[OpenSIPS-Users] Usage of TLS require_cert and verify_cert settings

Vlad Patrascu vladp at opensips.org
Wed Apr 28 16:25:47 EST 2021


Hi Adrian,

It is not possible to change those parameters on the fly. But I think 
you can implement your scenarios by setting a domain with 
require_cert=0, verify_cert=0 and using the is_peer_verified() script 
function to check the connections from the remote server.

Regards,

-- 
Vlad Patrascu
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 22.04.2021 17:15, Adrian Georgescu wrote:
> Hello,
>
> I have a question.
>
> I have the following TLS scenarios:
>
> 1) A local user for a domain I own, connects to my server using TLS. 
> If the domain is local, I will authenticate the user against my 
> database and I do not care if the user has a certificate
> 2) A remote server, connects to my server using TLS and pretends that 
> is domainX.com <http://domainX.com>. In such case, the only way to 
> verify that this is true is by requiring a certificate and verify it
>
> So there is a logic split between when to require and how to verify a 
> certificate depending on the fact that we deal with a local user or a 
> foreign domain.
>
> I would like to know if is possible to set require_cert and 
> verify_cert on the fly, while routing packets, instead of configuring 
> them statically per domain.
>
> Regards,
> Adrian
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20210428/8d7cbff1/attachment.html>


More information about the Users mailing list