Hello Ncheeku,
there are some syntax changes necessary in your config file:
http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x
This section reflects changes in configuration file format.
TLS
Note: the following text is based on current CVS+the TLS patch
(
http://sourceforge.net/tracker/index.php?func=detail&aid=1477147&gr…)
*
"tls_require_certificate" was renamed to
"tls_require_client_certificate" to be more accurate and self
explanatory
*
"tls_verify" was splitted into "tls_verify_client" and
"tls_verify_server" to set the verify policy indepdently for TLS
client and TLS server domains
*
new parameter "tls_client_domain_avp" defines the AVP for AVP
based TLS client domain selection
*
parameter "tls_domain" was splitted into "tls_client_domain"
and
"tls_server_domain" to allow definition of TLS client and server
domains
*
"tls_verify_client", "tls_verify_server" and
"tls_require_client_certificate" can be used inside the respective
tls_xxxx_domain block to define the verify policy per TLS domain
*
"tls_ciphers_list" can be used inside the tls_xxxx_domain block
to specify the TLS method per TLS domain
For more details refer to the TLS README in tls/
Hope it helps...
Best regards
Steffen
2006/12/27, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
Hi,
I just compiled openSER with TLS support. I checked that TLS = 1 in the
Makefile when I compiled openSER. Now when I try to uncomment the parameters
in the openser.cfg to enable the TLS support and restart openSER it does not
start (I am using openserctl start command to start openser). It gives an
error saying ERROR:PID file /var/run/openser.pid does not exist -- OpenSER
start failed. I am using the following parameters in the openser.cfg file
for the TLS support:
disable_tls = 0
listen = tls:10.30.100.41:5061
tls_verify = 1
tls_require_certificate = 0
tls_method = TLSv1
tls_certificate =
"/usr/local/etc/openser/tls/user/user-cert.pem"
tls_private_key =
"/usr/local/etc/openser/tls/user/user-privkey.pem"
tls_ca_list =
"usr/local/etc/openser/tls/user/user-calist.pem"
I have checked that all the paths are correct in defining the
tls_certificate, tls_private_key and tls_ca_list.
I used the source tarball openser-1.1.0-tls_src.tar.gz for installing the
openser. Your help is much appreciated.
Thanks
NCheeku
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users