Klaus Darilion wrote:
Just a question: certificate validation is turned off by default. IMO
this should be turned on by default.
Thus, I suggest changing the default in openser CVS to "validation=on"
and leave it in stable (1.1.x) as it is "validation=off".
What do you think about that?
Any comments on this? Otherwise I change the default to require
certificate verification.
regards
klaus
thanks
klaus
Klaus Darilion wrote:
Hi!
Thanks - I will take care of it.
regards
klaus
[EMAIL PROTECTED] wrote:
Hello,
Issue:
Whatever the value of tls_require_client_certificate, client
certificates are
NEVER mandatory to connect using TLS.
I added the following lines in the openser.cfg file:
tls_verify_client = 1
tls_require_client_certificate = 1
But after restarting openser, I still could connect without any client
certificate and I found this message in the openser logs:
Nov 23 15:09:53 localhost openser: TLS: Client verification
activated.
Client certificates are NOT mandatory.
Patch:
The value found in the configuration file must be stored in
tls_default_server_domain->require_client_cert instead of
tls_default_client_domain->require_client_cert.
690c690
< tls_default_server_domain->require_client_cert=$3;
---
tls_default_client_domain->require_client_cert=$3;
Regards,
Philippe
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
--
Klaus Darilion
nic.at
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
