Hi Michael, It is not that Asterisk fails to handle SIP TLS certificates correctly, it is just not completely implemented.
Though this may be somewhat moot if many of the SIP clients don't support client certs anyway. I'm using Bria (iOS) and unless it is hidden, I don't see client cert support. I still think this is worth adding to the web interface, client certificate generation can be easily added down the road if needed, whatever the server/proxy is. Lonnie On Nov 12, 2012, at 12:49 PM, Michael Keuter wrote: > So IMHO it is not very efficient to waste effort on the TLS certificate > feature in Astlinux if Asterisk fails to handle it correct ATM. > Would it instead be interesting to think about a SIP proxy like e.g Repro? > (The additional requierements are not that big). > > Sent from my iPad > > Michael > > Am 12.11.2012 um 19:34 schrieb Lonnie Abelbeck <[email protected]>: > >> Clarification, regarding my earlier comment: >> >>> Edit: Ahhh, before sending this email, I confirmed that if the CA >>> CommonName is set to pbx2.priv.abelbeck.com (not the IP 10.10.50.61) and >>> then try to connect via 10.10.50.61 the TLS fails. I suppose that is a >>> hurdle by setting the CommonName to a DNS name rather than an IP address. >> >> The 'Server Certificate' (not CA as stated) CommonName or subjectAltName >> validity check is implemented on the client not the server (asterisk), so >> this feature does not add a hurdle for the evil doers. >> >> Lonnie >> ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
