Bug 82 - check certificate validity and purpose on startup
Summary: check certificate validity and purpose on startup
Status: NEW
Alias: None
Product: resiprocate
Classification: Unclassified
Component: stack (libresip) (show other bugs)
Version: unspecified
Hardware: All All
: P1 normal
Assignee: Owner of all unassigned bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-08 01:48 CDT by Daniel Pocock
Modified: 2014-04-24 07:13 CDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Pocock 2014-04-08 01:48:06 CDT
When a TLS-based transport is created/started, it should check the certificate.  In particularly, verify:

- is not expired
- it can be used as both server and client (key usage)

If there is a problem, there should be an exception.
Comment 1 Daniel Pocock 2014-04-24 07:13:23 CDT
Should also check the CN (or subjectAltName) to make sure it is consistent with the transport address.