On 11/04/14 09:12, Juha Heinanen wrote:
i read tls code and docs more carefully and found that if tls server is
configured like this:
[server:default]
verify_certificate = yes
require_certificate = no
tls_method = SSLv23
private_key = /etc/sip-proxy/certs/sip-proxy/key.pem
certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem
ca_list = /etc/ssl/certs/cacert.org.pem
then server asks certificate from client. if client provides one,
server verifies it, but it is ok for the client not to provide a
certificate.
regarding tls module pseudo vars, one can use $tls_peer_verified to test
if client provided verified certificate and, if it did, one can use
$tls_peer_subject_cn to gets its common name.
i added $tls_* pseudo vars to wiki under TLS Module Pseudo Variables,
but didn't give any explanation to any of them.
Thanks, maybe someone will have time to add description as well -- the
info can be taken from:
- http://kamailio.org/docs/modules/1.5.x/tlsops.html#id2454119
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
