Author: sgriepentrog Date: Fri Oct 31 11:40:17 2014 New Revision: 426930 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=426930 Log: pjsip: clarify tls cert and key file usage
A question arose as to whether a .pem file could be provided in place of the .crt and .key files in a PJSIP TLS configuration. I tested this and discovered that although a cert will be read from the pem file, a key will not, and thus the priv_key_file entry is still required. This update to the fine documentation clarifies the option usage. AST-1448 #close Review: https://reviewboard.asterisk.org/r/4129/ Reported by: John Bigelow ........ Merged revisions 426928 from http://svn.asterisk.org/svn/asterisk/branches/12 Modified: branches/13/ (props changed) branches/13/configs/samples/pjsip.conf.sample branches/13/res/res_pjsip.c Propchange: branches/13/ ------------------------------------------------------------------------------ Binary property 'branch-12-merged' - no diff available. Modified: branches/13/configs/samples/pjsip.conf.sample URL: http://svnview.digium.com/svn/asterisk/branches/13/configs/samples/pjsip.conf.sample?view=diff&rev=426930&r1=426929&r2=426930 ============================================================================== --- branches/13/configs/samples/pjsip.conf.sample (original) +++ branches/13/configs/samples/pjsip.conf.sample Fri Oct 31 11:40:17 2014 @@ -747,7 +747,10 @@ ; "") ;ca_list_file= ; File containing a list of certificates to read TLS ONLY ; (default: "") -;cert_file= ; Certificate file for endpoint TLS ONLY (default: "") +;cert_file= ; Certificate file for endpoint TLS ONLY + ; Will read .crt or .pem file but only uses cert, + ; a .key file must be specified via priv_key_file + ; (default: "") ;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "") ;domain= ; Domain the transport comes from (default: "") ;external_media_address= ; External IP address to use in RTP handling Modified: branches/13/res/res_pjsip.c URL: http://svnview.digium.com/svn/asterisk/branches/13/res/res_pjsip.c?view=diff&rev=426930&r1=426929&r2=426930 ============================================================================== --- branches/13/res/res_pjsip.c (original) +++ branches/13/res/res_pjsip.c Fri Oct 31 11:40:17 2014 @@ -817,6 +817,12 @@ </configOption> <configOption name="cert_file"> <synopsis>Certificate file for endpoint (TLS ONLY)</synopsis> + <description><para> + A path to a .crt or .pem file can be provided. However, only + the certificate is read from the file, not the private key. + The <literal>priv_key_file</literal> option must supply a + matching key file. + </para></description> </configOption> <configOption name="cipher"> <synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis> -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
