diff options
author | Scott Griepentrog <sgriepentrog@digium.com> | 2014-10-31 16:41:06 +0000 |
---|---|---|
committer | Scott Griepentrog <sgriepentrog@digium.com> | 2014-10-31 16:41:06 +0000 |
commit | 28173ddf05a72a573524e3ce16fea85305aad20d (patch) | |
tree | ec93843a93b4aef232856046992eb67cfbd10a02 | |
parent | f59db388a746960c781ea35c7d6c4184b93b9e24 (diff) |
pjsip: clarify tls cert and key file usage
A question arose as to whether a .pem file
could be provided in place of the .crt and
.key files in a PJSIP TLS configuration. I
tested this and discovered that although a
cert will be read from the pem file, a key
will not, and thus the priv_key_file entry
is still required. This update to the fine
documentation clarifies the option usage.
AST-1448 #close
Review: https://reviewboard.asterisk.org/r/4129/
Reported by: John Bigelow
........
Merged revisions 426928 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 426930 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@426932 65c4cc65-6c06-0410-ace0-fbb531ad65f3
-rw-r--r-- | configs/samples/pjsip.conf.sample | 5 | ||||
-rw-r--r-- | res/res_pjsip.c | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/configs/samples/pjsip.conf.sample b/configs/samples/pjsip.conf.sample index 830561671..d6932e38c 100644 --- a/configs/samples/pjsip.conf.sample +++ b/configs/samples/pjsip.conf.sample @@ -747,7 +747,10 @@ ; "") ;ca_list_file= ; File containing a list of certificates to read TLS ONLY ; (default: "") -;cert_file= ; Certificate file for endpoint TLS ONLY (default: "") +;cert_file= ; Certificate file for endpoint TLS ONLY + ; Will read .crt or .pem file but only uses cert, + ; a .key file must be specified via priv_key_file + ; (default: "") ;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "") ;domain= ; Domain the transport comes from (default: "") ;external_media_address= ; External IP address to use in RTP handling diff --git a/res/res_pjsip.c b/res/res_pjsip.c index 7be8ff81e..b350b7b77 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -821,6 +821,12 @@ </configOption> <configOption name="cert_file"> <synopsis>Certificate file for endpoint (TLS ONLY)</synopsis> + <description><para> + A path to a .crt or .pem file can be provided. However, only + the certificate is read from the file, not the private key. + The <literal>priv_key_file</literal> option must supply a + matching key file. + </para></description> </configOption> <configOption name="cipher"> <synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis> |