Bug 407919

Summary:	net-misc/asterisk TLS certificate chains not supported
Product:	Gentoo Linux	Reporter:	Matthias Nagl <gentoobugs>
Component:	[OLD] Server	Assignee:	Gentoo Linux bug wranglers <bug-wranglers>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Patch from ASTERISK-17727 for asterisk-10.1.3

Description Matthias Nagl 2012-03-12 12:59:12 UTC

Asterisk up to the newest version (currently 10.1.3) has an unresolved bug that prevents the support of certificate chains as used by many CAs (e.g. StartSSL).
There is a working fix from the upstream bug tracker that should be included into the patchset until upstream applies it to its tree:
https://issues.asterisk.org/jira/browse/ASTERISK-17727
The patch works for Asterisk 10.1.3.

Reproducible: Always

Steps to Reproduce:
1. Setup StartSSL certificate chain
2. Test certificate with openssl s_client -CApath /etc/ssl/certs -showcerts -connect example.com:5061
Actual Results:  
Verify return code: 21 (unable to verify the first certificate)

Expected Results:  
Verify return code: 0 (ok)

Comment 1 Matthias Nagl 2012-03-12 13:00:33 UTC

Created attachment 304985 [details, diff]
Patch from ASTERISK-17727 for asterisk-10.1.3

see
https://issues.asterisk.org/jira/browse/ASTERISK-17727
for details

Comment 2 Tony Vroon (RETIRED) gentoo-dev

2012-03-13 11:50:52 UTC

+*asterisk-10.2.0 (13 Mar 2012)
+
+  13 Mar 2012; Tony Vroon <chainsaw@gentoo.org> +asterisk-10.2.0.ebuild:
+  Add correct divisor to trunk frequency for IAX2 channels, from an upstream
+  commit by seanbright. Chained certificate support & correct handling of
+  non-blocking I/O for TLS/SSL, as reported by Matthias Nagl in bugs #407781 &
+  #407919. Upstream has fixed the port number in outbound SIP NOTIFY packets,
+  included iLBC, fixed the caller ID in originated calls and stopped UDPTL from
+  being created unneccesarily. Also the SIP timer should no longer be stopped
+  prematurely.