Summary: | ASTERISK-19267: RSA key for TLS should not be stored in same file as cert | ||
Reporter: | Daniel Pocock (daniel.pocock) | Labels: | |
Date Opened: | 2012-01-29 12:36:01.000-0600 | Date Closed: | 2012-01-30 16:45:00.000-0600 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Channels/chan_sip/TCP-TLS |
Versions: | 1.8.9.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | all | Attachments: | |
Description: | - I believe the private key should be split into a separate PEM file, for extra security. - I like to see the extension .key on my key files, so it is obvious what they are, - and I like to have them accessible only to root - so Asterisk should load key files before dropping privileges - the crt file (without key) can then be world readable Why is this good? - it means that support staff without root privs can check on crt files, but not keys - it means monitoring software can find and scan the crts (to check expiry dates), without needing root privs | ||
Comments: | By: Matt Jordan (mjordan) 2012-01-30 16:44:46.053-0600 Features requests are no longer submitted to or accepted through the issue tracker. Features requests are openly discussed on the mailing lists [1] and Asterisk IRC channels and made note of by Bug Marshals. [1] http://www.asterisk.org/support/mailing-lists |