[asterisk-bugs] [JIRA] (ASTERISK-17719) SIP TLS certificates should be verified according to RFC 5922
Corey Farrell (JIRA)
noreply at issues.asterisk.org
Wed Oct 11 11:20:21 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-17719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Corey Farrell closed ASTERISK-17719.
------------------------------------
Resolution: Fixed
Closing as I believe this was fixed by ASTERISK-25063.
> SIP TLS certificates should be verified according to RFC 5922
> -------------------------------------------------------------
>
> Key: ASTERISK-17719
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-17719
> Project: Asterisk
> Issue Type: Bug
> Components: Channels/chan_sip/TCP-TLS
> Reporter: Terry Wilson
> Assignee: Terry Wilson
> Severity: Minor
>
> Asterisk currently uses the Common Name in an X509 certificate to test for validity. According to RFC 5922, it is preferable to use the SubjectAltNames to test for DNS, user, and domain names and only fall back to Common Name as a last resort. Asterisk failed several tests at SIPit 28 due to its lack of ability in this area.
> ****** STEPS TO REPRODUCE ******
> Make an outbound registration to a SIP server using a domain name that is only found in a SubjectAltName in their certificate. Watch Asterisk fail to set up the call.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list