<html><head><meta http-equiv="content-type" content="text/html; charset=us-ascii"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div>Thanks to those on IRC confirming quickly that this was not something supported (yet) in Asterisk.</div><div><br></div><div>Below is a quick fix/patch to tcptls.c for Asterisk 18 against this particular provider.</div><div><br></div><div>Dw</div><div><br></div><div><br></div><font face="Courier New">static int check_tcptls_cert_name(ASN1_STRING *cert_str, const char *hostname, const char *desc)<br>
{<br>
unsigned char *str;<br>
int ret;<br>
<br>
ret = ASN1_STRING_to_UTF8(&str, cert_str);<br>
if (ret < 0 || !str) {<br>
return -1;<br>
}<br>
<br>
if (strlen((char *) str) != ret) {<br>
ast_log(LOG_WARNING, "Invalid certificate %s length (contains NULL bytes?)\n", desc);<br>
<br>
ret = -1;<br>
} else if (!strcasecmp(hostname, (char *) str)) {<br>
ret = 0;</font><div><div><font face="Courier New"><b> } else if (strlen(str) > 2 && str[0] == '*' && str[1] == '.' && strlen(str) - 2 <= strlen(hostname) && strcasecmp(hostname+strlen(hostname)-strlen(str)+2, str+2) == 0) {<br> ast_log(LOG_WARNING,"Warning: allowing match on wildcard (%s =~ %s)\n", hostname, str);<br>
ret = 0;<br>
} else {<br></b>
ret = -1;<br>
}<br>
<br>
ast_debug(3, "SSL %s compare s1='%s' s2='%s'\n", desc, hostname, str);<br>
OPENSSL_free(str);<br>
<br>
return ret;<br>
}</font><div><br></div><div><br></div><div><br></div></div></div></body></html>