[asterisk-dev] [Code Review] Asterisk does not fail TCP/TLS SIP calls when certificate checking fails
opticron
reviewboard at asterisk.org
Tue Oct 16 10:38:28 CDT 2012
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2163/
-----------------------------------------------------------
(Updated Oct. 16, 2012, 10:38 a.m.)
Review request for Asterisk Developers.
Changes
-------
Addressed jcolp's comments.
Summary
-------
When calling using TCP/TLS with an invalid CA certificate for the key in use and tlsdontverifyserver is set to no, Asterisk produces the error message:
ERROR[16872]: tcptls.c:199 handle_tcptls_connection: Certificate did not verify: certificate signature failure
This should cause the call to fail, but it does not. The call instead completes successfully. This patch corrects that behavior as well as avoids a segfault if the remote end does not provide a certificate at all.
This addresses bug ASTERISK-20559.
https://issues.asterisk.org/jira/browse/ASTERISK-20559
Diffs (updated)
-----
trunk/main/tcptls.c 375023
Diff: https://reviewboard.asterisk.org/r/2163/diff
Testing
-------
Ensured that the TCP/TLS call failed when expected and succeeded when expected.
Thanks,
opticron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20121016/26aa236a/attachment.htm>
More information about the asterisk-dev
mailing list