Christoph Fürstaller wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Is there a possibility to check a client certificate against a CRL? Is
this allready implemented or are there planes to do such?
It is not implemented in openser. I have no plans, but it is easy to do:
There are certain openSSL functions to load the CRL list. You only have
to add a configuration parameter for the location of the CRL, and then
during initiation of the TLS domains load the CRL.
Is it a good idea to use client certs? Or is the effort to realice that
to much? Cause the benefits from authenticating a client only for the
TLS connection isn't that much. And authentication against a DB is done
later on in OpenSER as well. (authentication is done twice)
When using SIP digest authentication to authenticate, IMO there is no
need to require a certificate from the SIP client.
regards
klaus
What do you think?
chris...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEPPHbR0exH8dhr/YRAncQAJ9IEd6eO4cxgeoIna39VwAKnCoz9QCeNEtr
AjCFWx/cTjDcUBBe+EvBQFs=
=fZHN
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
