Summary: | ASTERISK-25063: [patch]add X.509 subject alternative name support to Asterisk TLS support | ||
Reporter: | Maciej Szmigiero (mhej) | Labels: | |
Date Opened: | 2015-05-05 17:30:27 | Date Closed: | 2015-05-17 14:39:27 |
Priority: | Minor | Regression? | |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) asterisk-cert-alt-names.patch | |
Description: | This patch adds X.509 subject alternative name support to Asterisk TLS support.
This way one X.509 certificate can be used for hosts that can be reached under multiple DNS names or for multiple hosts. Currently the code seems to accept multiple subject (CN) fields instead, however according to Mozilla this is not a correct behavior as only the most specific one should be used: https://bugzilla.mozilla.org/show_bug.cgi?id=380656 | ||
Comments: | By: Rusty Newton (rnewton) 2015-05-07 18:37:37.703-0500 Thanks for the contribution! If you'd like your contribution to be included faster, you should submit your patch for code review by the Asterisk Developer Community. To do so, please follow the Code Review [1] instructions on the wiki. Be sure to: * Verify that your patch conforms to the Coding Guidelines [2] * Review the Code Review Checklist [3] for common items reviewers will look for * If necessary, provide tests for the Asterisk Test Suite that verify the correctness of your patch [4] When ready, submit your patch and any tests to Gerrit [5] for code review. Thanks! [1] https://wiki.asterisk.org/wiki/display/AST/Code+Review [2] https://wiki.asterisk.org/wiki/display/AST/Coding+Guidelines [3] https://wiki.asterisk.org/wiki/display/AST/Code+Review+Checklist [4] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Test+Suite+Documentation [5] https://wiki.asterisk.org/wiki/display/AST/Gerrit+Usage By: Maciej Szmigiero (mhej) 2015-05-08 14:47:01.536-0500 Thanks for looking into it, I've submitted patch via Gerrit. As far as I can see there is currently no test for Asterisk's TLS support certificate verification as both sip_tls_call and sip_tls_register have tlsdontverifyserver set to yes. By: Rusty Newton (rnewton) 2015-05-17 14:39:27.427-0500 Fix was merged so I'm closing this out. Auto-close wasn't working. By: Friendly Automation (friendly-automation) 2016-11-16 13:15:10.972-0600 Change 4451 merged by Joshua Colp: Add X.509 subject alternative name support to TLS certificate verification. [https://gerrit.asterisk.org/4451|https://gerrit.asterisk.org/4451] |