snmpTlstmAddrTable

SNMP-TLS-TM-MIB · .1.3.6.1.2.1.198.2.2.1.9
MIB view Table view

Object

table 
This table is used by a (D)TLS client when a (D)TLS
connection is being set up using an entry in the
SNMP-TARGET-MIB.  It extends the SNMP-TARGET-MIB's
          
snmpTargetAddrTable so that the client can verify that the
correct server has been reached.  This verification can use
either a certificate fingerprint, or an identity
authenticated via certification path validation.
          
If there is an active row in this table corresponding to the
entry in the SNMP-TARGET-MIB that was used to establish the
connection, and the row's snmpTlstmAddrServerFingerprint
column has non-empty value, then the server's presented
certificate is compared with the
snmpTlstmAddrServerFingerprint value (and the
snmpTlstmAddrServerIdentity column is ignored).  If the
fingerprint matches, the verification has succeeded.  If the
fingerprint does not match, then the connection MUST be
closed.
          
If the server's presented certificate has passed
certification path validation [RFC5280] to a configured
trust anchor, and an active row exists with a zero-length
snmpTlstmAddrServerFingerprint value, then the
snmpTlstmAddrServerIdentity column contains the expected
host name.  This expected host name is then compared against
the server's certificate as follows:
          
  - Implementations MUST support matching the expected host
  name against a dNSName in the subjectAltName extension
  field and MAY support checking the name against the
  CommonName portion of the subject distinguished name.
          
  - The '*' (ASCII 0x2a) wildcard character is allowed in the
  dNSName of the subjectAltName extension (and in common
  name, if used to store the host name), but only as the
  left-most (least significant) DNS label in that value.
  This wildcard matches any left-most DNS label in the
  server name.  That is, the subject *.example.com matches
  the server names a.example.com and b.example.com, but does
  not match example.com or a.b.example.com.  Implementations
  MUST support wildcards in certificates as specified above,
  but MAY provide a configuration option to disable them.
          
  - If the locally configured name is an internationalized
  domain name, conforming implementations MUST convert it to
  the ASCII Compatible Encoding (ACE) format for performing
  comparisons, as specified in Section 7 of [RFC5280].
          
If the expected host name fails these conditions then the
connection MUST be closed.
          
If there is no row in this table corresponding to the entry
in the SNMP-TARGET-MIB and the server can be authorized by
another, implementation-dependent means, then the connection
MAY still proceed.

Context

MIB
SNMP-TLS-TM-MIB
OID
.1.3.6.1.2.1.198.2.2.1.9
Type
table
Status
current
Parent
snmpTlstmCertificateMapping
Siblings
8
Children
1

Syntax

No syntax metadata recorded.

Values & Constraints

No enumerated values or constraints recorded.

Related Objects

Sibling Objects
ObjectTypeSyntaxOID
snmpTlstmCertToTSNCount
A count of the number of entries in the snmpTlstmCertToTSNTable.
scalarSNMPv2-SMIGauge32.1.3.6.1.2.1.198.2.2.1.1
snmpTlstmCertToTSNTableLastChanged
The value of sysUpTime.0 when the snmpTlstmCertToTSNTable was last modified through any means, or 0 if it has not been modified since the command responder was started.
scalarSNMPv2-TCTimeStamp.1.3.6.1.2.1.198.2.2.1.2
snmpTlstmCertToTSNTable
This table is used by a (D)TLS server to map the (D)TLS client's presented X.509 certificate to a tmSecurityName. On an incoming (D)TLS/SNMP connection, the client's pr…
table-.1.3.6.1.2.1.198.2.2.1.3
snmpTlstmParamsCount
A count of the number of entries in the snmpTlstmParamsTable.
scalarSNMPv2-SMIGauge32.1.3.6.1.2.1.198.2.2.1.4
snmpTlstmParamsTableLastChanged
The value of sysUpTime.0 when the snmpTlstmParamsTable was last modified through any means, or 0 if it has not been modified since the command responder was started.
scalarSNMPv2-TCTimeStamp.1.3.6.1.2.1.198.2.2.1.5
snmpTlstmParamsTable
This table is used by a (D)TLS client when a (D)TLS connection is being set up using an entry in the SNMP-TARGET-MIB. It extends the SNMP-TARGET-MIB's snmpTargetParamsTable with …
table-.1.3.6.1.2.1.198.2.2.1.6
snmpTlstmAddrCount
A count of the number of entries in the snmpTlstmAddrTable.
scalarSNMPv2-SMIGauge32.1.3.6.1.2.1.198.2.2.1.7
snmpTlstmAddrTableLastChanged
The value of sysUpTime.0 when the snmpTlstmAddrTable was last modified through any means, or 0 if it has not been modified since the command responder was started.
scalarSNMPv2-TCTimeStamp.1.3.6.1.2.1.198.2.2.1.8
Child Objects
ObjectTypeSyntaxOID
snmpTlstmAddrEntry
A conceptual row containing a copy of a certificate's fingerprint for a given snmpTargetAddrEntry. The values in this row should be ignored if the connection that needs to be est…
row-.1.3.6.1.2.1.198.2.2.1.9.1