[sr-dev] TLS inspection for authentication
Juha Heinanen
jh at tutpro.com
Wed May 25 14:31:01 CEST 2011
Iñaki Baz Castillo writes:
> In order to implement it, I suggest the following behaviour in sip-router:
>
> - A client establishes a TLS session with sip-router.
> - The client presents a TLS certificate.
> - sip-router extracts the SIP identities of the certificate and stores
> them, somehow, in attributes belonging to this TLS session (maybe
> pseudovariables).
> - In the logic script, it would be possible then to match the From
> domain of the request (or whatever) against the list of SIP identities
> in the certificate (so authentication is done).
inaki,
i do it simply by fetching client's (which may be another proxy too)
attributes from htable based on @tls.peer.subject.cn. one of the
attributes can be domain name and if so further attributes can be
fetched from domain_attrs table. very easy and has been worked fine so
far.
-- juha
More information about the sr-dev
mailing list