pjsip: clarify tls cert and key file usage
authorScott Griepentrog <sgriepentrog@digium.com>
Fri, 31 Oct 2014 16:41:06 +0000 (16:41 +0000)
committerScott Griepentrog <sgriepentrog@digium.com>
Fri, 31 Oct 2014 16:41:06 +0000 (16:41 +0000)
A question arose as to whether a .pem file
could be provided in place of the .crt and
.key files in a PJSIP TLS configuration. I
tested this and discovered that although a
cert will be read from the pem file, a key
will not, and thus the priv_key_file entry
is still required. This update to the fine
documentation clarifies the option usage.

AST-1448 #close
Review: https://reviewboard.asterisk.org/r/4129/
Reported by: John Bigelow
........

Merged revisions 426928 from http://svn.asterisk.org/svn/asterisk/branches/12
........

Merged revisions 426930 from http://svn.asterisk.org/svn/asterisk/branches/13

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@426932 65c4cc65-6c06-0410-ace0-fbb531ad65f3

configs/samples/pjsip.conf.sample
res/res_pjsip.c

index 8305616..d6932e3 100644 (file)
         ; "")
 ;ca_list_file=  ; File containing a list of certificates to read TLS ONLY
                 ; (default: "")
-;cert_file=     ; Certificate file for endpoint TLS ONLY (default: "")
+;cert_file=     ; Certificate file for endpoint TLS ONLY
+                ; Will read .crt or .pem file but only uses cert,
+                ; a .key file must be specified via priv_key_file
+                ; (default: "")
 ;cipher=        ; Preferred cryptography cipher names TLS ONLY (default: "")
 ;domain=        ; Domain the transport comes from (default: "")
 ;external_media_address=        ; External IP address to use in RTP handling
index 7be8ff8..b350b7b 100644 (file)
                                </configOption>
                                <configOption name="cert_file">
                                        <synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
+                                       <description><para>
+                                               A path to a .crt or .pem file can be provided.  However, only
+                                               the certificate is read from the file, not the private key.
+                                               The <literal>priv_key_file</literal> option must supply a
+                                               matching key file.
+                                       </para></description>
                                </configOption>
                                <configOption name="cipher">
                                        <synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis>