summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pjsip/src/pjsip/sip_transport_tls.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
index aa486987..0878c3a2 100644
--- a/pjsip/src/pjsip/sip_transport_tls.c
+++ b/pjsip/src/pjsip/sip_transport_tls.c
@@ -1640,8 +1640,14 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,
matched = !pj_stricmp(remote_name, &serv_cert->subject.cn);
}
- if (!matched)
+ if (!matched) {
+ if (pj_strnicmp2(&serv_cert->subject.cn, "*.", 2) == 0) {
+ PJ_LOG(1,(tls->base.obj_name,
+ "RFC 5922 (section 7.2) does not allow TLS wildcard "
+ "certificates. Advise your SIP provider, please!"));
+ }
ssl_info.verify_status |= PJ_SSL_CERT_EIDENTITY_NOT_MATCH;
+ }
}
/* Prevent immediate transport destroy as application may access it
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-20 13:53:11 +0000