[Users] tls_require_certificate
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Oct 10 09:44:29 CEST 2005
Cesc wrote:
> Hi Alexander,
>
> That is a very good question.
> An option you have is to use
> tls_verify=1
> tls_require_cert=0
> This will make ser to request a certificate from the other peer, but if
> the peer does not send one the TLS handshake will still succeed.
This would be useable if I could check in openser.cfg if the peer
provided a certificate. E.g.
if (!from_local()) {
if ( tls_authenticated==1 ) {
route(11); # authenticated
exit;
}
if ( proto == TLS ) {
route(12); # not authenticated, but TLS
exit;
}
if ( tls_authenticated==1 ) {
route(13); # not authenticated, not TLS, probably SPIT
exit;
}
}
regards
klaus
More information about the Users
mailing list