| Summary: | ASTERISK-28078: pjsip: Missing support for TLS CRL | ||
| Reporter: | Giuseppe Ravasio (gravasio) | Labels: | pjsip |
| Date Opened: | 2018-09-27 04:16:52 | Date Closed: | |
| Priority: | Major | Regression? | |
| Status: | Open/New | Components: | pjproject/pjsip Resources/res_pjsip |
| Versions: | 13.22.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Sangoma Freepbx | Attachments: | |
| Description: | Hi,
I'm using asterisk with a bundled pjsip version 2.7.2 but checked the docs and there seems to be the same problem with pjsip 2.8 series. I'm using a TLS transport with client certificate authentication in pjsip: verify_client=yes require_client_cert=yes It's working flawlessly except for the fact that the system doesn't honor the CRL declared in the certificates and it doesn't even allow to specify a CRL file to check certificates validity. I think that this is a crucial feature for everyone that wants to use client certificate authentication, because otherwise there is no way to invalidate a stolen certificate. if this authentication would be fully implemented many people could switch from VoIP vpns to this type of security. I know that this is more a pjsip problem and I'm also writing to their ML. | ||
| Comments: | By: Asterisk Team (asteriskteam) 2018-09-27 04:16:54.624-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. | ||