[Asterisk-code-review] tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA)... (asterisk[master])

Alexander Traud asteriskteam at digium.com
Thu May 14 02:30:38 CDT 2015


Hello Richard Mudgett, Ashley Sanders,

I'd like you to reexamine a change.  Please visit

    https://gerrit.asterisk.org/431

to look at the new patch set (#5).

Change subject: tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket.
......................................................................

tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket.

When a client connects to a server via SSL/TLS, the server commonly utilizes an
RSA key-pair. However, other such algorithms exist (i.e. DSA and ECDSA), and if
the server socket is configured with a certificate for either one of those, it
would lose its compatibility with RSA-only clients.

Now, the server socket can be configured with up to one RSA, ECDSA and DSA key
each. For example, if a client is not compatible with SHA-2 hashed certificates
like Nokia mobile phones, the server socket still can use RSA/SHA-1 for legacy
clients and ECDSA/SHA-2 for everyone else.

ASTERISK-24815 #close
Reported by: Alexander Traud
patches:
  tls_rsa_ecc_dsa.patch uploaded by Alexander Traud (License 6520)

Change-Id: Iada5e00d326db5ef86e0af7069b4dfa1b979da9a
---
M configs/samples/pjsip.conf.sample
M configs/samples/sip.conf.sample
M main/tcptls.c
3 files changed, 40 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/31/431/5
-- 
To view, visit https://gerrit.asterisk.org/431
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iada5e00d326db5ef86e0af7069b4dfa1b979da9a
Gerrit-PatchSet: 5
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Ashley Sanders <asanders at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>



More information about the asterisk-code-review mailing list