[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
T20 TLS Config - Common Name Validation
Author Message
janeuner Offline
Junior Member
**

Posts: 4
Joined: Oct 2014
Reputation: 0
Post: #1
T20 TLS Config - Common Name Validation
I believe I have found a defect in the Yealink T20 X.509 CN validation process. Is a workaround possible?

I have a Yealink T20 with the following configuration:
Quote:Firmware Version - 9.71.0.140
Hardware Version - 7.0.1.61
Register Name - 52
User Name - 52
Outbound Proxy - Enabled
Outbound Proxy Server - ekahau.nh.local
Transport - TLS
Sip Server 1/Server Host - ekahau.nh.local

I have configured the device with a CA which authenticates the following server certificate...
Quote:Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30 (0x1e)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Network Harbor Inc, OU=Software Testing CA
Validity
Not Before: Oct 8 14:59:03 2014 GMT
Not After : Oct 7 14:59:03 2016 GMT
Subject: CN=ekahau.nh.local, O=nh.local, OU=Software Testing CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
*snip*
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
01:16:8B:99:64Big GrinE:15:79:82:52:BE:FD:C2:F1:A9:95Big Grin2:76:C0:18
X509v3 Authority Key Identifier:
keyid:A4:9C:73Big Grin4:A9:3B:33:26Big GrinA:34:78Big GrinA:49:45Big Grin1:77:77:B2:09:4A

X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.20
X509v3 Subject Alternative Name:
DNS:ekahau.nh.local
Signature Algorithm: sha1WithRSAEncryption
*snip*

If I set the following parameters under the Security tab, the device registers and handles calls correctly.
Quote:Only Accept Trusted Certificates - Enabled
Common Name Validation - Disabled
CA Certificates - Custom Certificates

However, if I switch Common Name Validation to Enabled, the device will not register. When I inspect the device's syslog, I find the following entries.
Quote:Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] SSL_connect succeeded
Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] SSL_is_init_finished done
Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] tls_connect: remote certificate: subject:/CN=ekahau.nh.local/O=nh.local/OU=Software Testing CA
Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] tls_connect: remote certificate: issuer: /O=Network Harbor Inc/OU=Software Testing CA
Oct 8 15:20:46 SIP [493]: SDL <3+error > [001] Common name and subject alt name doesn't match host name
Oct 8 15:20:46 SIP [493]: SDL <5+notice> [001] common_name:ekahau.nh.local subject_alt_name:
Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] Message sent: ...

For my applications, the ability to validate server certificates is highly desired. Please advise.
(This post was last modified: 10-08-2014 11:36 PM by janeuner.)
10-08-2014 11:34 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
T20 TLS Config - Common Name Validation - janeuner - 10-08-2014 11:34 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Config T19P E2 to display a message while is talking vijareno 0 382 02-05-2020 07:37 AM
Last Post: vijareno
Question Download config by command line sadzas 3 1,685 07-29-2019 06:02 AM
Last Post: Paz_Yealink
  Common Configuration Filenames Rus 3 3,690 06-27-2019 12:52 AM
Last Post: Evan_Yealink
  T48S SfB Config Settings Reverting Aaron_IT 1 1,970 01-04-2018 11:00 AM
Last Post: Paul_Yealink
  Exporting a Config austinh 1 2,339 07-14-2017 02:58 AM
Last Post: Jensen_Yealink
  How Create Multiple Config files Based In Excel mpascuas 3 5,452 11-03-2015 11:15 PM
Last Post: mpascuas
  config T46G with EXP40 - W52P Paulo Batista 1 3,944 03-09-2015 10:32 AM
Last Post: James_Yealink
  T20P Config File ndurain 8 9,095 12-23-2014 09:59 PM
Last Post: ndurain
  T2XP Phones Admin Password With Config File aosjames 3 6,576 12-18-2014 02:22 AM
Last Post: ModCraig
  T20P request IP address after Static IP config Dave Clements 2 7,074 12-01-2014 06:25 PM
Last Post: Lucas1

Forum Jump:


User(s) browsing this thread:

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication