Doug Lytle <supp...@drdos.info> writes:

> For a while now, I've had a small home Asterisk setup to connect to my
> Zimbra mail server's calendar.  Making an entry on the calendar would
> cause Asterisk to schedule a wakeup call at the time of the calendar
> entry.
>
> The Zimbra mail server uses LetsEncrypt for the SSL Certs and renews
> every 60 days.  On the Asterisk side of things, if I do not restart
> the Asterisk process, the logs get spammed with the below and the
> wakeup call never occurs:
>
> [Dec 24 07:48:46] WARNING[10679] res_calendar_caldav.c: Unknown
> response to CalDAV calendar calendar.name.here, request REPORT to
> /dav/username/Calendar: Server certificate changed: connection
> intercepted?
>
> Would this be considered a bug, or do I have something setup incorrectly?
>
> Asterisk version: 13.29.2
> OS: Debian GNU/Linux 7.11 (wheezy)
> Zimbra OSE 8.8.11 P4

My guess is bug.

Generally, one validates server certificates starting from a list of
acceptable configured CA certificates, called trust anchors.

Perhaps because people often used to use self-signed certicates (before
Let's Encrypt), and perhaps because of general paranoia (not a bad
thing), there is a notion of certificate pinning.

However, it strikes me that if implemented, the pinning would be
persistent.

https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning

Have you done anything in the asterisk config to control certificate
validation?

I would suggest reading the res_calendar_caldav sources to see if there
is some attempt to store certificates and compare.

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
      https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to