[SIP Beyond VoIP] TLS certificate of sip2sip.info is "wrong"

Iñaki Baz Castillo ibc at aliax.net
Wed Jan 22 15:24:20 CET 2014


After NAPTR / SRV procedures, sip2sip.info domain points to host
proxy.sipthor.net and port 443 for SIP over TLS.

The server certificate has the following fields:

- CN: *.sipthor.net
- SubjectAltNames:
    - DNS:*.sipthor.net
    - DNS:sipthor.net

But when using a sip2sip.info account, the client expects to connect
to a TLS server that provides a certificate for the domain
sip2sip.info or *.sip2sip.info in the CN or SubjectAltName fields.

This is not the case at all, so the TLS validation of the server's
certificate fails.

Iñaki Baz Castillo
<ibc at aliax.net>

More information about the SIPBeyondVoIP mailing list