asterisk users - Dec 2016 - TLS certificate warnings in softphone, but not until after successful registration and call placed ?

Hello,

I am using asterisk 14.2 and PJSIP,  with TLS transport.

I?m sure I?m doing something wrong here .. 


In 2 distinct softphone clients (Bria and Groundwire),  I am able to register
successfully,  and place a SIP call, with no certificate warnings. But shortly
after I place that first call and hang up,  I receive a certificate name
mismatch error in the softphone,  the error presenting me with the *IP adddress*
of my Asterisk server,  not the hostname, and of course the TLS certificates
only have the hostname, not the IP, and I have configured the soft phone to use
the hostname, not the IP, to connect.


I?m guessing there is some currently unset hostname setting within
asterisk/pjsip that is defaulting to sending the IP in the sip messages,  and
then when the soft phone tries to make a new tls sip connection to asterisk, 
perhaps to signal to asterisk that the call is complete,  it then connects to
the IP instead of the hostname, and the mismatch occurs ?


Any help appreciated,

Thanks,

-Kevin

On Fri, Dec 30, 2016, at 05:04 AM, Kevin Long wrote:
> 
> 
> Hello,
> 
> I am using asterisk 14.2 and PJSIP,  with TLS transport.
> 
> I?m sure I?m doing something wrong here .. 
> 
> 
> In 2 distinct softphone clients (Bria and Groundwire),  I am able to
> register successfully,  and place a SIP call, with no certificate
> warnings. But shortly after I place that first call and hang up,  I
> receive a certificate name mismatch error in the softphone,  the error
> presenting me with the *IP adddress* of my Asterisk server,  not the
> hostname, and of course the TLS certificates only have the hostname, not
> the IP, and I have configured the soft phone to use the hostname, not the
> IP, to connect.
> 
> 
> I?m guessing there is some currently unset hostname setting within
> asterisk/pjsip that is defaulting to sending the IP in the sip messages, 
> and then when the soft phone tries to make a new tls sip connection to
> asterisk,  perhaps to signal to asterisk that the call is complete,  it
> then connects to the IP instead of the hostname, and the mismatch occurs
> ?
This might be the Contact header. Right now there is no ability to
configure this to a hostname instead of an automatically determined IP
address.

-- 
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

On 03-01-17 19:06, Joshua Colp wrote:
> On Fri, Dec 30, 2016, at 05:04 AM, Kevin Long wrote:
>>
>>
>> Hello,
>>
>> I am using asterisk 14.2 and PJSIP,  with TLS transport.
>>
>> I?m sure I?m doing something wrong here ..
>>
>>
>> In 2 distinct softphone clients (Bria and Groundwire),  I am able to
>> register successfully,  and place a SIP call, with no certificate
>> warnings. But shortly after I place that first call and hang up,  I
>> receive a certificate name mismatch error in the softphone,  the error
>> presenting me with the *IP adddress* of my Asterisk server,  not the
>> hostname, and of course the TLS certificates only have the hostname,
not
>> the IP, and I have configured the soft phone to use the hostname, not
the
>> IP, to connect.
>>
>>
>> I?m guessing there is some currently unset hostname setting within
>> asterisk/pjsip that is defaulting to sending the IP in the sip
messages,
>> and then when the soft phone tries to make a new tls sip connection to
>> asterisk,  perhaps to signal to asterisk that the call is complete,  it
>> then connects to the IP instead of the hostname, and the mismatch
occurs
>> ?
>
> This might be the Contact header. Right now there is no ability to
> configure this to a hostname instead of an automatically determined IP
> address.
Thank you for your feedback Joshua. Does "right now" mean that this
will
be fixed in the (near) future? Should I file a Jira ticket?

Thanks,
Patrick