Thanks Steffen. this indeed worked, i.e. I was able to start openSER just by splitting the flags to tls_require_client_certificate and tls_verify_client and tls_verify_server...Now will start using the tls...:) Thanks..
On 12/27/06, Steffen Witt <[EMAIL PROTECTED]> wrote:
Hello Ncheeku, there are some syntax changes necessary in your config file: http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x This section reflects changes in configuration file format. TLS Note: the following text is based on current CVS+the TLS patch ( http://sourceforge.net/tracker/index.php?func=detail&aid=1477147&group_id=139143&atid=743022 ) * "tls_require_certificate" was renamed to "tls_require_client_certificate" to be more accurate and self explanatory * "tls_verify" was splitted into "tls_verify_client" and "tls_verify_server" to set the verify policy indepdently for TLS client and TLS server domains * new parameter "tls_client_domain_avp" defines the AVP for AVP based TLS client domain selection * parameter "tls_domain" was splitted into "tls_client_domain" and "tls_server_domain" to allow definition of TLS client and server domains * "tls_verify_client", "tls_verify_server" and "tls_require_client_certificate" can be used inside the respective tls_xxxx_domain block to define the verify policy per TLS domain * "tls_ciphers_list" can be used inside the tls_xxxx_domain block to specify the TLS method per TLS domain For more details refer to the TLS README in tls/ Hope it helps... Best regards Steffen 2006/12/27, Ncheeku Baranov <[EMAIL PROTECTED]>: > Hi, > > I just compiled openSER with TLS support. I checked that TLS = 1 in the > Makefile when I compiled openSER. Now when I try to uncomment the parameters > in the openser.cfg to enable the TLS support and restart openSER it does not > start (I am using openserctl start command to start openser). It gives an > error saying ERROR:PID file /var/run/openser.pid does not exist -- OpenSER > start failed. I am using the following parameters in the openser.cfgfile > for the TLS support: > > disable_tls = 0 > listen = tls:10.30.100.41:5061 > tls_verify = 1 > tls_require_certificate = 0 > tls_method = TLSv1 > tls_certificate = > "/usr/local/etc/openser/tls/user/user-cert.pem" > tls_private_key = > "/usr/local/etc/openser/tls/user/user-privkey.pem" > tls_ca_list = > "usr/local/etc/openser/tls/user/user-calist.pem" > > I have checked that all the paths are correct in defining the > tls_certificate, tls_private_key and tls_ca_list. > I used the source tarball openser-1.1.0-tls_src.tar.gz for installing the > openser. Your help is much appreciated. > > Thanks > NCheeku > > _______________________________________________ > Users mailing list > [email protected] > http://openser.org/cgi-bin/mailman/listinfo/users > > >
_______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
