Hi Adrian,
It is not possible to change those parameters on the fly. But I think
you can implement your scenarios by setting a domain with
require_cert=0, verify_cert=0 and using the is_peer_verified() script
function to check the connections from the remote server.
Regards,
--
Vlad Patrascu
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 22.04.2021 17:15, Adrian Georgescu wrote:
Hello,
I have a question.
I have the following TLS scenarios:
1) A local user for a domain I own, connects to my server using TLS.
If the domain is local, I will authenticate the user against my
database and I do not care if the user has a certificate
2) A remote server, connects to my server using TLS and pretends that
is domainX.com <http://domainX.com>. In such case, the only way to
verify that this is true is by requiring a certificate and verify it
So there is a logic split between when to require and how to verify a
certificate depending on the fact that we deal with a local user or a
foreign domain.
I would like to know if is possible to set require_cert and
verify_cert on the fly, while routing packets, instead of configuring
them statically per domain.
Regards,
Adrian
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users