[SR-Users] $sel(tls.peer.subject.cn) error
Juha Heinanen
jh at tutpro.com
Thu Apr 10 10:58:29 CEST 2014
Daniel-Constantin Mierla writes:
> Note that there should be direct pv alternative, as I could see in the
> module, such as $tls_peer_subject_cn -- see tls_pv structure inside
> tls_select.c file of the tls module. Not sure if they were documented
> somewhere.
those seem to work without modifying tls module source. i tested like
this:
if (proto == TLS) {
xlog("L_INFO", "tls_my_subject_cn = <$tls_my_subject_cn>\n");
xlog("L_INFO", "tls_peer_subject_cn = <$tls_peer_subject_cn>\n");
};
and got:
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: REGISTER <sip:test at test.tutpro.com> by <test at test.tutpro.com> from <192.98.102.30> is authorized
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: tls_my_subject_cn = <test.tutpro.com>
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: tls [tls_select.c:152]: get_cert(): Unable to retrieve TLS certificate from SSL structure
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: tls_peer_subject_cn = <<null>>
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: tls [tls_select.c:152]: get_cert(): Unable to retrieve TLS certificate from SSL structure
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: <core> [lvalue.c:416]: lval_assign(): assignment failed at pos: (878,49-878,49)
i'm not sure yet, if this peer gave its certificate during the
handshake. if there is no peer certificate, ERROR level message seems
like an overkill. in my opinion it would suffice to return empty
value.
-- juha
More information about the sr-users
mailing list