[Home]

Summary:ASTERISK-16959: [regression] sslbindport/tlsbindport in http.conf not working
Reporter:Olaf Holthausen (oholthau)Labels:
Date Opened:2010-11-15 07:45:55.000-0600Date Closed:2012-02-02 11:05:01.000-0600
Priority:MinorRegression?Yes
Status:Closed/CompleteComponents:Core/HTTP
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:Dear Sirs,

there should be a parameter sslbindport or tlsbindport to set the listening port for the https AMI interface.
The port setting seems to disappear on Revision 190940 while transfering the setting from http.c to tcptls.c.

Best regards
Olaf.
Comments:By: Leonardo Cardozo Vargas (lcvleo) 2010-11-17 10:05:38.000-0600

The same problem happens at manager.conf
If you enable tlsbindport parameter at manager.conf or http.conf, you can see an error message at logs telling us that this parameter is unknow.

By: Andrew Latham (lathama) 2010-11-17 17:07:24.000-0600

I am trouble shooting this at the moment.  I am having success with tlsbindaddr=192.168.1.2:4433 in http.conf

Manager is binding to 0.0.0.0:5039

By: Andrew Latham (lathama) 2010-11-17 17:13:47.000-0600

Just tested manager.conf

[general]
enabled = yes
webenabled = yes
port = 5038
bindaddr = 192.168.1.2
tlsenable=yes
tlsbindaddr=192.168.1.3
tlsbindport=5039
tlscertfile=/etc/asterisk/asterisk.pem
tlsprivatekey=/etc/asterisk/asterisk.pem

CLI> manager show settings

Global Settings:
----------------
 Manager (AMI):             Yes            
 Web Manager (AMI/HTTP):    Yes            
 TCP Bindaddress:           192.168.1.2:5038
 HTTP Timeout (minutes):    60            
 TLS Enable:                Yes            
 TLS Bindaddress:           192.168.1.2:5039
 TLS Certfile:              /etc/asterisk/a
 TLS Privatekey:            /etc/asterisk/a
 TLS Cipher:                              
 Allow multiple login:      Yes            
 Display connects:          Yes            
 Timestamp events:          Yes            
 Channel vars:                            
 Debug:                     No            
 Block sockets:             No    

You will also note that the output of the cert files is cut off... that is in the manager...

Asterisk SVN-branch-1.8-r295078



By: Leonardo Cardozo Vargas (lcvleo) 2010-11-18 04:34:04.000-0600

[Nov 18 08:30:12] NOTICE[10881] manager.c: Invalid keyword <tlsbindport> = <5039> in manager.conf [general]

Asterisk SVN-branch-1.8-r295361

By: Paul Belanger (pabelanger) 2010-11-18 08:38:24.000-0600

I've seen this locally too

By: Andrew Latham (lathama) 2010-11-18 08:48:26.000-0600

I did a quick look and tested many formats.  When reloading twice the configurations would be saved differently than when reloading once.  The tlsbindaddr needs the port appended in http.conf but is appears to be hard coded in manager

By: Andrew Latham (lathama) 2010-12-06 14:30:24.000-0600

From what I have seen in the code.  The settings should be standardized across all protocols.  I imagine that the configurations for IAX2 are the most advanced/correct.