i read tls code and docs more carefully and found that if tls server is configured like this:
[server:default] verify_certificate = yes require_certificate = no tls_method = SSLv23 private_key = /etc/sip-proxy/certs/sip-proxy/key.pem certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem ca_list = /etc/ssl/certs/cacert.org.pem then server asks certificate from client. if client provides one, server verifies it, but it is ok for the client not to provide a certificate. regarding tls module pseudo vars, one can use $tls_peer_verified to test if client provided verified certificate and, if it did, one can use $tls_peer_subject_cn to gets its common name. i added $tls_* pseudo vars to wiki under TLS Module Pseudo Variables, but didn't give any explanation to any of them. -- juha _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
