[SR-Users] access to tls X509v3 Subject Alternative Name
Juha Heinanen
jh at tutpro.com
Wed Jul 13 08:56:29 CEST 2016
Daniel-Constantin Mierla writes:
> The right format to try for a variable with index would have been
> $(tls_my_san_hostname[2]) -- have you tried that, too?
$var(san2) = $(tls_my_san_hostname[2]);
xlog("L_INFO", "*********** $var(san2)\n");
produces:
Jul 13 09:51:44 sars sip-proxy[7486]: 0(7537) ERROR: <core> [pvapi.c:918]: pv_parse_spec2(): pvar "tls_my_san_hostname" does not get index param
Jul 13 09:51:44 sars sip-proxy[7486]: 0(7537) ERROR: <core> [pvapi.c:1032]: pv_parse_spec2(): wrong char [1/49] in [$(tls_my_san_hostname[1])] at [22 (3)]
same with ls_pee_san_hostname.
Peer sip proxy may serve many domains lists those as alt names in its
certificate. Another peer may be interested in only one of those
domains and needs to check if that domain is listed in the certificate.
That is why it would be useful to get access to all alt names listed in
the peer certificate.
-- Juha
More information about the sr-users
mailing list