[SIP Beyond VoIP] TLS certificate of sip2sip.info is "wrong"
Adrian Georgescu
ag at ag-projects.com
Wed Jan 22 15:28:15 CET 2014
Hi Inaki,
I believe the cert is bound to the A record where the client attempts to connect after NAPTR and SRV record lookups. A domain is served by different A records for different services and the client should use the A record name for validation rather than the original domain.
Adrian
On 22 Jan 2014, at 12:24, Iñaki Baz Castillo <ibc at aliax.net> wrote:
> Hi,
>
> After NAPTR / SRV procedures, sip2sip.info domain points to host
> proxy.sipthor.net and port 443 for SIP over TLS.
>
> The server certificate has the following fields:
>
> - CN: *.sipthor.net
> - SubjectAltNames:
> - DNS:*.sipthor.net
> - DNS:sipthor.net
>
> But when using a sip2sip.info account, the client expects to connect
> to a TLS server that provides a certificate for the domain
> sip2sip.info or *.sip2sip.info in the CN or SubjectAltName fields.
>
> This is not the case at all, so the TLS validation of the server's
> certificate fails.
>
>
> --
> Iñaki Baz Castillo
> <ibc at aliax.net>
> _______________________________________________
> SIPBeyondVoIP mailing list
> SIPBeyondVoIP at lists.ag-projects.com
> http://lists.ag-projects.com/mailman/listinfo/sipbeyondvoip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.ag-projects.com/pipermail/sipbeyondvoip/attachments/20140122/b6425700/attachment.pgp>
More information about the SIPBeyondVoIP
mailing list