Re: [Opalvoip-devel] TLS and Wildcard domain
Brought to you by:
csoutheren,
rjongbloed
Menu
▾
▴
Re: [Opalvoip-devel] TLS and Wildcard domain
|
From: Ankur D. J. <an...@te...> - 2017-01-13 13:11:28
|
Hi Etienne, unfortunately SIP does not support wildcard ssl certificate. https://tools.ietf.org/html/rfc5922 On Fri, Jan 13, 2017 at 4:23 PM, Etienne Venot <e....@vo...> wrote: > Hello, > > I try to Register to a SIP Proxy over TLS. The Sip Proxy has a trusted > widcard certificate installed on it (*.vocalcom.com). > The connection actually failed and I see that the problems comes from > transports.cxx, function OpalTransportTLS::IsAuthenticated(const PString > & domain. > > Actually the code return false if the domain name we try to connect is > not exactly the same that the one of the Alt field of the certificate. > > I do a quick fix (perhaps dirty, I'm not sure to manage all cases) : > > Instead of > > if (domain == (alt.IsEmpty() ? subject.GetCommonName() : alt)) > return true; > > > I do the following code : > > PString certDomain = alt.IsEmpty() ? subject.GetCommonName() : alt; > PString peerDomain = PString(domain); > > //Wildcard case > if (certDomain.Find("*.", 0) == 0) { > PString domainName = certDomain.Delete(0, 1); > PTRACE(3, "Test if domain \"" << domain << "\" match wildcard > Peer certificate: =\"" << domainName << "\""); > > //Take only the part of the domain name to test from source domain > peerDomain = peerDomain.Right(domainName.GetLength()); > } > > if (peerDomain == certDomain) > return true; > > > Regards > > Etienne Venot > > ------------------------------------------------------------ > ------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today. http://sdm.link/xeonphi > _______________________________________________ > Opalvoip-devel mailing list > Opa...@li... > https://lists.sourceforge.net/lists/listinfo/opalvoip-devel > -- Regards Ankur Deep Jaiswal Software Architect Techgentsia Software Technologies Private Limited Ernakulam |
