diff options
author | Benny Prijono <bennylp@teluu.com> | 2014-07-25 07:27:37 +0000 |
---|---|---|
committer | Benny Prijono <bennylp@teluu.com> | 2014-07-25 07:27:37 +0000 |
commit | 10511d890b8769ad4a7fdbddecfb7bfb605d03cb (patch) | |
tree | 2805306dcd14a37d67709ed98a778de00a7ef52a | |
parent | 9086bd47d42bb2efccf9d9bc982c17b1fae8b2aa (diff) |
Misc #1751: added logging when TLS domain verification fails due to invalid use of wildcard. Thanks Alexander Traud for the patch
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4882 74dad513-b988-da41-8d7b-12977e46ad98
-rw-r--r-- | pjsip/src/pjsip/sip_transport_tls.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c index aa486987..0878c3a2 100644 --- a/pjsip/src/pjsip/sip_transport_tls.c +++ b/pjsip/src/pjsip/sip_transport_tls.c @@ -1640,8 +1640,14 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock, matched = !pj_stricmp(remote_name, &serv_cert->subject.cn); } - if (!matched) + if (!matched) { + if (pj_strnicmp2(&serv_cert->subject.cn, "*.", 2) == 0) { + PJ_LOG(1,(tls->base.obj_name, + "RFC 5922 (section 7.2) does not allow TLS wildcard " + "certificates. Advise your SIP provider, please!")); + } ssl_info.verify_status |= PJ_SSL_CERT_EIDENTITY_NOT_MATCH; + } } /* Prevent immediate transport destroy as application may access it |