Ticket #1083 (new defect)

Opened 7 years ago

Last modified 7 years ago

The design of the SIP TLS transport may not allow multiple certificates to be loaded

Reported by: bennylp Owned by: bennylp
Priority: normal Milestone: Known-Issues-and-Ideas
Component: pjsip Version: trunk
Keywords: sipit26 Cc:
Backport to 1.x milestone: Backported:

Description

Since normally we only need to instantiate one TLS listener in the library, this means we can only load one certificate suite to the stack (suite means CA and client cert) at any given time. This would limit the ability of the client to connect to multiple TLS servers (e.g. multiple accounts).

However, there may be a workaround. Application could instantiate multiple TLS listeners, each with its own certificate, and then bind or lock each PJSUA-LIB account to a specific listener by using pjsua_acc_set_transport(). This way, (outgoing) requests sent on behalf of that account will be sent using the correct listener, hence the correct TLS certificate/settings. This setup is rarely tested though.

Change History

comment:1 Changed 7 years ago by bennylp

  • Keywords sipit26 added
Note: See TracTickets for help on using tickets.