while doing some tls tests, i noticed that if tls.cfg has a section like this
[server:default] verify_certificate = no require_certificate = no tls_method = SSLv23 private_key = /etc/sip-proxy/certs/sip-proxy/key.pem certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem ca_list = /etc/ssl/certs/cacert.org.pem then client does not give its certificate to kamailio server during tls connection setup even if it had one. if i specify: require_certificate = no then client sends its certificate to kamailio server, but if another client does not have a client certificate, then it cannot connect at all. one way to solve this would be making kamailio listen on two tls ports, one for clients that are required to present a a certificate and another port for clients that do not have a certificate. unfortunately, it is not possible to add a mask to ip address in tls.cfg section like this: [server:0.0.0.0/0:5062] does anyone have a solution to this problem (other that running two kamailio instances)? -- juha _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
