New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
T20 TLS Config - Common Name Validation
Author Message
janeuner Offline
Junior Member
**

Posts: 4
Joined: Oct 2014
Reputation: 0
Post: #1
T20 TLS Config - Common Name Validation
I believe I have found a defect in the Yealink T20 X.509 CN validation process. Is a workaround possible?

I have a Yealink T20 with the following configuration:
Quote:Firmware Version - 9.71.0.140
Hardware Version - 7.0.1.61
Register Name - 52
User Name - 52
Outbound Proxy - Enabled
Outbound Proxy Server - ekahau.nh.local
Transport - TLS
Sip Server 1/Server Host - ekahau.nh.local

I have configured the device with a CA which authenticates the following server certificate...
Quote:Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30 (0x1e)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Network Harbor Inc, OU=Software Testing CA
Validity
Not Before: Oct 8 14:59:03 2014 GMT
Not After : Oct 7 14:59:03 2016 GMT
Subject: CN=ekahau.nh.local, O=nh.local, OU=Software Testing CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
*snip*
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
01:16:8B:99:64Big GrinE:15:79:82:52:BE:FD:C2:F1:A9:95Big Grin2:76:C0:18
X509v3 Authority Key Identifier:
keyid:A4:9C:73Big Grin4:A9:3B:33:26Big GrinA:34:78Big GrinA:49:45Big Grin1:77:77:B2:09:4A

X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, 1.3.6.1.5.5.7.3.20
X509v3 Subject Alternative Name:
DNS:ekahau.nh.local
Signature Algorithm: sha1WithRSAEncryption
*snip*

If I set the following parameters under the Security tab, the device registers and handles calls correctly.
Quote:Only Accept Trusted Certificates - Enabled
Common Name Validation - Disabled
CA Certificates - Custom Certificates

However, if I switch Common Name Validation to Enabled, the device will not register. When I inspect the device's syslog, I find the following entries.
Quote:Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] SSL_connect succeeded
Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] SSL_is_init_finished done
Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] tls_connect: remote certificate: subject:/CN=ekahau.nh.local/O=nh.local/OU=Software Testing CA
Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] tls_connect: remote certificate: issuer: /O=Network Harbor Inc/OU=Software Testing CA
Oct 8 15:20:46 SIP [493]: SDL <3+error > [001] Common name and subject alt name doesn't match host name
Oct 8 15:20:46 SIP [493]: SDL <5+notice> [001] common_name:ekahau.nh.local subject_alt_name:
Oct 8 15:20:46 SIP [493]: SDL <6+info > [001] Message sent: ...

For my applications, the ability to validate server certificates is highly desired. Please advise.
(This post was last modified: 10-08-2014 11:36 PM by janeuner.)
10-08-2014 11:34 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
T20 TLS Config - Common Name Validation - janeuner - 10-08-2014 11:34 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
Question Download config by command line sadzas 3 530 07-29-2019 06:02 AM
Last Post: Paz_Yealink
  Common Configuration Filenames Rus 3 2,469 06-27-2019 12:52 AM
Last Post: Evan_Yealink
  T48S SfB Config Settings Reverting Aaron_IT 1 1,401 01-04-2018 11:00 AM
Last Post: Paul_Yealink
  Exporting a Config austinh 1 1,800 07-14-2017 02:58 AM
Last Post: Jensen_Yealink
  How Create Multiple Config files Based In Excel mpascuas 3 4,788 11-03-2015 11:15 PM
Last Post: mpascuas
  config T46G with EXP40 - W52P Paulo Batista 1 3,526 03-09-2015 10:32 AM
Last Post: James_Yealink
  T20P Config File ndurain 8 7,898 12-23-2014 09:59 PM
Last Post: ndurain
  T2XP Phones Admin Password With Config File aosjames 3 5,846 12-18-2014 02:22 AM
Last Post: ModCraig
  T20P request IP address after Static IP config Dave Clements 2 6,312 12-01-2014 06:25 PM
Last Post: Lucas1
  T32G OpenVPN Config tlowe@newboldcorp.com 3 4,669 11-07-2014 02:42 AM
Last Post: tlowe@newboldcorp.com

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication