sr-users December 2008

sr-users@lists.kamailio.org

73 participants
107 discussions

by jerome.herve＠orange-ftgroup.com

hello everyone, I still have an issue with auth_identity : I have this error: AUTH_IDENTITY VERIFIER: common name of certificate doesn't match host name The common name of my certificate is the name of my domain (used in Identity Info URL). I believe I've done the correct thing... Any idea guys ? Cheers, Jérôme HERVE -----Message d'origine----- De : Kovács Gergely [mailto:kg@testbike.hu] Envoyé : jeudi 11 décembre 2008 22:23 À : zze-HERVE Jerome RD-CORE-LAN Objet : Re: [Serusers] Issue with auth_identity Hi Jerome, I'm the one who developed auth_identity few years ago. I checked the source and it seems that your auth_identity was unable to decode the certificate that it had been successfully downloaded. How did you generate the certificates? Auth_identity supports only openssl! Of course I had it working :) You can find SER config snippets in the manual of the module: http://www.iptel.org/auth_identity_0 Shall I write you the openssl command line switches I used for generating certificates? Cheers, Gergo > -------- Original Message -------- > Subject: Re: [Serusers] Issue with auth_identity > Date: Wed, 10 Dec 2008 16:06:08 +0100 > From: <jerome.herve(a)orange-ftgroup.com> > To: <victor.pascual.avila(a)gmail.com> > CC: serusers(a)lists.iptel.org > > Hi, > Yes I've tried again with other certificates. > It happens before the vrfy_check_certificate... > During the function vrfy_get_certificate. > I really don't understand it. > If I put a wrong certificate name, I have a 404 Not Found so I believe > it sees the certificate. > But maybe it doesn't manage to download it. > Did you manage to make this working? > > > Jérôme HERVE > FT/NSM/RD/CORE/M2V/SID > tél. 02 96 05 27 41 > mob. 06 76 15 18 49 > jerome.herve(a)orange-ftgroup.com > > > -----Message d'origine----- > De : Victor Pascual Ávila [mailto:victor.pascual.avila@gmail.com] > Envoyé : mercredi 10 décembre 2008 14:13 À : zze-HERVE Jerome > RD-CORE-LAN Cc : serusers(a)lists.iptel.org Objet : Re: [Serusers] Issue > with auth_identity > > Hi Jerome, > I'm not sure about this but have you tried using other certificates? > > Cheers, > -Victor > > On Wed, Dec 10, 2008 at 11:30 AM, <jerome.herve(a)orange-ftgroup.com> wrote: >> Hello, >> >> I am trying to put in place auth_identity between 2 SER proxies and it >> doesn't work well. >> The first one manages to add identity and identity_info fields and to >> send the INVITE to the other proxy. >> But when the other proxy receive the message and does his tests there >> is an issue. >> It sends back a 436 Bad Identity Info. The error happens during the >> "vrfy_get_certificate" function (function which downloads the >> certificate thanks to identity_info URL). >> >> On my proxy logs, I can see this : AUTH_IDENTITY:retrieve_x509: DER >> Certificate error:0D0680A8:asn1 encoding >> routines:ASN1_CHECK_TLEN:wrong tag >> >> I really don't know what to do, do you have any idea? >> Thanks, >> Regards, >> >> Jérôme HERVE >> >> _______________________________________________ >> Serusers mailing list >> Serusers(a)lists.iptel.org >> http://lists.iptel.org/mailman/listinfo/serusers >> >> > > > > -- > Victor Pascual Ávila > _______________________________________________ > Serusers mailing list > Serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers

15 years, 11 months