11 Oct
2005
11 Oct
'05
3:58 p.m.
On 11-10-2005 15:46, Klaus Darilion wrote:
Jan Janak wrote:
Client certificate ? Why ? Make sure that the client certificate is
created by a trusted CA (which is known to SER) and once a request
arrives over TLS then you know that the certificate was valid
(provided that you enable client certificate verification).
Jan.
On 11-10-2005 14:55, Klaus Darilion wrote:
Right! I think this should be documented somewhere :-)
Maybe we can adopt the this function to verify the doman of the client
certificate? Hi all!
I want to differ between _incoming_ SIP requests from trusted peers and
from untrused (for different call routing). I came to the following
solutions. All of them has some disadvantages, and I would like to now
which you would prefer:
1. src_ip: incoming request are authenticated using the src_ip (only in
TCP mode useful)
+: easy to implement
+: easy to differ authenticated from unauthenticated incoming calls
-: lots of configuration (IP addresses may change, )
This can be implemented using if src_ip==... blocks in openser.cfg,
which would require the change the script everytime the IP addresses are
changed. Also requires restart of the proxy.
You can also use trusted table and permission module.