ?
-- 
Thanks, Phil



More information about the asterisk-dev mailing list