Asterisk up to the newest version (currently 10.1.3) has an unresolved bug that prevents the support of certificate chains as used by many CAs (e.g. StartSSL). There is a working fix from the upstream bug tracker that should be included into the patchset until upstream applies it to its tree: https://issues.asterisk.org/jira/browse/ASTERISK-17727 The patch works for Asterisk 10.1.3. Reproducible: Always Steps to Reproduce: 1. Setup StartSSL certificate chain 2. Test certificate with openssl s_client -CApath /etc/ssl/certs -showcerts -connect example.com:5061 Actual Results: Verify return code: 21 (unable to verify the first certificate) Expected Results: Verify return code: 0 (ok)
Created attachment 304985 [details, diff] Patch from ASTERISK-17727 for asterisk-10.1.3 see https://issues.asterisk.org/jira/browse/ASTERISK-17727 for details
+*asterisk-10.2.0 (13 Mar 2012) + + 13 Mar 2012; Tony Vroon <chainsaw@gentoo.org> +asterisk-10.2.0.ebuild: + Add correct divisor to trunk frequency for IAX2 channels, from an upstream + commit by seanbright. Chained certificate support & correct handling of + non-blocking I/O for TLS/SSL, as reported by Matthias Nagl in bugs #407781 & + #407919. Upstream has fixed the port number in outbound SIP NOTIFY packets, + included iLBC, fixed the caller ID in originated calls and stopped UDPTL from + being created unneccesarily. Also the SIP timer should no longer be stopped + prematurely.