[asterisk-bugs] [Asterisk 0019147]: SIP TLS certificates should be verified according to RFC 5922

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Apr 19 13:05:24 CDT 2011 

The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=19147 
====================================================================== 
Reported By:                twilson
Assigned To:                twilson
====================================================================== 
Project:                    Asterisk
Issue ID:                   19147
Category:                   Channels/chan_sip/TCP-TLS
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): 1.8 
SVN Revision (number only!): 314251 
Request Review:              
====================================================================== 
Date Submitted:             2011-04-19 13:05 CDT
Last Modified:              2011-04-19 13:05 CDT
====================================================================== 
Summary:                    SIP TLS certificates should be verified according to
RFC 5922
Description: 
Asterisk currently uses the Common Name in an X509 certificate to test for
validity. According to RFC 5922, it is preferable to use the
SubjectAltNames to test for DNS, user, and domain names and only fall back
to Common Name as a last resort. Asterisk failed several tests at SIPit 28
due to its lack of ability in this area.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-04-19 13:05 twilson        New Issue                                    
2011-04-19 13:05 twilson        Status                   new => assigned     
2011-04-19 13:05 twilson        Assigned To               => twilson         
2011-04-19 13:05 twilson        Asterisk Version          => SVN             
2011-04-19 13:05 twilson        Regression                => No              
2011-04-19 13:05 twilson        SVN Branch (only for SVN checkouts, not tarball
releases) => 1.8             
2011-04-19 13:05 twilson        SVN Revision (number only!) => 314251          
======================================================================

More information about the asterisk-bugs mailing list