RE: [reSIProcate] proposed changes to cert-derived peer name handling
I think we definitely need to do this. Should we also add the commonName to
the list of peer names?
A good reference is the code in the sipX project:
http://scm.sipfoundry.org/rep/sipX/main/sipXportLib/src/os/OsSSL.cpp
search for peerIdentity.
We should probably also expose a method to retrieve the list.
Scott
-----Original Message-----
From: resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Rohan
Mahy
Sent: Friday, March 24, 2006 7:26 PM
To: resiprocate-devel@xxxxxxxxxxxxxxxxxxx
Cc: Rohan Mahy
Subject: [reSIProcate] proposed changes to cert-derived peer name handling
Hi,
Currently we have the getPeerName function which returns a Data. In
addition to the (minor) overhead of creating a Data, the function only works
if there is a single sip or sips URI in the subjectAltName. The
subjectAltName can actually contain a stack of URIs here and it could be
reasonable to get a certificate that covers both sip:sip.example.com and
sip:example.com.
I think we should add a new function with the following signature:
bool matchesPeerName(Uri)
This would just check the Uri to see if it is in the stack of names from the
subjectAltName and return yes or no.
thoughts?
thanks,
-rohan
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxx
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel