[Opalvoip-devel] TLS and Wildcard domain

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

I try to Register to a SIP Proxy over TLS. The Sip Proxy has a trusted 
widcard certificate installed on it (*.vocalcom.com).
The connection actually failed and I see that the problems comes from 
transports.cxx, function OpalTransportTLS::IsAuthenticated(const PString 
& domain.

Actually the code return false if the domain name we try to connect is 
not exactly the same that the one of the Alt field of the certificate.

I do a quick fix (perhaps dirty, I'm not sure to manage all cases) :

Instead of

   if (domain == (alt.IsEmpty() ? subject.GetCommonName() : alt))
     return true;

I do the following code :

PString certDomain = alt.IsEmpty() ? subject.GetCommonName() : alt;
PString peerDomain = PString(domain);

   //Wildcard case
   if (certDomain.Find("*.", 0) == 0) {
       PString domainName = certDomain.Delete(0, 1);
       PTRACE(3, "Test if domain \"" << domain << "\" match wildcard 
Peer certificate: =\"" << domainName << "\"");

       //Take only the part of the domain name to test from source domain
       peerDomain = peerDomain.Right(domainName.GetLength());
   }

   if (peerDomain == certDomain)
       return true;

Regards

Etienne Venot