[asterisk-dev] [Code Review] Asterisk does not fail TCP/TLS SIP calls when certificate checking fails

opticron reviewboard at asterisk.org
Mon Oct 15 08:54:01 CDT 2012


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2163/
-----------------------------------------------------------

Review request for Asterisk Developers.


Summary
-------

When calling using TCP/TLS with an invalid CA certificate for the key in use and tlsdontverifyserver is set to no, Asterisk produces the error message:
ERROR[16872]: tcptls.c:199 handle_tcptls_connection: Certificate did not verify: certificate signature failure

This should cause the call to fail, but it does not. The call instead completes successfully.  This patch corrects that behavior as well as avoids a segfault if the remote end does not provide a certificate at all.


This addresses bug ASTERISK-20559.
    https://issues.asterisk.org/jira/browse/ASTERISK-20559


Diffs
-----

  trunk/main/tcptls.c 374904 

Diff: https://reviewboard.asterisk.org/r/2163/diff


Testing
-------

Ensured that the TCP/TLS call failed when expected and succeeded when expected.


Thanks,

opticron

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20121015/e5c8bdeb/attachment.htm>


More information about the asterisk-dev mailing list