<p>Kevin Harwell has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/18572">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_pjsip: allow TLS verification of wildcard cert-bearing servers<br><br>Rightly the use of wildcards in certificates is disallowed in accordance<br>with RFC5922. However, RFC2818 does make some allowances with regards to<br>their use when using subject alt names with DNS name types.<br><br>As such this patch creates a new setting for TLS transports called<br>'allow_wildcard_certs', which when enabled allows DNS name types, as<br>well as the common name that start with '*.' to match as a wildcard.<br><br>For instance: *.example.com<br>will match for: foo.example.com<br><br>Partial matching is not allowed, e.g. f*.example.com, foo.*.com, etc...<br>And the starting wildcard only matches for a single levels<br><br>For instance: *.example.com<br>will NOT match for: foo.bar.example.com<br><br>The new setting is disabled by default.<br><br>ASTERISK-30072 #close<br><br>Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4<br>---<br>M configs/samples/pjsip.conf.sample<br>M configure<br>M configure.ac<br>A contrib/ast-db-manage/config/versions/58e440314c2a_allow_wildcard_certs.py<br>A doc/CHANGES-staging/allow_wildcard_certs.txt<br>M include/asterisk/autoconfig.h.in<br>M menuselect/configure<br>M res/res_pjsip/config_transport.c<br>M res/res_pjsip/pjsip_config.xml<br>M third-party/pjproject/configure.m4<br>A third-party/pjproject/patches/0010-sip_transport_tls-allow-wildcard-certifcates.patch<br>11 files changed, 9,948 insertions(+), 11,777 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/72/18572/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/18572">change 18572</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/18572"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4 </div>
<div style="display:none"> Gerrit-Change-Number: 18572 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>