Closed lauriva closed 1 year ago
This issue also effects latest release 2.12.1 The first effected commit is 67e46c1ac4.
With some more investigation I found out that create_uas_dialog() stores remote IP address and port from transport (incoming connection) to dialog's initial destination, and thus TLS certificate validation fails when new connection is needed towards the caller. I think that in this scenario caller's contact should be used when creating new connection for the request.
Can this be the reason for FreePBX 16.0.21.18 / Asterisk 18.14.0 PJSIP errors such as:
ERROR[6320]: res_pjsip/pjsip_transport_events.c:160 verify_log_result: Transport 'xxxx-tls' to remote '1.2.3.4' - The server identity does not match to any identities specified in the certificate
And also why the BYEs attempting to be sent from FreePBX on TLS trunks are actually never received (as they are not sent)?
Describe the bug PJSIP uses IP address instead of hostname when creating TLS transport to the caller to send BYE.
To Reproduce Steps to reproduce the behavior:
/pjsua-x86_64-unknown-linux-gnu --use-tls --tls-ca-file=... --tls-cert-file=... --tls-privkey-file=... --tls-verify-server --contact="sip:sip.example.com:5063;transport=tls" --local-port=5062 --use-srtp=1
10:25:16.696 tlsc0x55d222827818 ....TLS transport 10.10.10.231:32837 is connecting to 10.10.10.131:5081...
Expected behavior Transport is created and certificate is validated using hostname
11:20:19.813 tlsc0x55c17d93aee8 ....TLS transport 10.10.10.231:37387 is connecting to origin.example.com:5081...
Desktop/Smartphone (please complete the following information):
Additional context Works with PJSIP 2.10
Logs/Screenshots Call trace from pjsua