hello everyone,
I still have an issue with auth_identity :
I have this error: AUTH_IDENTITY VERIFIER: common name of certificate doesn't match host name
The common name of my certificate is the name of my domain (used in Identity Info URL).
I believe I've done the correct thing...
Any idea guys ?
Cheers,
Jérôme HERVE
-----Message d'origine-----
De : Kovács Gergely [mailto:kg@testbike.hu]
Envoyé : jeudi 11 décembre 2008 22:23
À : zze-HERVE Jerome RD-CORE-LAN
Objet : Re: [Serusers] Issue with auth_identity
Hi Jerome,
I'm the one who developed auth_identity few years ago. I checked the source and it seems that your auth_identity was unable to decode the certificate that it had been successfully downloaded.
How did you generate the certificates? Auth_identity supports only openssl!
Of course I had it working :) You can find SER config snippets in the manual of the module: http://www.iptel.org/auth_identity_0
Shall I write you the openssl command line switches I used for generating certificates?
Cheers,
Gergo
-------- Original Message --------
Subject: Re: [Serusers] Issue with auth_identity
Date: Wed, 10 Dec 2008 16:06:08 +0100
From: jerome.herve@orange-ftgroup.com
To: victor.pascual.avila@gmail.com
CC: serusers@lists.iptel.org
Hi,
Yes I've tried again with other certificates.
It happens before the vrfy_check_certificate...
During the function vrfy_get_certificate.
I really don't understand it.
If I put a wrong certificate name, I have a 404 Not Found so I
believe
it sees the certificate.
But maybe it doesn't manage to download it.
Did you manage to make this working?
Jérôme HERVE
FT/NSM/RD/CORE/M2V/SID
tél. 02 96 05 27 41
mob. 06 76 15 18 49
jerome.herve@orange-ftgroup.com
-----Message d'origine-----
De : Victor Pascual Ávila [mailto:victor.pascual.avila@gmail.com]
Envoyé : mercredi 10 décembre 2008 14:13 À : zze-HERVE Jerome
RD-CORE-LAN Cc : serusers@lists.iptel.org Objet : Re: [Serusers] Issue
with auth_identity
Hi Jerome,
I'm not sure about this but have you tried using other certificates?
Cheers,
-Victor
On Wed, Dec 10, 2008 at 11:30 AM, jerome.herve@orange-ftgroup.com
wrote:
Hello,
I am trying to put in place auth_identity between 2 SER proxies and
it
doesn't work well.
The first one manages to add identity and identity_info fields and
to
send the INVITE to the other proxy.
But when the other proxy receive the message and does his tests
there
is an issue.
It sends back a 436 Bad Identity Info. The error happens during the
"vrfy_get_certificate" function (function which downloads the
certificate thanks to identity_info URL).
On my proxy logs, I can see this : AUTH_IDENTITY:retrieve_x509: DER
Certificate error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag
I really don't know what to do, do you have any idea?
Thanks,
Regards,
Jérôme HERVE
Serusers mailing list
Serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Victor Pascual Ávila
_______________________________________________
Serusers mailing list
Serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
jerome.herve@orange-ftgroup.com