<div>Thanks Steffen. this indeed worked, i.e. I was able to start openSER just by splitting the flags to tls_require_client_certificate and tls_verify_client and tls_verify_server...Now will start using the tls...:)</div>
<div>Thanks..</div>
<div><br><br> </div>
<div><span class="gmail_quote">On 12/27/06, <b class="gmail_sendername">Steffen Witt</b> <<a href="mailto:witt.steffen@googlemail.com">witt.steffen@googlemail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hello Ncheeku,<br><br>there are some syntax changes necessary in your config file:<br><br><a href="http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x">
http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x</a><br><br><br>This section reflects changes in configuration file format.<br>TLS<br><br>Note: the following text is based on current CVS+the TLS patch<br>(<a href="http://sourceforge.net/tracker/index.php?func=detail&aid=1477147&group_id=139143&atid=743022">
http://sourceforge.net/tracker/index.php?func=detail&aid=1477147&group_id=139143&atid=743022</a>)<br><br> *<br> "tls_require_certificate" was renamed to<br>"tls_require_client_certificate" to be more accurate and self
<br>explanatory<br> *<br> "tls_verify" was splitted into "tls_verify_client" and<br>"tls_verify_server" to set the verify policy indepdently for TLS<br>client and TLS server domains<br>
*<br> new parameter "tls_client_domain_avp" defines the AVP for AVP<br>based TLS client domain selection<br> *<br> parameter "tls_domain" was splitted into "tls_client_domain" and
<br>"tls_server_domain" to allow definition of TLS client and server<br>domains<br> *<br> "tls_verify_client", "tls_verify_server" and<br>"tls_require_client_certificate" can be used inside the respective
<br>tls_xxxx_domain block to define the verify policy per TLS domain<br> *<br> "tls_ciphers_list" can be used inside the tls_xxxx_domain block<br>to specify the TLS method per TLS domain<br><br>For more details refer to the TLS README in tls/
<br><br><br>Hope it helps...<br><br><br>Best regards<br>Steffen<br><br><br><br><br>2006/12/27, Ncheeku Baranov <<a href="mailto:opensersubscribe@gmail.com">opensersubscribe@gmail.com</a>>:<br>> Hi,<br>><br>> I just compiled openSER with TLS support. I checked that TLS = 1 in the
<br>> Makefile when I compiled openSER. Now when I try to uncomment the parameters<br>> in the openser.cfg to enable the TLS support and restart openSER it does not<br>> start (I am using openserctl start command to start openser). It gives an
<br>> error saying ERROR:PID file /var/run/openser.pid does not exist -- OpenSER<br>> start failed. I am using the following parameters in the openser.cfg file<br>> for the TLS support:<br>><br>> disable_tls = 0
<br>> listen = tls:<a href="http://10.30.100.41:5061">10.30.100.41:5061</a><br>> tls_verify = 1<br>> tls_require_certificate = 0<br>> tls_method = TLSv1<br>> tls_certificate =<br>> "/usr/local/etc/openser/tls/user/user-
cert.pem"<br>> tls_private_key =<br>> "/usr/local/etc/openser/tls/user/user-privkey.pem"<br>> tls_ca_list =<br>> "usr/local/etc/openser/tls/user/user-calist.pem"<br>><br>> I have checked that all the paths are correct in defining the
<br>> tls_certificate, tls_private_key and tls_ca_list.<br>> I used the source tarball openser-1.1.0-tls_src.tar.gz for installing the<br>> openser. Your help is much appreciated.<br>><br>> Thanks<br>> NCheeku
<br>><br>> _______________________________________________<br>> Users mailing list<br>> <a href="mailto:Users@openser.org">Users@openser.org</a><br>> <a href="http://openser.org/cgi-bin/mailman/listinfo/users">
http://openser.org/cgi-bin/mailman/listinfo/users</a><br>><br>><br>><br></blockquote></div><br>