Iñaki Baz Castillo writes: > In order to implement it, I suggest the following behaviour in sip-router: > > - A client establishes a TLS session with sip-router. > - The client presents a TLS certificate. > - sip-router extracts the SIP identities of the certificate and stores > them, somehow, in attributes belonging to this TLS session (maybe > pseudovariables). > - In the logic script, it would be possible then to match the From > domain of the request (or whatever) against the list of SIP identities > in the certificate (so authentication is done).
inaki, i do it simply by fetching client's (which may be another proxy too) attributes from htable based on @tls.peer.subject.cn. one of the attributes can be domain name and if so further attributes can be fetched from domain_attrs table. very easy and has been worked fine so far. -- juha _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
