[OpenSIPS-Users] Client certificate validation

Adrian Georgescu ag at ag-projects.com
Wed Sep 23 14:13:40 CEST 2009


Is not a server issue, simply the clients do not support this feature,  
they do not provide a client certificate.

--
Adrian





On Sep 23, 2009, at 1:49 PM, Fabio Spelta wrote:

> Hello all;
>
> I'm trying to setup opensips so to allow connection only from clients
> which present a valid X509 certificate; both
> tls_verify_client  and tls_require_client_certificate are enabled  
> (set to "1").
> Well, no matter which softphone I try (eyebeam, minisip, phoner lite),
> the connection fail, and I log this error:
>
> INFO:core:tls_accept: client did not present a certificate
>
> I was starting to wonder if the issue could be a matter of the URI:sip
> SubjectAltName values in the client certificate, as proposed in the
> RFC 3261; while I realized that since *every* client apparently does
> not _even send_ any certificate, it could perhaps be a server side
> issue.
>
> I run opensips 1.4.1-tls in debian etch.
>
> Any hint about how to debut this issue would be greatly appreciated.
>
> Thank you so much,
> --
> Fabio
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list