10 Oct
2005
10 Oct
'05
9:44 a.m.
Cesc wrote:
Hi Alexander,
That is a very good question.
An option you have is to use
tls_verify=1
tls_require_cert=0
This will make ser to request a certificate from the other peer, but if
the peer does not send one the TLS handshake will still succeed.
This would be useable if I could check in openser.cfg if the peer
provided a certificate. E.g.
if (!from_local()) {
if ( tls_authenticated==1 ) {
route(11); # authenticated
exit;
}
if ( proto == TLS ) {
route(12); # not authenticated, but TLS
exit;
}
if ( tls_authenticated==1 ) {
route(13); # not authenticated, not TLS, probably SPIT
exit;
}
}
regards
klaus