[FREEPBX-20610] PJSIP TLS transport points to wrong certificate file - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 15, 16
Fix Version/s: 15, 16
Component/s: Asterisk SIP Settings
Labels:
None

ToDo:

Module Fix Version:
- 15.0.6.38
- 16.0.13

Description

I have used Certificate Manager to get a Letsencrypt certificate.

In Asterisk SIP Settings, I enable the PJSIP TLS transport and choose the certificate from the "Certificate Manager" dropdown.

In the pjsip.transports.conf file, these entries are added:

cert_file=/etc/asterisk/keys/MYHOSTNAME.pem
priv_key_file=/etc/asterisk/keys/MYHOSTNAME.key

However, the cert_file is invalid - it contains the key, which PJSIP rejects. Incoming connections are rejected with the following warning:

[2019-10-02 12:29:41] WARNING[15019]: pjproject: <?>: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0

PJSIP requires the certificate and chain here, without the key included, and this combination is found in the /etc/asterisk/keys/MYHOSTNAME/fullchain.pem file

Tested on Asterisk 16.2.1.

Gliffy Diagrams

Attachments

Issue Links

is cloned by

FREEPBX-22554 CLONE - PJSIP TLS transport points to wrong certificate file

Closed

Activity

People

Assignee:

Unassigned

Reporter:

Bill Simon

Votes:

5 Vote for this issue

Watchers:

13 Start watching this issue

Dates

Created:

02/Oct/19 4:51 PM

Updated:

14/Mar/22 9:56 AM

Resolved:

10/May/21 5:45 AM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.