10 Oct
2005
10 Oct
'05
7:44 a.m.
Cesc wrote:
Hi Alexander,
That is a very good question. An option you have is to use tls_verify=1 tls_require_cert=0 This will make ser to request a certificate from the other peer, but if the peer does not send one the TLS handshake will still succeed.
This would be useable if I could check in openser.cfg if the peer provided a certificate. E.g.
if (!from_local()) { if ( tls_authenticated==1 ) { route(11); # authenticated exit; } if ( proto == TLS ) { route(12); # not authenticated, but TLS exit; } if ( tls_authenticated==1 ) { route(13); # not authenticated, not TLS, probably SPIT exit; } }
regards klaus