Hello,
(cross-posting as it impacts users as well)
Currently we generate and install the TLS self-signed certificates when
tls module is installed, including them in the debian packages (and I
guess in rpms).
Debian has a policy of reproducible builds, meaning that from same
source tree snapshot the same binary packages should result.
Even more important considering the impact on security, it would be
better that the certificates are generated locally on the installation
server, to be distinct. Right now, people relying on default
installation config/certificates (and I guess there are many, at least
in testing phase), are exposed to eavesdropping, because the private key
is available in public packages.
My proposal is to move generation of self signed certificates to kamctl.
There can be a kamctl.tls file to be deployed by the tls package (same
is done by kamctl.mysql, being part of mysql package), which should add
a new group of commands, among them something like:
kamctl tls generate-certificate
The drawback is that before enabling tls and starting kamailio, one has
to run the above command. We can document that in tls module readme and
in kamailio.cfg in the comments related to WITH_TLS define.
Anyone with comments, pros/cons?
Other suggestions on how to address the reproducible builds as well as
solve the security issue for the default installation?
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio -
http://www.asipto.com