[SIP Beyond VoIP] TLS certificate of sip2sip.info is "wrong"
ag at ag-projects.com
Wed Jan 22 15:28:15 CET 2014
I believe the cert is bound to the A record where the client attempts to connect after NAPTR and SRV record lookups. A domain is served by different A records for different services and the client should use the A record name for validation rather than the original domain.
On 22 Jan 2014, at 12:24, Iñaki Baz Castillo <ibc at aliax.net> wrote:
> After NAPTR / SRV procedures, sip2sip.info domain points to host
> proxy.sipthor.net and port 443 for SIP over TLS.
> The server certificate has the following fields:
> - CN: *.sipthor.net
> - SubjectAltNames:
> - DNS:*.sipthor.net
> - DNS:sipthor.net
> But when using a sip2sip.info account, the client expects to connect
> to a TLS server that provides a certificate for the domain
> sip2sip.info or *.sip2sip.info in the CN or SubjectAltName fields.
> This is not the case at all, so the TLS validation of the server's
> certificate fails.
> Iñaki Baz Castillo
> <ibc at aliax.net>
> SIPBeyondVoIP mailing list
> SIPBeyondVoIP at lists.ag-projects.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the SIPBeyondVoIP