[asterisk-dev] [Code Review] Get tlsverifyclient closer to working and prevent unsupported options from being set
opticron
reviewboard at asterisk.org
Thu Mar 14 14:18:36 CDT 2013
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2370/
-----------------------------------------------------------
(Updated March 14, 2013, 2:18 p.m.)
Review request for Asterisk Developers.
Changes
-------
Updated diff with warning from chan_sip.
Summary
-------
AMI, HTTP, and chan_sip all support TLS in some way, but none of them support all the options that Asterisk's TLS core is capable of interpreting. This prevents consumers of the TLS/SSL layer from setting TLS/SSL options that they do not support.
This also gets tlsverifyclient closer to a working state by requesting the client certificate when tlsverifyclient is set. Currently, there is no consumer of main/tcptls.c in Asterisk that supports this feature and so it can not be properly tested.
This addresses bug AST-1093.
https://issues.asterisk.org/jira/browse/AST-1093
Diffs (updated)
-----
branches/1.8/channels/chan_sip.c 383038
branches/1.8/main/http.c 383038
branches/1.8/main/manager.c 383038
branches/1.8/main/tcptls.c 383038
Diff: https://reviewboard.asterisk.org/r/2370/diff
Testing
-------
Ensured chan_sip would ignore tlsverifyclient.
Thanks,
opticron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130314/d9e65fa4/attachment-0001.htm>
More information about the asterisk-dev
mailing list