[OpenSIPS-Users] Client certificate validation

Klaus Darilion klaus.mailinglists at pernau.at
Wed Sep 23 16:55:07 CEST 2009



Adrian Georgescu schrieb:
> Is not a server issue, simply the clients do not support this feature,  
> they do not provide a client certificate.

Yes.

At least for testing purposes you can try with QjSimple - IIRC I have 
implemented it there.

regards
klaus

> 
> --
> Adrian
> 
> 
> 
> 
> 
> On Sep 23, 2009, at 1:49 PM, Fabio Spelta wrote:
> 
>> Hello all;
>>
>> I'm trying to setup opensips so to allow connection only from clients
>> which present a valid X509 certificate; both
>> tls_verify_client  and tls_require_client_certificate are enabled  
>> (set to "1").
>> Well, no matter which softphone I try (eyebeam, minisip, phoner lite),
>> the connection fail, and I log this error:
>>
>> INFO:core:tls_accept: client did not present a certificate
>>
>> I was starting to wonder if the issue could be a matter of the URI:sip
>> SubjectAltName values in the client certificate, as proposed in the
>> RFC 3261; while I realized that since *every* client apparently does
>> not _even send_ any certificate, it could perhaps be a server side
>> issue.
>>
>> I run opensips 1.4.1-tls in debian etch.
>>
>> Any hint about how to debut this issue would be greatly appreciated.
>>
>> Thank you so much,
>> --
>> Fabio
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



More information about the Users mailing list