-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 16
-
Fix Version/s: None
-
Component/s: Asterisk SIP Settings
-
Labels:None
-
ToDo:
-
Asterisk Version:16.17.0
-
Distro Version:FreePBX 15.0.17.34
-
Distro:FreePBX Distro
Since the last update of Asterisk PJSIP no longer answers properly to TLS requests with Let's Encrypt certificates. The same certificate works flawlessly within Apache on the same system. It seems the certificate chain is missing and thus verification fails:
$ openssl s_client -connect voip.XXXX.de:5061
Certificate chain
0 s:CN = voip.XXXX.de
i:C = US, O = Let's Encrypt, CN = R3
...
Verify return code: 21 (unable to verify the first certificate)
In comparison connection to the web server on the same system:
$ openssl s_client -connect voip.XXXX.de:443
Certificate chain
0 s:CN = voip.egofm.de
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
3 s:O = Digital Signature Trust Co., CN = DST Root CA X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
...
Verify return code: 0 (ok)
Most probably this is a bug in chan_pjsip.
- clones
-
FREEPBX-22554
CLONE - PJSIP TLS transport points to wrong certificate file
-
- Closed
-
