[SR-Users] about tls client certificates

Daniel-Constantin Mierla miconda at gmail.com
Fri Apr 11 12:18:36 CEST 2014


On 11/04/14 09:12, Juha Heinanen wrote:
> i read tls code and docs more carefully and found that if tls server is
> configured like this:
>
> [server:default]
> verify_certificate = yes
> require_certificate = no
> tls_method = SSLv23
> private_key = /etc/sip-proxy/certs/sip-proxy/key.pem
> certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem
> ca_list = /etc/ssl/certs/cacert.org.pem
>
> then server asks certificate from client.  if client provides one,
> server verifies it, but it is ok for the client not to provide a
> certificate.
>
> regarding tls module pseudo vars, one can use $tls_peer_verified to test
> if client provided verified certificate and, if it did, one can use
> $tls_peer_subject_cn to gets its common name.
>
> i added $tls_* pseudo vars to wiki under TLS Module Pseudo Variables,
> but didn't give any explanation to any of them.
Thanks, maybe someone will have time to add description as well -- the 
info can be taken from:

- http://kamailio.org/docs/modules/1.5.x/tlsops.html#id2454119

Cheers,
Daniel

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda




More information about the sr-users mailing list