asterisk users - Jun 2014 - Asterisk 11.10.2 update breaks snom TLS transport

Hey all,

I've recently updated an Asterisk installation to 11.10.2 (from the 
Gentoo packaged build), and the update has (seemingly) broken TLS 
transport for snom phones (I could reproduce on snom 3x0 and 7x0 with 
8.4.3x and 8.7.x.y firmwares). What happens is that the registration to 
the PBX is successful, and inbound calls work normally (i.e., when the 
phone is being signalled that a call is coming in), but dispatching a 
call from the snom phone to the PBX makes the TLS transport "hang" 
(i.e., the PBX doesn't see any more TLS packets from the phone, and 
OPTIONS is no longer replied to). The phone then kills the TLS channel 
after a while (probably times it out) and Asterisk marks the phone as 
unreachable due to QUALIFY, and after some time (roundabout two minutes) 
the phone reconnects the TLS channel and is reachable again. I couldn't 
reproduce this behaviour with other phones (i.e., Gigaset devices which 
I also use with TLS transport).

Is this a known regression, and generally: how can I help diagnose this 
problem further for opening a bug-report, besides the description given 
above? Has anyone else encountered this and found another workaround 
besides switching to TCP/UDP-transport for the phones?

Thanks for any hints in advance!

-- 
--- Heiko Wundram.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 30.06.2014 11:55, schrieb Heiko Wundram:
> Is this a known regression, and generally: how can I help diagnose
> this problem further for opening a bug-report, besides the
> description given above? Has anyone else encountered this and found
> another workaround besides switching to TCP/UDP-transport for the
> phones?
To answer my own question: applying the (latest) patch from
https://issues.asterisk.org/jira/browse/ASTERISK-18345 fixes the
issues with snom phones that I was seeing, but for me only starting
with 11.10.2, earlier releases like those posting in that bug didn't
have the problem I described.

As I haven't looked through the additional implications of that patch
applying to current Asterisk releases, is anybody willing to comment
on whether that patch is safe to apply in production environments?

- -- 
- --- Heiko.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTsb7lAAoJEDMqpHf921/Sb1oH/j5Xbu6n2OC1WHy1ecVaT65S
Q2AKraCMnAj8IOA0yu+3X41PN5mJnLvuGBFN3BZDFpnrgi3t09MCV3oaZbJ0xrb3
Mfy7EEcoQZMaJDEZK7VY1hR8HZOU22Jg+be0+XIParvUTTprNnyKDgQaum0QFR9x
2ZiKIJyD2g4YdqIu8p/vLK8Jxb22b3aG+Pzu3qfHxVBbVWKB1+yk16YAWOU9mGCW
7leIpi7tN4j3eEU9NoVg/K6cmrP/Lh0iaPesmXD1i710+czcfg4hz/mNOOlYH/5U
iXnoKBGKgltZvsEEAfpOhiDX85moguGjN3zadK0gkSbZDaAv5gQQk1etHTd6VGc=HhP6
-----END PGP SIGNATURE-----