[asterisk-bugs] [Asterisk 0019147]: SIP TLS certificates should be verified according to RFC 5922
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Apr 19 13:05:24 CDT 2011
The following issue has been SUBMITTED.
======================================================================
https://issues.asterisk.org/view.php?id=19147
======================================================================
Reported By: twilson
Assigned To: twilson
======================================================================
Project: Asterisk
Issue ID: 19147
Category: Channels/chan_sip/TCP-TLS
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.8
SVN Revision (number only!): 314251
Request Review:
======================================================================
Date Submitted: 2011-04-19 13:05 CDT
Last Modified: 2011-04-19 13:05 CDT
======================================================================
Summary: SIP TLS certificates should be verified according to
RFC 5922
Description:
Asterisk currently uses the Common Name in an X509 certificate to test for
validity. According to RFC 5922, it is preferable to use the
SubjectAltNames to test for DNS, user, and domain names and only fall back
to Common Name as a last resort. Asterisk failed several tests at SIPit 28
due to its lack of ability in this area.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2011-04-19 13:05 twilson New Issue
2011-04-19 13:05 twilson Status new => assigned
2011-04-19 13:05 twilson Assigned To => twilson
2011-04-19 13:05 twilson Asterisk Version => SVN
2011-04-19 13:05 twilson Regression => No
2011-04-19 13:05 twilson SVN Branch (only for SVN checkouts, not tarball
releases) => 1.8
2011-04-19 13:05 twilson SVN Revision (number only!) => 314251
======================================================================
More information about the asterisk-bugs
mailing list