hello everyone,
I still have an issue with auth_identity :
I have this error: AUTH_IDENTITY VERIFIER: common name of certificate doesn't match host name The common name of my certificate is the name of my domain (used in Identity Info URL). I believe I've done the correct thing... Any idea guys ?
Cheers,
Jérôme HERVE
-----Message d'origine----- De : Kovács Gergely [mailto:kg@testbike.hu] Envoyé : jeudi 11 décembre 2008 22:23 À : zze-HERVE Jerome RD-CORE-LAN Objet : Re: [Serusers] Issue with auth_identity
Hi Jerome,
I'm the one who developed auth_identity few years ago. I checked the source and it seems that your auth_identity was unable to decode the certificate that it had been successfully downloaded.
How did you generate the certificates? Auth_identity supports only openssl!
Of course I had it working :) You can find SER config snippets in the manual of the module: http://www.iptel.org/auth_identity_0
Shall I write you the openssl command line switches I used for generating certificates?
Cheers, Gergo
-------- Original Message -------- Subject: Re: [Serusers] Issue with auth_identity Date: Wed, 10 Dec 2008 16:06:08 +0100 From: jerome.herve@orange-ftgroup.com To: victor.pascual.avila@gmail.com CC: serusers@lists.iptel.org
Hi, Yes I've tried again with other certificates. It happens before the vrfy_check_certificate... During the function vrfy_get_certificate. I really don't understand it. If I put a wrong certificate name, I have a 404 Not Found so I
believe
it sees the certificate. But maybe it doesn't manage to download it. Did you manage to make this working?
Jérôme HERVE FT/NSM/RD/CORE/M2V/SID tél. 02 96 05 27 41 mob. 06 76 15 18 49 jerome.herve@orange-ftgroup.com
-----Message d'origine----- De : Victor Pascual Ávila [mailto:victor.pascual.avila@gmail.com] Envoyé : mercredi 10 décembre 2008 14:13 À : zze-HERVE Jerome RD-CORE-LAN Cc : serusers@lists.iptel.org Objet : Re: [Serusers] Issue with auth_identity
Hi Jerome, I'm not sure about this but have you tried using other certificates?
Cheers, -Victor
On Wed, Dec 10, 2008 at 11:30 AM, jerome.herve@orange-ftgroup.com
wrote:
Hello,
I am trying to put in place auth_identity between 2 SER proxies and
it
doesn't work well. The first one manages to add identity and identity_info fields and
to
send the INVITE to the other proxy. But when the other proxy receive the message and does his tests
there
is an issue. It sends back a 436 Bad Identity Info. The error happens during the "vrfy_get_certificate" function (function which downloads the certificate thanks to identity_info URL).
On my proxy logs, I can see this : AUTH_IDENTITY:retrieve_x509: DER Certificate error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
I really don't know what to do, do you have any idea? Thanks, Regards,
Jérôme HERVE
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Victor Pascual Ávila _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
jerome.herve@orange-ftgroup.com