[Users] TLS problem, not able to start openSER

Ncheeku Baranov opensersubscribe at gmail.com
Wed Dec 27 21:49:43 CET 2006


Thanks Steffen. this indeed worked, i.e. I was able to start openSER just by
splitting the flags to tls_require_client_certificate and tls_verify_client
and tls_verify_server...Now will start using the tls...:)
Thanks..



On 12/27/06, Steffen Witt <witt.steffen at googlemail.com> wrote:
>
> Hello Ncheeku,
>
> there are some syntax changes necessary in your config file:
>
> http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x
>
>
> This section reflects changes in configuration file format.
> TLS
>
> Note: the following text is based on current CVS+the TLS patch
> (
> http://sourceforge.net/tracker/index.php?func=detail&aid=1477147&group_id=139143&atid=743022
> )
>
>    *
>      "tls_require_certificate" was renamed to
> "tls_require_client_certificate" to be more accurate and self
> explanatory
>    *
>      "tls_verify" was splitted into "tls_verify_client" and
> "tls_verify_server" to set the verify policy indepdently for TLS
> client and TLS server domains
>    *
>      new parameter "tls_client_domain_avp" defines the AVP for AVP
> based TLS client domain selection
>    *
>      parameter "tls_domain" was splitted into "tls_client_domain" and
> "tls_server_domain" to allow definition of TLS client and server
> domains
>    *
>      "tls_verify_client", "tls_verify_server" and
> "tls_require_client_certificate" can be used inside the respective
> tls_xxxx_domain block to define the verify policy per TLS domain
>    *
>      "tls_ciphers_list" can be used inside the tls_xxxx_domain block
> to specify the TLS method per TLS domain
>
> For more details refer to the TLS README in tls/
>
>
> Hope it helps...
>
>
> Best regards
> Steffen
>
>
>
>
> 2006/12/27, Ncheeku Baranov <opensersubscribe at gmail.com>:
> > Hi,
> >
> > I just compiled openSER with TLS support. I checked that TLS = 1 in the
> > Makefile when I compiled openSER. Now when I try to uncomment the
> parameters
> > in the openser.cfg to enable the TLS support and restart openSER it does
> not
> > start (I am using openserctl start command to start openser). It gives
> an
> > error saying ERROR:PID file /var/run/openser.pid does not exist --
> OpenSER
> > start failed. I am using the following parameters in the openser.cfgfile
> > for the TLS support:
> >
> > disable_tls = 0
> > listen = tls:10.30.100.41:5061
> > tls_verify = 1
> > tls_require_certificate = 0
> > tls_method = TLSv1
> > tls_certificate =
> > "/usr/local/etc/openser/tls/user/user-cert.pem"
> > tls_private_key =
> > "/usr/local/etc/openser/tls/user/user-privkey.pem"
> > tls_ca_list =
> > "usr/local/etc/openser/tls/user/user-calist.pem"
> >
> > I have checked that all the paths are correct in defining the
> > tls_certificate, tls_private_key and tls_ca_list.
> > I used the source tarball openser-1.1.0-tls_src.tar.gz for installing
> the
> > openser. Your help is much appreciated.
> >
> > Thanks
> > NCheeku
> >
> > _______________________________________________
> > Users mailing list
> > Users at openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061227/31984785/attachment.htm>


More information about the sr-users mailing list