Hi Klaus,
Alexander Philipp Lintenhofer wrote:
Hi Klaus,
TLS: Is this feature already tested with version 0.10.x? Is it
necessary that
both proxies are under the same root-CA or is it possible to define
different
up to now I did not tested it, I just read the README. If I understand
it correctly, than you can import as man CA certs as you like.
OK, that is also my state of information. So you import the root
certificates of
all trusted domains with which you want authentification.
trust anchors by distributing root certificates? Or do I need a
cross-path
mechanism to deal with this problem?
At the moment I'm having problems figuring out how the server
certificate must look like.
The standard is X509v3.
e.g. a lookup for sip:[EMAIL PROTECTED] may lead to another domain
using SRV. Which domain must be in the certificate? Where in the
certificate (Subject? Subject alternative name? ...)
The SRV-Request yields the resonsible sipserver of example.net.
According to
RFC3261 the subject of the certificate must correspond to the canonical
hostname of this server.
I believe that your outbound proxy exchanges his certificate with the
inbound of
example.net for mutual authentification. So regarding RFC 2246 both need
a way
to validate the other cert. -> ?
regards,
philipp
proxy2proxy authentication is usually done by TLS.
The problem is that both proxies use different nonce to
authenticate. You can try to set the secret on both proxies:
http://openser.org/docs/modules/0.10.x/auth.html#AEN62
regards
klaus
Taras Bendik wrote:
Situation:
client1 ----->openser1 ----> openser2 ---->client2
Both openser have same accounts (user/pass)
When im not using proxy authentification it works ok.
If i use it it gives me 407
i have tried to use following
http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
and always goes executing this part
if (isflagset(7)) {
t_reply("503","Authentication failed");
break;
}
I look at ngrep log, and it is some thing like this
ser1 -> ser2 INVITE
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
It seems to me that openser1 cannot authentificate on openser2.
Thanks in advance
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
--- Begin Message ---
Hi Klaus,
Alexander Philipp Lintenhofer wrote:
Hi Klaus,
TLS: Is this feature already tested with version 0.10.x? Is it
necessary that
both proxies are under the same root-CA or is it possible to define
different
up to now I did not tested it, I just read the README. If I
understand it correctly, than you can import as man CA certs as you
like.
OK, that is also my state of information. So you import the root
certificates of
all trusted domains with which you want authentification.
trust anchors by distributing root certificates? Or do I need a cross-path
mechanism to deal with this problem?
At the moment I'm having problems figuring out how the server
certificate must look like.
The standard is X509v3.
e.g. a lookup for sip:[EMAIL PROTECTED] may lead to another domain
using SRV. Which domain must be in the certificate? Where in the
certificate (Subject? Subject alternative name? ...)
The SRV-Request yields the resonsible sipserver of example.net. According to
RFC3261 the subject of the certificate must correspond to the canonical
hostname of this server.
I believe that your outbound proxy exchanges his certificate with the
inbound of
example.net for mutual authentification. So regarding RFC 2246 both need a way
to validate the other cert. -> ?
regards,
philipp
proxy2proxy authentication is usually done by TLS.
The problem is that both proxies use different nonce to
authenticate. You can try to set the secret on both proxies:
http://openser.org/docs/modules/0.10.x/auth.html#AEN62
regards
klaus
Taras Bendik wrote:
Situation:
client1 ----->openser1 ----> openser2 ---->client2
Both openser have same accounts (user/pass)
When im not using proxy authentification it works ok.
If i use it it gives me 407
i have tried to use following
http://www.voice-system.ro/docs/uac/ar01s06.html#ex_auth
and always goes executing this part
if (isflagset(7)) {
t_reply("503","Authentication failed");
break;
}
I look at ngrep log, and it is some thing like this
ser1 -> ser2 INVITE
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
ser1 -> ser2 INVITE with auth
ser2 -> ser1 AUTH Required
It seems to me that openser1 cannot authentificate on openser2.
Thanks in advance
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
--- End Message ---
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
