[Devel] Re: [Users] TLS setup
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Mon Oct 10 20:47:20 CEST 2005
Hi Juha,
not sure, but maybe the certificated to be used should be selected based
on the domain advertised in the received certificate. Like if you
received a certificated advertising server1.com, you should use the
client/server certificated you have with that domain....
just an idea.....
regards,
bogdan
Juha Heinanen wrote:
>since tls connection is setup BEFORE any sip requests are sent, i guess
>the proxy (even if it had one certificate per domain) could not know
>which server certificate to advertise to the client.
>
>on the other hand, when proxy is relaying a request, it does know for
>which domain it is doing it and thus could use client certificate of
>that domain.
>
>what is the conclusion of this? only generate one server/client
>certificate for the proxy even if it serves multiple domains?
>
>-- juha
>
>
>
More information about the Devel
mailing list