[OpenSIPS-Users] Client certificate validation

Bogdan-Andrei Iancu bogdan at voice-system.ro
Thu Sep 24 12:21:19 CEST 2009


Hi Fabio,

following the tread discussion, I think the only option for you is to 
disable the "tls_require_client_certificate"  - I know it is a security 
compromise, but at least it will work ;)...but depends of what you try 
to accomplish here

Regards,
Bogdan


Fabio Spelta wrote:
> Hello all;
>
> I'm trying to setup opensips so to allow connection only from clients
> which present a valid X509 certificate; both
> tls_verify_client  and tls_require_client_certificate are enabled (set to "1").
> Well, no matter which softphone I try (eyebeam, minisip, phoner lite),
> the connection fail, and I log this error:
>
> INFO:core:tls_accept: client did not present a certificate
>
> I was starting to wonder if the issue could be a matter of the URI:sip
> SubjectAltName values in the client certificate, as proposed in the
> RFC 3261; while I realized that since *every* client apparently does
> not _even send_ any certificate, it could perhaps be a server side
> issue.
>
> I run opensips 1.4.1-tls in debian etch.
>
> Any hint about how to debut this issue would be greatly appreciated.
>
> Thank you so much,
> --
> Fabio
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>   




More information about the Users mailing list