kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-09 19:38:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

tcptls.c: Made TLS handle a certificate chain file.

Browse Source 
Thanks to Guillaume Martres for doing the necessary research to validate
the change.

(closes issue ASTERISK-17727)
Reported by: LN
Patches:
      use_certificate_chain.patch (license #5864) patch uploaded by st
      documente_certificate_chain.patch (license #6576) patch uploaded by Guillaume Martres
........

Merged revisions 407272 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@407273 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Richard Mudgett
2014-02-04 17:58:17 +00:00
parent 65e9857f09
commit 62727f2e00
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
configs/sip.conf.sample
View File

@@ -526,8 +526,10 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls
; ;
;------------------------ TLS settings ------------------------------------------------------------ ;------------------------ TLS settings ------------------------------------------------------------
;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections ;tlscertfile=</path/to/certificate.pem> ; Certificate chain (*.pem format only) to use for TLS connections
; default is to look for "asterisk.pem" in current directory ; The certificates must be sorted starting with the subject's certificate
; and followed by intermediate CA certificates if applicable.
; Default is to look for "asterisk.pem" in current directory
;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections. ;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections.
; If no tlsprivatekey is specified, tlscertfile is searched for ; If no tlsprivatekey is specified, tlscertfile is searched for

2
main/tcptls.c
View File

@@ -393,7 +393,7 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
if (!ast_strlen_zero(cfg->certfile)) { if (!ast_strlen_zero(cfg->certfile)) {
char *tmpprivate = ast_strlen_zero(cfg->pvtfile) ? cfg->certfile : cfg->pvtfile; char *tmpprivate = ast_strlen_zero(cfg->pvtfile) ? cfg->certfile : cfg->pvtfile;
if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0) { if (SSL_CTX_use_certificate_chain_file(cfg->ssl_ctx, cfg->certfile) == 0) {
if (!client) { if (!client) {
/* Clients don't need a certificate, but if its setup we can use it */ /* Clients don't need a certificate, but if its setup we can use it */
ast_verb(0, "SSL error loading cert file. <%s>\n", cfg->certfile); ast_verb(0, "SSL error loading cert file. <%s>\n", cfg->certfile);