[asterisk-users] Quick patch for updated NL-ips
Dirk-Willem van Gulik
dirkx at webweaving.org
Tue Aug 22 15:32:12 CDT 2023
Thanks to those on IRC confirming quickly that this was not something supported (yet) in Asterisk.
Below is a quick fix/patch to tcptls.c for Asterisk 18 against this particular provider.
Dw
static int check_tcptls_cert_name(ASN1_STRING *cert_str, const char *hostname, const char *desc)
{
unsigned char *str;
int ret;
ret = ASN1_STRING_to_UTF8(&str, cert_str);
if (ret < 0 || !str) {
return -1;
}
if (strlen((char *) str) != ret) {
ast_log(LOG_WARNING, "Invalid certificate %s length (contains NULL bytes?)\n", desc);
ret = -1;
} else if (!strcasecmp(hostname, (char *) str)) {
ret = 0;
} else if (strlen(str) > 2 && str[0] == '*' && str[1] == '.' && strlen(str) - 2 <= strlen(hostname) && strcasecmp(hostname+strlen(hostname)-strlen(str)+2, str+2) == 0) {
ast_log(LOG_WARNING,"Warning: allowing match on wildcard (%s =~ %s)\n", hostname, str);
ret = 0;
} else {
ret = -1;
}
ast_debug(3, "SSL %s compare s1='%s' s2='%s'\n", desc, hostname, str);
OPENSSL_free(str);
return ret;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20230822/8ac3179f/attachment.html>
More information about the asterisk-users
mailing list