Thanks to those on IRC confirming quickly that this was not something supported
(yet) in Asterisk.
Below is a quick fix/patch to tcptls.c for Asterisk 18 against this particular
provider.
Dw
static int check_tcptls_cert_name(ASN1_STRING *cert_str, const char *hostname,
const char *desc)
{
unsigned char *str;
int ret;
ret = ASN1_STRING_to_UTF8(&str, cert_str);
if (ret < 0 || !str) {
return -1;
}
if (strlen((char *) str) != ret) {
ast_log(LOG_WARNING, "Invalid certificate %s length (contains
NULL bytes?)\n", desc);
ret = -1;
} else if (!strcasecmp(hostname, (char *) str)) {
ret = 0;
} else if (strlen(str) > 2 && str[0] == '*' && str[1] == '.' &&
strlen(str) - 2 <= strlen(hostname) &&
strcasecmp(hostname+strlen(hostname)-strlen(str)+2, str+2) == 0) {
ast_log(LOG_WARNING,"Warning: allowing match on wildcard (%s =~
%s)\n", hostname, str);
ret = 0;
} else {
ret = -1;
}
ast_debug(3, "SSL %s compare s1='%s' s2='%s'\n", desc, hostname, str);
OPENSSL_free(str);
return ret;
}
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
