From ca7709c2f603aef3420b5ee1e2dfbdbeb951be7f Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Tue, 26 May 2026 14:05:48 +0000 Subject: [PATCH] res_pjsip: Don't allow a leading period when wildcard matching The reference identifier (what the client provides - in this case a hostname) must start with a domain label, not a `.`. The current implementation will match `.seanbright.com` against `*.seanbright.com` which is incorrect. --- res/res_pjsip/pjsip_transport_events.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/res_pjsip/pjsip_transport_events.c b/res/res_pjsip/pjsip_transport_events.c index 65a740cb2c..5aeb8f87b4 100644 --- a/res/res_pjsip/pjsip_transport_events.c +++ b/res/res_pjsip/pjsip_transport_events.c @@ -212,7 +212,7 @@ static int verify_cert_name(const pj_str_t *local, const pj_str_t *remote) } p = pj_strchr(local, '.'); - if (!p) { + if (!p || p == pj_strbuf(local)) { return 0; }