[kamailio/kamailio] TLS Module does not expose all entries in the subject alternative name (Issue #3400)
### Description
Have a certificate with the following Subject Alternative Name value: DNS:www.company.net, DNS:company.com, DNS: company.net
Calling `$tls_peer_san_hostname` (and the other pv's/select that reference SAN) only returns `www.company.net` (first entry)
This does not support the spec which allows multiple entries (rfc2459 I believe).
### Troubleshooting Logged values of different SAN back select and pseudovariables and only appears to return the first entries.
#### Reproduction Create a self signed certificate with multiple alt names (I used this as a guide: https://support.citrix.com/article/CTX135602/how-to-create-a-selfsigned-san-...)
Updated my Kamailio config to log different tls pv and selects (eg tls_peer_san_hostname, @tls.peer.dns select, but others as well)
Confirm only one value is provided.
#### Debugging Data
``` [www.company.net] is the only value present in the corresponding variables ```
### Possible Solutions
Update variables to provide access to SAN entries to return all the values Create new variable to provide access to all SAN entries
### Additional Information https://www.kamailio.org/wiki/cookbooks/5.1.x/pseudovariables#tls_peer_san_h...
http://www.kamailio.org/wiki/cookbooks/5.2.x/selects#tlspeerdns
Thanks for the report. Yes, this is true, noticed this as well.
Seems like the selects have the same issue.
Closed #3400 as completed via #3408.
-
Daniel-Constantin Mierla -
Henning Westerholt
-
Marcus Orchard
-
Olle E. Johansson