TCP/TLS Support Patch for Asterisk 1.2.10 Released!
This patch allows a SIP client that supports TCP and TLS to connect to an Asterisk Open Source SoftPBX server. This is to allows clients to have a secure signaling path to the server. This feature, together with SRTP, will provide secure voice communications with Asterisk.
I grabbed that latest Asterisk TCP/TLS support patch from the Digium Mantis Bug tracker and updated it against the latest Digium Asterisk SVN trunk. You can download the patch from here. The patch is ready for more testing. The more people who test this patch on their system would increase the chances of this patch being merged into the main Asterisk source tree.
Happy testing!
August 23rd, 2006 at 2:44 pm
I fixed the patch and merged it into the current Asterisk SVN trunk. The changes were pretty messy. Thankfully that is done. The patch can be download from here. I have tested this patch with UDP clients already. So, at least, existing UDP functionality is ok. Now, I just have to finish the download of the X-lite TCP/TLS client for testing.
January 19th, 2007 at 5:05 am
hello
i fixed the patch.but i don’t know how can i test tls for asterisk.please help me for testing tls on asterisk.
thanks
January 19th, 2007 at 7:54 am
great! can you email me the patch to check? for TLS support, you need to configure the certificates on the server side. the instructions are in the digium bug tracker (the files that need to be replaced are in the chan_sip.c file.
for the client side, make sure that the client certificate is signed by a authorized root certificate authority. if not just sign is using the same root authority that signed the server certificate.
good luck!
January 20th, 2007 at 7:33 am
hi
thanks for reply.
i m using asterisk-1[1].2.10-20060821-tcp file downloaded from http://bugs.digium.com/view.php?id=4903. i have successfully test tcp but still i m not successful to test tls. please guide me how can i generate self signed certificate for asterisk and which client should i use for testing tls. actually i found in patch file that servercert.pem,serverkey.pem,dh1024.pem file is needed for asterisk for tls. so what should i do.
reply soon .
very urgent.
thanks.
January 20th, 2007 at 3:13 pm
self generating an SSL certificate for asterisk? just use openssl to generate the certificate for the server. put the certificate file, private key on the directory (and the filename) specified in the chan_sip.c. also check out the digium bug tracker for more information on installation.
January 20th, 2007 at 3:14 pm
oh yes. you can use the eyebeam client to test TLS.
January 29th, 2007 at 5:29 am
hi
sorry for late reply.
i have successfully test tls for asterisk with eyebeam client.now i want to add srtp support for asterisk. what should i do?
bye.
January 29th, 2007 at 6:21 am
SRTP? i believe somebody did that already… http://www.e164.org/wiki/AsteriskSRTP
January 29th, 2007 at 6:38 am
hi
i have seen http://www.e164.org/wiki/AsteriskSRTP but this is for asterisk securertp-trunk branch but i want srtp for asterisk-1.2.10 because i did tls for this.
thanks
February 23rd, 2007 at 9:02 am
Hi,
I installed Asterisk 1.2.13 with the TCP patch, it works fine with EyeBEAM 1.5 SIP-TCP signaling registration.
I would like to test the SIP-TLS betweem EyeBeam and Asterisk 1.2.13.
The http://bugs.digium.com/view.php?id=4903. patch would not be able to patch - 1.2.13. I received error 1 out of 1.
Can some one please point where and how to:
1. Export the certificate from MS-IAS server to .pem
2. How to install or apply .pem to Fedora and config it
3. How to config Asterisk to accept the SIP-TLS
Very appreciate your inputs.
Thanks,
Tim
March 27th, 2007 at 4:15 am
Hi,
I am using asterisk 1.2.10 for tls also patched with asterisk-1.2.10-20060821-tcp.patch but when I tried to register grandstream/EyeBeam it is not able to understand ssl certificate. Can you please help me for that.
Thanks,
Rajeev
March 27th, 2007 at 4:25 am
the details of the certification configure are actually in the digium bug tracker site.