Thanks Steffen. this indeed worked, i.e. I was able to start openSER just by splitting the flags to tls_require_client_certificate and tls_verify_client and tls_verify_server...Now will start using the tls...:)

Thanks..

 

On 12/27/06, Steffen Witt <witt.steffen@googlemail.com> wrote:

Hello Ncheeku,

there are some syntax changes necessary in your config file:

http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x


This section reflects changes in configuration file format.
TLS

Note: the following text is based on current CVS+the TLS patch
( http://sourceforge.net/tracker/index.php?func=detail&aid=1477147&group_id=139143&atid=743022)

   *
     "tls_require_certificate" was renamed to
"tls_require_client_certificate" to be more accurate and self
explanatory
   *
     "tls_verify" was splitted into "tls_verify_client" and
"tls_verify_server" to set the verify policy indepdently for TLS
client and TLS server domains
   *
     new parameter "tls_client_domain_avp" defines the AVP for AVP
based TLS client domain selection
   *
     parameter "tls_domain" was splitted into "tls_client_domain" and
"tls_server_domain" to allow definition of TLS client and server
domains
   *
     "tls_verify_client", "tls_verify_server" and
"tls_require_client_certificate" can be used inside the respective
tls_xxxx_domain block to define the verify policy per TLS domain
   *
     "tls_ciphers_list" can be used inside the tls_xxxx_domain block
to specify the TLS method per TLS domain

For more details refer to the TLS README in tls/


Hope it helps...


Best regards
Steffen




2006/12/27, Ncheeku Baranov <opensersubscribe@gmail.com>:
> Hi,
>
> I just compiled openSER with TLS support. I checked that TLS = 1 in the
> Makefile when I compiled openSER. Now when I try to uncomment the parameters
> in the openser.cfg to enable the TLS support and restart openSER it does not
> start (I am using openserctl start command to start openser). It gives an
> error saying ERROR:PID file /var/run/openser.pid does not exist -- OpenSER
> start failed. I am using the following parameters in the openser.cfg file
> for the TLS support:
>
> disable_tls = 0
> listen = tls:10.30.100.41:5061
> tls_verify = 1
> tls_require_certificate = 0
> tls_method = TLSv1
> tls_certificate =
> "/usr/local/etc/openser/tls/user/user- cert.pem"
> tls_private_key =
> "/usr/local/etc/openser/tls/user/user-privkey.pem"
> tls_ca_list =
> "usr/local/etc/openser/tls/user/user-calist.pem"
>
> I have checked that all the paths are correct in defining the
> tls_certificate, tls_private_key and tls_ca_list.
> I used the source tarball openser-1.1.0-tls_src.tar.gz for installing the
> openser. Your help is much appreciated.
>
> Thanks
> NCheeku
>
> _______________________________________________
> Users mailing list
> Users@openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
>