[asterisk-dev] [Code Review]: Get tlsverifyclient closer to working and prevent unsupported options from being set

opticron reviewboard at asterisk.org
Thu Mar 14 14:18:56 CDT 2013 


> On March 14, 2013, 8:17 a.m., Joshua Colp wrote:
> > branches/1.8/channels/chan_sip.c, line 28882
> > <https://reviewboard.asterisk.org/r/2370/diff/1/?file=33878#file33878line28882>
> >
> >     In the case of chan_sip I'd like this to output a warning message so the user is aware that the option is not supported/isn't being obeyed.

Added.


- opticron


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2370/#review8034
-----------------------------------------------------------


On March 6, 2013, 12:14 p.m., opticron wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2370/
> -----------------------------------------------------------
> 
> (Updated March 6, 2013, 12:14 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> AMI, HTTP, and chan_sip all support TLS in some way, but none of them support all the options that Asterisk's TLS core is capable of interpreting.  This prevents consumers of the TLS/SSL layer from setting TLS/SSL options that they do not support.
> 
> This also gets tlsverifyclient closer to a working state by requesting the client certificate when tlsverifyclient is set.  Currently, there is no consumer of main/tcptls.c in Asterisk that supports this feature and so it can not be properly tested.
> 
> 
> This addresses bug AST-1093.
>     https://issues.asterisk.org/jira/browse/AST-1093
> 
> 
> Diffs
> -----
> 
>   branches/1.8/channels/chan_sip.c 383038 
>   branches/1.8/main/http.c 383038 
>   branches/1.8/main/manager.c 383038 
>   branches/1.8/main/tcptls.c 383038 
> 
> Diff: https://reviewboard.asterisk.org/r/2370/diff
> 
> 
> Testing
> -------
> 
> Ensured chan_sip would ignore tlsverifyclient.
> 
> 
> Thanks,
> 
> opticron
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130314/ac3dd215/attachment.htm>

More information about the asterisk-dev mailing list