From: Scott Griepentrog Date: Fri, 31 Oct 2014 16:33:44 +0000 (+0000) Subject: pjsip: clarify tls cert and key file usage X-Git-Tag: 12.7.0-rc1~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a882afaeb6ff375697993a1396d5d61785032fe0;p=thirdparty%2Fasterisk.git pjsip: clarify tls cert and key file usage A question arose as to whether a .pem file could be provided in place of the .crt and .key files in a PJSIP TLS configuration. I tested this and discovered that although a cert will be read from the pem file, a key will not, and thus the priv_key_file entry is still required. This update to the fine documentation clarifies the option usage. AST-1448 #close Review: https://reviewboard.asterisk.org/r/4129/ Reported by: John Bigelow git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@426928 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/configs/pjsip.conf.sample b/configs/pjsip.conf.sample index c0523931c4..51cdf2eeb1 100644 --- a/configs/pjsip.conf.sample +++ b/configs/pjsip.conf.sample @@ -699,7 +699,10 @@ ; "") ;ca_list_file= ; File containing a list of certificates to read TLS ONLY ; (default: "") -;cert_file= ; Certificate file for endpoint TLS ONLY (default: "") +;cert_file= ; Certificate file for endpoint TLS ONLY + ; Will read .crt or .pem file but only uses cert, + ; a .key file must be specified via priv_key_file + ; (default: "") ;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "") ;domain= ; Domain the transport comes from (default: "") ;external_media_address= ; External IP address to use in RTP handling diff --git a/res/res_pjsip.c b/res/res_pjsip.c index b22219834d..25fda1d52a 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -817,6 +817,12 @@ Certificate file for endpoint (TLS ONLY) + + A path to a .crt or .pem file can be provided. However, only + the certificate is read from the file, not the private key. + The priv_key_file option must supply a + matching key file. + Preferred cryptography cipher names (TLS ONLY)