<p>Kevin Harwell <strong>uploaded patch set #2</strong> to this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/18650">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_pjsip: allow TLS verification of wildcard cert-bearing servers<br><br>Rightly the use of wildcards in certificates is disallowed in accordance<br>with RFC5922. However, RFC2818 does make some allowances with regards to<br>their use when using subject alt names with DNS name types.<br><br>As such this patch creates a new setting for TLS transports called<br>'allow_wildcard_certs', which when it and 'verify_server' are both enabled<br>allows DNS name types, as well as the common name that start with '*.'<br>to match as a wildcard.<br><br>For instance: *.example.com<br>will match for: foo.example.com<br><br>Partial matching is not allowed, e.g. f*.example.com, foo.*.com, etc...<br>And the starting wildcard only matches for a single level.<br><br>For instance: *.example.com<br>will NOT match for: foo.bar.example.com<br><br>The new setting is disabled by default.<br><br>ASTERISK-30072 #close<br><br>Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4<br>---<br>M configs/samples/pjsip.conf.sample<br>A contrib/ast-db-manage/config/versions/58e440314c2a_allow_wildcard_certs.py<br>A doc/CHANGES-staging/allow_wildcard_certs.txt<br>M include/asterisk/res_pjsip.h<br>M res/res_pjsip/config_transport.c<br>M res/res_pjsip/pjsip_config.xml<br>M res/res_pjsip/pjsip_transport_events.c<br>7 files changed, 218 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/50/18650/2</pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/18650">change 18650</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/18650"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4 </div>
<div style="display:none"> Gerrit-Change-Number: 18650 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: newpatchset </div>