Asterisk TLS Mutual Handshake

I am trying to enable mutual TLS handshake in asterisk 1.8 SVN release 360138, I already enabled TLS but in Normal mode where only the Server is authenticated and the client is authenticated through the classic SIP http md5 authentication. I am trying to enable mutual certificate authentication for both the client and the server.

I searched on the internet and i found that exist a comand like:
tlsverifyclient=yes or
tls_verify_client=yes or
AST_SSL_VERIFY_CLIENT=1

also from the web page

svn.dd-wrt.com:8000/browser/src/ … ?rev=17004

seeing the source code i can see at 167 and 168 line that th AST_SSL_VERIFY_CLIENT parameter is checked

also at 173 line i see the error message i receive in my CLI console ‘No peer SSL certificate’

also i tried tlscapath=</path/to/ca/dir> command where i installed in one folder all the pem certificates and i run the commant c_rehash . to create their hash name.
still no matter if i tried all the possible combinations i cannot achieve to make it work.
always when the firts client tries to registrate the CLI console says:
– Unregistered SIP ‘201’
[Jun 15 00:19:16] WARNING[27245]: tcptls.c:186 handle_tcptls_connection: No peer SSL certificate

any kind of help will be highly appreciated!
any ideas???

1 Like