26 May
2011
26 May
'11
10:20 p.m.
2011/5/26 Jan Janak <jan(a)ryngle.com>om>:
Hi Jan, why do you state that? As RFC 5954 defines (my own text):
- A client establishes a TLS session with sip-router.
- The client presents a TLS certificate.
- sip-router extracts the SIP domain identities in the certificate by
inspecting each value
in the subjectAltName field with type "domain".
- sip-router stores them in attributes belonging to this TLS session.
- In the logic script, it would be possible then to match the From
domain of the request (or whatever) against the list of SIP identities
in the certificate (so authentication is done).
So if I'm not wrong, I need all the subjectAltName values of the certificate.
Note that I'm not talking just about veryfing the validity of the
certificate (it's correctly signed, it's not expired and so) but also
checking that each new request coming within this TLS connection has a
I would
appreciate it as I would like to test real SIP TLS source
authentication :)
You don't really need this feature for that, but we would be glad to
accept patches if you implement it. From domain matching domain identities present in the
certificate.
Regards.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>