[OpenSIPS-Users] Client certificate validation
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Thu Sep 24 12:21:19 CEST 2009
Hi Fabio,
following the tread discussion, I think the only option for you is to
disable the "tls_require_client_certificate" - I know it is a security
compromise, but at least it will work ;)...but depends of what you try
to accomplish here
Regards,
Bogdan
Fabio Spelta wrote:
> Hello all;
>
> I'm trying to setup opensips so to allow connection only from clients
> which present a valid X509 certificate; both
> tls_verify_client and tls_require_client_certificate are enabled (set to "1").
> Well, no matter which softphone I try (eyebeam, minisip, phoner lite),
> the connection fail, and I log this error:
>
> INFO:core:tls_accept: client did not present a certificate
>
> I was starting to wonder if the issue could be a matter of the URI:sip
> SubjectAltName values in the client certificate, as proposed in the
> RFC 3261; while I realized that since *every* client apparently does
> not _even send_ any certificate, it could perhaps be a server side
> issue.
>
> I run opensips 1.4.1-tls in debian etch.
>
> Any hint about how to debut this issue would be greatly appreciated.
>
> Thank you so much,
> --
> Fabio
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
More information about the Users
mailing list