[OpenSIPS-Users] TLS SNI Checks
Callum Guy
callum.guy at x-on.co.uk
Thu May 7 14:29:18 EST 2020
Hi All,
Some of our clients are brave enough to access our OpenSIPs WebRTC
gateway using Microsoft Edge.
We've had some teething issues which have been diagnosed as a failed
SNI check due to the character casing, our certificate presents common
and alt names in lowercase (i.e. rtc.opensips.org) however Edge was
checking using a mix of uppercase and lowercase (i.e.
RTC.opensips.org). The server responds with a fatal alert message
"Description: Unrecognized Name (112)" indicating the mismatch.
The fix in our case is just to amend the client configuration however
most other browsers have been demonstrated to fix this by default. I'm
wondering if this is worth patching server side such that the
certificate names and client provided SNI's are held only in lowercase
or a case insensitive match is performed?
Thanks,
Callum
--
<https://www.x-on.co.uk/service/surgery-connect/coronavirus.htm>
*0333
332 0000 | x-on.co.uk <https://www.x-on.co.uk> | **
<https://www.linkedin.com/company/x-on> <https://www.facebook.com/XonTel>
<https://twitter.com/xonuk> ** | Coronavirus
<https://www.x-on.co.uk/service/surgery-connect/coronavirus.htm>*
THE
ITSPA AWARDS 2020 <http://www.itspa.org.uk/itspa-awards> AND Best ITSP -
Mid Market, Best Software and Best Vertical Solution are trade marks of the
Internet Telephony Services Providers' Association, used under licence.
X-on
is a trading name of Storacall Technology Ltd a limited company
registered in
England and Wales.
Registered Office : Avaland House, 110
London Road, Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company Registration
No. 2578478.
The information in this e-mail is confidential and for use by
the addressee(s)
only. If you are not the intended recipient, please notify
X-on immediately on +44(0)333 332 0000 and delete the
message from your
computer. If you are not a named addressee you must not use,
disclose,
disseminate, distribute, copy, print or reply to this email. Views
or
opinions expressed by an individual
within this email may not necessarily
reflect the views of X-on or its associated companies. Although X-on
routinely
screens for viruses, addressees should scan this email and any
attachments
for
viruses. X-on makes no representation or warranty as to the
absence of viruses
in this email or any attachments.
More information about the Users
mailing list