[asterisk-bugs] [JIRA] (ASTERISK-25063) [patch]add X.509 subject alternative name support to Asterisk TLS support
Maciej Szmigiero (JIRA)
noreply at issues.asterisk.org
Fri May 8 14:47:32 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-25063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=226163#comment-226163 ]
Maciej Szmigiero commented on ASTERISK-25063:
---------------------------------------------
Thanks for looking into it, I've submitted patch via Gerrit.
As far as I can see there is currently no test for Asterisk's TLS support certificate verification as both sip_tls_call and sip_tls_register have
tlsdontverifyserver set to yes.
> [patch]add X.509 subject alternative name support to Asterisk TLS support
> -------------------------------------------------------------------------
>
> Key: ASTERISK-25063
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25063
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Core/General
> Reporter: Maciej Szmigiero
> Assignee: Maciej Szmigiero
> Severity: Minor
> Attachments: asterisk-cert-alt-names.patch
>
>
> This patch adds X.509 subject alternative name support to Asterisk TLS support.
> This way one X.509 certificate can be used for hosts that can be reached under multiple DNS names or for multiple hosts.
> Currently the code seems to accept multiple subject (CN) fields instead, however according to Mozilla this is not a correct behavior as only the most specific one should be used: https://bugzilla.mozilla.org/show_bug.cgi?id=380656
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list