[SR-Users] about tls client certificates
Juha Heinanen
jh at tutpro.com
Fri Apr 11 09:12:49 CEST 2014
i read tls code and docs more carefully and found that if tls server is
configured like this:
[server:default]
verify_certificate = yes
require_certificate = no
tls_method = SSLv23
private_key = /etc/sip-proxy/certs/sip-proxy/key.pem
certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem
ca_list = /etc/ssl/certs/cacert.org.pem
then server asks certificate from client. if client provides one,
server verifies it, but it is ok for the client not to provide a
certificate.
regarding tls module pseudo vars, one can use $tls_peer_verified to test
if client provided verified certificate and, if it did, one can use
$tls_peer_subject_cn to gets its common name.
i added $tls_* pseudo vars to wiki under TLS Module Pseudo Variables,
but didn't give any explanation to any of them.
-- juha
More information about the sr-users
mailing list