[Serusers] Issue with auth_identity

jerome.herve at orange-ftgroup.com jerome.herve at orange-ftgroup.com
Fri Dec 12 11:05:38 CET 2008


hello everyone,

I still have an issue with auth_identity :

I have this error: AUTH_IDENTITY VERIFIER: common name of certificate doesn't match host name
The common name of my certificate is the name of my domain (used in Identity Info URL).
I believe I've done the correct thing...
Any idea guys ?

Cheers, 

Jérôme HERVE


-----Message d'origine-----
De : Kovács Gergely [mailto:kg at testbike.hu] 
Envoyé : jeudi 11 décembre 2008 22:23
À : zze-HERVE Jerome RD-CORE-LAN
Objet : Re: [Serusers] Issue with auth_identity

Hi Jerome,

I'm the one who developed auth_identity few years ago. I checked the source and it seems that your auth_identity was unable to decode the certificate that it had been successfully downloaded.

How did you generate the certificates? Auth_identity supports only openssl!

Of course I had it working :) You can find SER config snippets in the manual of the module: http://www.iptel.org/auth_identity_0

Shall I write you the openssl command line switches I used for generating certificates?


Cheers,
   Gergo


> -------- Original Message --------
> Subject: Re: [Serusers] Issue with auth_identity
> Date: Wed, 10 Dec 2008 16:06:08 +0100
> From: <jerome.herve at orange-ftgroup.com>
> To: <victor.pascual.avila at gmail.com>
> CC: serusers at lists.iptel.org
> 
> Hi,
> Yes I've tried again with other certificates.
> It happens before the vrfy_check_certificate...
> During the function vrfy_get_certificate.
> I really don't understand it.
> If I put a wrong certificate name, I have a 404 Not Found so I
believe 
> it sees the certificate.
> But maybe it doesn't manage to download it.
> Did you manage to make this working?
> 
> 
> Jérôme HERVE
> FT/NSM/RD/CORE/M2V/SID
> tél. 02 96 05 27 41
> mob. 06 76 15 18 49
> jerome.herve at orange-ftgroup.com
> 
> 
> -----Message d'origine-----
> De : Victor Pascual Ávila [mailto:victor.pascual.avila at gmail.com]
> Envoyé : mercredi 10 décembre 2008 14:13 À : zze-HERVE Jerome 
> RD-CORE-LAN Cc : serusers at lists.iptel.org Objet : Re: [Serusers] Issue 
> with auth_identity
> 
> Hi Jerome,
> I'm not sure about this but have you tried using other certificates?
> 
> Cheers,
> -Victor
> 
> On Wed, Dec 10, 2008 at 11:30 AM,  <jerome.herve at orange-ftgroup.com>
wrote:
>> Hello,
>>
>> I am trying to put in place auth_identity between 2 SER proxies and
it 
>> doesn't work well.
>> The first one manages to add identity and identity_info fields and
to 
>> send the INVITE to the other proxy.
>> But when the other proxy receive the message and does his tests
there 
>> is an issue.
>> It sends back a 436 Bad Identity Info. The error happens during the 
>> "vrfy_get_certificate" function (function which downloads the 
>> certificate thanks to identity_info URL).
>>
>> On my proxy logs, I can see this : AUTH_IDENTITY:retrieve_x509: DER 
>> Certificate error:0D0680A8:asn1 encoding 
>> routines:ASN1_CHECK_TLEN:wrong tag
>>
>> I really don't know what to do, do you have any idea?
>> Thanks,
>> Regards,
>>
>> Jérôme HERVE
>>
>> _______________________________________________
>> Serusers mailing list
>> Serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
> 
> 
> 
> --
> Victor Pascual Ávila
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers





More information about the sr-users mailing list