[SR-Users] access to tls X509v3 Subject Alternative Name
Daniel-Constantin Mierla
miconda at gmail.com
Wed Jul 13 09:00:57 CEST 2016
On 13/07/16 08:56, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
>
>> The right format to try for a variable with index would have been
>> $(tls_my_san_hostname[2]) -- have you tried that, too?
> $var(san2) = $(tls_my_san_hostname[2]);
> xlog("L_INFO", "*********** $var(san2)\n");
>
> produces:
>
> Jul 13 09:51:44 sars sip-proxy[7486]: 0(7537) ERROR: <core> [pvapi.c:918]: pv_parse_spec2(): pvar "tls_my_san_hostname" does not get index param
> Jul 13 09:51:44 sars sip-proxy[7486]: 0(7537) ERROR: <core> [pvapi.c:1032]: pv_parse_spec2(): wrong char [1/49] in [$(tls_my_san_hostname[1])] at [22 (3)]
>
> same with ls_pee_san_hostname.
>
> Peer sip proxy may serve many domains lists those as alt names in its
> certificate. Another peer may be interested in only one of those
> domains and needs to check if that domain is listed in the certificate.
> That is why it would be useful to get access to all alt names listed in
> the peer certificate.
>
It's clear that the variable was not developed with array access in mind
as it doesn't support indexes. You should open a feature request,
someone has to write some c code to get it done.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://www.asipto.com - http://www.kamailio.org
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
More information about the sr-users
mailing list