Hello Ncheeku,
there are some syntax changes necessary in your config file:
http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x
This section reflects changes in configuration file format. TLS
Note: the following text is based on current CVS+the TLS patch (http://sourceforge.net/tracker/index.php?func=detail&aid=1477147&gro...)
* "tls_require_certificate" was renamed to "tls_require_client_certificate" to be more accurate and self explanatory * "tls_verify" was splitted into "tls_verify_client" and "tls_verify_server" to set the verify policy indepdently for TLS client and TLS server domains * new parameter "tls_client_domain_avp" defines the AVP for AVP based TLS client domain selection * parameter "tls_domain" was splitted into "tls_client_domain" and "tls_server_domain" to allow definition of TLS client and server domains * "tls_verify_client", "tls_verify_server" and "tls_require_client_certificate" can be used inside the respective tls_xxxx_domain block to define the verify policy per TLS domain * "tls_ciphers_list" can be used inside the tls_xxxx_domain block to specify the TLS method per TLS domain
For more details refer to the TLS README in tls/
Hope it helps...
Best regards Steffen
2006/12/27, Ncheeku Baranov opensersubscribe@gmail.com:
Hi,
I just compiled openSER with TLS support. I checked that TLS = 1 in the Makefile when I compiled openSER. Now when I try to uncomment the parameters in the openser.cfg to enable the TLS support and restart openSER it does not start (I am using openserctl start command to start openser). It gives an error saying ERROR:PID file /var/run/openser.pid does not exist -- OpenSER start failed. I am using the following parameters in the openser.cfg file for the TLS support:
disable_tls = 0 listen = tls:10.30.100.41:5061 tls_verify = 1 tls_require_certificate = 0 tls_method = TLSv1 tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" tls_ca_list = "usr/local/etc/openser/tls/user/user-calist.pem"
I have checked that all the paths are correct in defining the tls_certificate, tls_private_key and tls_ca_list. I used the source tarball openser-1.1.0-tls_src.tar.gz for installing the openser. Your help is much appreciated.
Thanks NCheeku
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users