[Users] openser2openser

Klaus Darilion klaus.mailinglists at pernau.at
Wed Oct 5 14:53:15 CEST 2005 

Alexander Philipp Lintenhofer wrote:
> Hi Klaus,
> 
> TLS: Is this feature already tested with version 0.10.x? Is it necessary 
> that
> both proxies are under the same root-CA or is it possible to define 
> different

up to now I did not tested it, I just read the README. If I understand 
it correctly, than you can import as man CA certs as you like.

> trust anchors by distributing root certificates? Or do I need a cross-path
> mechanism to deal with this problem?

At the moment I'm having problems figuring out how the server 
certificate must look like.
e.g. a lookup for sip:klaus at example.net may lead to another domain using 
SRV. Which domain must be in the certificate? Where in the certificate 
(Subject? Subject alternative name? ...)

regards
klaus

> 
>> proxy2proxy authentication is usually done by TLS.
>>
>> The problem is that both proxies use different nonce to authenticate. 
>> You can try to set the secret on both proxies:
>> http://openser.org/docs/modules/0.10.x/auth.html#AEN62
>>
>> regards
>> klaus
>>
>> Taras Bendik wrote:
>>
>>> Situation:
>>> client1 ----->openser1 ----> openser2 ---->client2
>>> Both openser have same accounts (user/pass)
>>>
>>> When im not using proxy authentification it works ok.
>>> If i use it it gives me 407
>>>
>>> i have tried to use following
>>> http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
>>>
>>> and always goes executing this part
>>> if (isflagset(7)) {
>>>    t_reply("503","Authentication failed");
>>>    break;
>>> }
>>>
>>> I look at ngrep log, and it is some thing like this
>>>  ser1 -> ser2 INVITE
>>>  ser2 -> ser1 AUTH Required
>>>  ser1 -> ser2 INVITE with auth
>>>  ser2 -> ser1 AUTH Required
>>>  ser1 -> ser2 INVITE with auth
>>>  ser2 -> ser1 AUTH Required
>>> It seems to me that openser1 cannot authentificate on openser2.
>>>
>>>
>>> Thanks in advance
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
> 
> 
> 
>

More information about the Users mailing list