[OpenSIPS-Users] Usage of TLS require_cert and verify_cert settings
Vlad Patrascu
vladp at opensips.org
Wed Apr 28 16:25:47 EST 2021
Hi Adrian,
It is not possible to change those parameters on the fly. But I think
you can implement your scenarios by setting a domain with
require_cert=0, verify_cert=0 and using the is_peer_verified() script
function to check the connections from the remote server.
Regards,
--
Vlad Patrascu
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 22.04.2021 17:15, Adrian Georgescu wrote:
> Hello,
>
> I have a question.
>
> I have the following TLS scenarios:
>
> 1) A local user for a domain I own, connects to my server using TLS.
> If the domain is local, I will authenticate the user against my
> database and I do not care if the user has a certificate
> 2) A remote server, connects to my server using TLS and pretends that
> is domainX.com <http://domainX.com>. In such case, the only way to
> verify that this is true is by requiring a certificate and verify it
>
> So there is a logic split between when to require and how to verify a
> certificate depending on the fact that we deal with a local user or a
> foreign domain.
>
> I would like to know if is possible to set require_cert and
> verify_cert on the fly, while routing packets, instead of configuring
> them statically per domain.
>
> Regards,
> Adrian
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20210428/8d7cbff1/attachment.html>
More information about the Users
mailing list