Doug Lytle <supp...@drdos.info> writes: > For a while now, I've had a small home Asterisk setup to connect to my > Zimbra mail server's calendar. Making an entry on the calendar would > cause Asterisk to schedule a wakeup call at the time of the calendar > entry. > > The Zimbra mail server uses LetsEncrypt for the SSL Certs and renews > every 60 days. On the Asterisk side of things, if I do not restart > the Asterisk process, the logs get spammed with the below and the > wakeup call never occurs: > > [Dec 24 07:48:46] WARNING[10679] res_calendar_caldav.c: Unknown > response to CalDAV calendar calendar.name.here, request REPORT to > /dav/username/Calendar: Server certificate changed: connection > intercepted? > > Would this be considered a bug, or do I have something setup incorrectly? > > Asterisk version: 13.29.2 > OS: Debian GNU/Linux 7.11 (wheezy) > Zimbra OSE 8.8.11 P4
My guess is bug. Generally, one validates server certificates starting from a list of acceptable configured CA certificates, called trust anchors. Perhaps because people often used to use self-signed certicates (before Let's Encrypt), and perhaps because of general paranoia (not a bad thing), there is a notion of certificate pinning. However, it strikes me that if implemented, the pinning would be persistent. https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Have you done anything in the asterisk config to control certificate validation? I would suggest reading the res_calendar_caldav sources to see if there is some attempt to store certificates and compare. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
