[asterisk-dev] [Code Review] 3647: Enable Forward Secrecy (PFS) in TLS
Alexander Traud
reviewboard at asterisk.org
Fri Jun 20 04:19:37 CDT 2014
> On June 19, 2014, 2:13 p.m., Matt Jordan wrote:
> > branches/12/main/tcptls.c, lines 435-447
> > <https://reviewboard.asterisk.org/r/3647/diff/1/?file=59799#file59799line435>
> >
> > Given how tricky it is to set up TLS support, I'd go ahead and add an off nominal handler for BIO_new_file here. Something like:
> >
> > if (bio != NULL) {
> > ...
> > } else {
> > ast_log(LOG_WARNING, "Failed to open private key file %s: %s(%d)\n", cfg->pvtfile, strerror(errno), errno);
> > }
The private file was already opened (and used) some lines above. I am just re-using the reference.
The idea of this patch is to fail silently, when there are no DH parameters because those affect performance. Or stated differently, DH parameters are optional. Only administrators (who care) should enable it (and see success). Furthermore in Asterisk 12 chan_sip, the private file itself is optional. This is a bit different to pjsip were the TLS private file is mandatory.
- Alexander
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3647/#review12192
-----------------------------------------------------------
On June 19, 2014, 2:34 p.m., Alexander Traud wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/3647/
> -----------------------------------------------------------
>
> (Updated June 19, 2014, 2:34 p.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: ASTERISK-23905
> https://issues.asterisk.org/jira/browse/ASTERISK-23905
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> see Bugs
>
>
> Diffs
> -----
>
> trunk/main/tcptls.c 416071
>
> Diff: https://reviewboard.asterisk.org/r/3647/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Alexander Traud
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20140620/05dc9ba9/attachment-0001.html>
More information about the asterisk-dev
mailing list