< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index

Re: [reSIProcate-users] certificate mismatch when DNS SRV used.

From: Byron Campen <docfaraday@xxxxxxxxx>
Date: Tue, 26 Nov 2013 08:09:40 -0800

But the client never asked for sipthor.net; it asked for TLS to a domain identifying itself as sip2sip.info. Consider the case where s/sipthor.net/somespyagencywhichwillremainunnamed.gov/.

Best regards,
Byron Campen

More details:

I'm enter the SIP server: sip2sip.info, port: 443, the transport is TLS, resip discover DNS SRV, get the record is proxy.sipthor.net, it handshake to proxy.sipthor.net, received the certificate name is *.sipthor.net, then BaseSecurity::matchHostName can't match the name.

On Tue, Nov 26, 2013 at 9:47 PM, Karlsson <boost.regex@xxxxxxxxx> wrote:

Hi, I've tried test the TLS transport with sip2sip.info, the resiprocate is discover the sip2sip.info DNS SRV then register to a server which the IP is 85.17.186.7, and the server certificate domain name is sipthor.net, so in the BaseSecurity::matchHostName function, the peerName and domainName is not match, one is sip2sip.info, another one is *.sipthor.net, even allow the withWildcards.

How to fix the code to compatibles this case ?
_______________________________________________
resiprocate-users mailing list
resiprocate-users@xxxxxxxxxxxxxxx
List Archive: http://list.resiprocate.org/archive/resiprocate-users/

References:
- [reSIProcate-users] certificate mismatch when DNS SRV used.
  - From: Karlsson
- Re: [reSIProcate-users] certificate mismatch when DNS SRV used.
  - From: Karlsson

Prev by Date: Re: [reSIProcate-users] certificate mismatch when DNS SRV used.
Next by Date: Re: [reSIProcate-users] How to set the resip use the TLS anyway even TLS valid failure
Previous by thread: Re: [reSIProcate-users] certificate mismatch when DNS SRV used.
Next by thread: [reSIProcate-users] how to change destination IP?
Index(es):
- Date
- Thread