[OpenSIPS-Users] Client certificate validation

Fabio Spelta spelta at gmail.com
Wed Sep 23 13:49:23 CEST 2009


Hello all;

I'm trying to setup opensips so to allow connection only from clients
which present a valid X509 certificate; both
tls_verify_client  and tls_require_client_certificate are enabled (set to "1").
Well, no matter which softphone I try (eyebeam, minisip, phoner lite),
the connection fail, and I log this error:

INFO:core:tls_accept: client did not present a certificate

I was starting to wonder if the issue could be a matter of the URI:sip
SubjectAltName values in the client certificate, as proposed in the
RFC 3261; while I realized that since *every* client apparently does
not _even send_ any certificate, it could perhaps be a server side
issue.

I run opensips 1.4.1-tls in debian etch.

Any hint about how to debut this issue would be greatly appreciated.

Thank you so much,
--
Fabio



More information about the Users mailing list