TLS in asterisk currently does not accept wildcarded DN's when connecting #276
Conversation
… a TLS/SSL host. This tweak makes that work. Fixed asterisk#269
dirkx
changed the title
|
REMINDER: If this PR applies to other branches, please add a comment with the appropriate "cherry-pick-to" headers as per the Create a Pull Request process. If you don't want it cherry-picked, please add a comment with If, after adding "cherry-pick-to" comments, you change your mind, please edit the comment to DELETE the header lines and add The currently active branches are now 18, 20, 21 and master. |
github-actions
bot
added
test-checks-failed
testing-in-progress
and removed
testing-in-progress
test-checks-failed
labels
There was a problem hiding this comment.
chan_sip no longer accepts changes here. Is this applicable to anything else that would merit its inclusion? If so, the commit message should be framed as such.
This PR currently has 2 commits that need to be squashed together.
There are some coding guideline violations that need to be addressed as well.
The existing commit message does not comply with the commit message guidelines.
| @@ -85,21 +85,21 @@ static void session_instance_destructor(void *obj) | |||
| static int check_tcptls_cert_name(ASN1_STRING *cert_str, const char *hostname, const char *desc) | |||
| { | |||
| unsigned char *str; | |||
| int ret; | |||
| int ret = -1,len; | |||
There was a problem hiding this comment.
whitespace needed between ,
| return -1; | ||
| } | ||
| } |
| if (ret < 0 || !str) { | ||
| len = ASN1_STRING_to_UTF8(&str, cert_str); | ||
| if (len < 0 || !str) { | ||
| ast_log(LOG_WARNING, "Mailformed string in certificate\n", desc); |
There was a problem hiding this comment.
Why not print out the string?
| } else if (!strcasecmp(hostname, (char *) str)) { | ||
| ret = 0; | ||
| } else { | ||
| ret = -1; | ||
| } else if (len > 2 && str[0] == '*' && str[1] == '.' && len - 2 <= strlen(hostname) && strcasecmp(hostname+strlen(hostname)-len+2, str+2) == 0) { |
There was a problem hiding this comment.
space needed around +. Please see the coding guidelines. Same for the - and + operators.
Also use !strcasecmp, not == 0
| } else { | ||
| ret = -1; | ||
| } else if (len > 2 && str[0] == '*' && str[1] == '.' && len - 2 <= strlen(hostname) && strcasecmp(hostname+strlen(hostname)-len+2, str+2) == 0) { | ||
| ast_log(LOG_WARNING,"Warning: allowing match on wildcard (%s =~ %s)\n", hostname, str); |
There was a problem hiding this comment.
Space needed after , before "
No need to print "Warning: ", remove that.
gtjoseph
force-pushed
the
master
branch
7 times, most recently
from
b15287c
to
1862a36
Compare
TLS currently does not accept wildcarded DN's when connecting to a TLS/SSL host. This tweak makes that work. Fixes/addresses issue #269