[asterisk-dev] [Code Review] Asterisk does not fail TCP/TLS SIP calls when certificate checking fails
jcolp
reviewboard at asterisk.org
Wed Oct 17 13:31:19 CDT 2012
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2163/#review7293
-----------------------------------------------------------
Ship it!
- jcolp
On Oct. 16, 2012, 10:38 a.m., opticron wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2163/
> -----------------------------------------------------------
>
> (Updated Oct. 16, 2012, 10:38 a.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> When calling using TCP/TLS with an invalid CA certificate for the key in use and tlsdontverifyserver is set to no, Asterisk produces the error message:
> ERROR[16872]: tcptls.c:199 handle_tcptls_connection: Certificate did not verify: certificate signature failure
>
> This should cause the call to fail, but it does not. The call instead completes successfully. This patch corrects that behavior as well as avoids a segfault if the remote end does not provide a certificate at all.
>
>
> This addresses bug ASTERISK-20559.
> https://issues.asterisk.org/jira/browse/ASTERISK-20559
>
>
> Diffs
> -----
>
> trunk/main/tcptls.c 375023
>
> Diff: https://reviewboard.asterisk.org/r/2163/diff
>
>
> Testing
> -------
>
> Ensured that the TCP/TLS call failed when expected and succeeded when expected.
>
>
> Thanks,
>
> opticron
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20121017/909149ca/attachment.htm>
More information about the asterisk-dev
mailing list