[asterisk-dev] [Code Review] Asterisk does not fail TCP/TLS SIP calls when certificate checking fails

opticron reviewboard at asterisk.org
Tue Oct 16 10:38:28 CDT 2012


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2163/
-----------------------------------------------------------

(Updated Oct. 16, 2012, 10:38 a.m.)


Review request for Asterisk Developers.


Changes
-------

Addressed jcolp's comments. 


Summary
-------

When calling using TCP/TLS with an invalid CA certificate for the key in use and tlsdontverifyserver is set to no, Asterisk produces the error message:
ERROR[16872]: tcptls.c:199 handle_tcptls_connection: Certificate did not verify: certificate signature failure

This should cause the call to fail, but it does not. The call instead completes successfully.  This patch corrects that behavior as well as avoids a segfault if the remote end does not provide a certificate at all.


This addresses bug ASTERISK-20559.
    https://issues.asterisk.org/jira/browse/ASTERISK-20559


Diffs (updated)
-----

  trunk/main/tcptls.c 375023 

Diff: https://reviewboard.asterisk.org/r/2163/diff


Testing
-------

Ensured that the TCP/TLS call failed when expected and succeeded when expected.


Thanks,

opticron

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20121016/26aa236a/attachment.htm>


More information about the asterisk-dev mailing list