So IMHO it is not very efficient to waste effort on the TLS certificate feature in Astlinux if Asterisk fails to handle it correct ATM. Would it instead be interesting to think about a SIP proxy like e.g Repro? (The additional requierements are not that big).
Sent from my iPad Michael Am 12.11.2012 um 19:34 schrieb Lonnie Abelbeck <[email protected]>: > Clarification, regarding my earlier comment: > >> Edit: Ahhh, before sending this email, I confirmed that if the CA CommonName >> is set to pbx2.priv.abelbeck.com (not the IP 10.10.50.61) and then try to >> connect via 10.10.50.61 the TLS fails. I suppose that is a hurdle by >> setting the CommonName to a DNS name rather than an IP address. > > The 'Server Certificate' (not CA as stated) CommonName or subjectAltName > validity check is implemented on the client not the server (asterisk), so > this feature does not add a hurdle for the evil doers. > > Lonnie > ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
