• adds count pv and sel for DNS, EMAIL, IP, URI
• adds ability to access SAN entries by index

fix #3400

Pre-Submission Checklist

• Commit message has the format required by CONTRIBUTING guide
• Commits are split per component (core, individual modules, libs, utils, ...)
• Each component has a single commit (if not, squash them into one commit)
• No commits to README files for modules (changes must be done to docbook files
  in doc/ subfolder, the README file is autogenerated)

Type Of Change

• Small bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds new functionality)
• Breaking change (fix or feature that would change existing functionality)

Checklist:

• PR should be backported to stable branches
• Tested changes locally
• Related to issue #3400

Description

Fix issue #3400 that describes that tls module cannot properly handle certificates with multiple SAN entries.

Add ability to access SAN entries by index.

Add ability to get count of supported SAN entries by type of entry.

If index is not provided will return first entry (current behavior to remain backwards compatible.

Tested by creating a self signed SAN cert with 3 DNS entries and confirmed expected results for:

$(tls_peer_san_hostname[2])
$(tls_peer_san_hostname);
$tls_peer_san_count(DNS)
$tls_peer_san_count(URI)
$tls_peer_san_count(EMAIL)
$tls_peer_san_count(IP)
$sel(tls.peer.dns[1])
$sel(tls.peer.dns)
$sel(tls.peer.count["DNS"])
$(tls_peer_san_ip[0])
$(tls_peer_san_uri)
$sel(tls.peer.ip[0])
$sel(tls.peer.count["EMAIL"])
$(tls_my_san_hostname[2])
$(tls_my_san_hostname)
$tls_my_san_count(DNS)
$tls_my_san_count(URI)
$tls_my_san_count(EMAIL)
$tls_my_san_count(IP)
$sel(tls.my.dns[1])
$sel(tls.my.dns)
$sel(tls.my.count["DNS"]
$(tls_my_san_ip[0])]
$(tls_my_san_uri)
$sel(tls.my.ip[0])
$sel(tls.my.count["EMAIL"])

Also repeated the test with a self signed cert with 3 DNS entries, 1 IP entry, 1 EMAIL entry and 1 URI entry

You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/3408

Commit Summary

• f9edbc3 tls: get san entries by index

File Changes

(1 file)

• M src/modules/tls/tls_select.c (314)

Patch Links:

• https://github.com/kamailio/kamailio/pull/3408.patch
• https://github.com/kamailio/kamailio/pull/3408.diff

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <kamailio/kamailio/pull/3408@github.com>