5 Oct
2005
5 Oct
'05
7:37 p.m.
Hi Klaus,
The standard is X509v3.
Alexander Philipp Lintenhofer wrote:
OK, that is also my state of information. So you import the root
certificates of
all trusted domains with which you want authentification.
Hi Klaus,
TLS: Is this feature already tested with version 0.10.x? Is it
necessary that
both proxies are under the same root-CA or is it possible to define
different
up to now I did not tested it, I just read the README. If I understand
it correctly, than you can import as man CA certs as you like. trust anchors by distributing root certificates?
Or do I need a
cross-path
mechanism to deal with this problem?
At the moment I'm having problems figuring out how the server
certificate must look like. e.g. a lookup for sip:klaus@example.net may lead to
another domain
using SRV. Which domain must be in the certificate? Where in the
certificate (Subject? Subject alternative name? ...)
The SRV-Request yields the resonsible sipserver of example.net.
According to
RFC3261 the subject of the certificate must correspond to the canonical
hostname of this server.
I believe that your outbound proxy exchanges his certificate with the
inbound of
example.net for mutual authentification. So regarding RFC 2246 both need
a way
to validate the other cert. -> ?
regards,
philipp
proxy2proxy authentication is usually done by
TLS.
The problem is that both proxies use different nonce to
authenticate. You can try to set the secret on both proxies:
http://openser.org/docs/modules/0.10.x/auth.html#AEN62
regards
klaus
Taras Bendik wrote:
Situation:
client1 ----->openser1 ----> openser2 ---->client2
Both openser have same accounts (user/pass)
When im not using proxy authentification it works ok.
If i use it it gives me 407
i have tried to use following
http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
and always goes executing this part
if (isflagset(7)) {
t_reply("503","Authentication failed");
break;
}
I look at ngrep log, and it is some thing like this
ser1 -> ser2 INVITE
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
It seems to me that openser1 cannot authentificate on openser2.
Thanks in advance
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users