Possible to have require_client_cert as yes AND no at the same time?

dennisha · May 2, 2022, 9:39am

Hello all!

Is is possible to have “require_client_cert” set in as “yes” in one transport and “no” in another or will it just use the value from the first transport in my list? I’m wondering to know if I could configure some endpoint to require client certificates while other don’t need them.

I’m using Asterisk 18.11.2

My current configuration:

[transport-tls-ipv4]
type = transport
protocol = tls
bind = :5061
method = sslv23
require_client_cert = no
cert_file = /certs/asterisk.crt
priv_key_file=/certs/asterisk.key
ca_list_file=/certs/ca.crt

[transport-tls-ipv4-encrypted]
type = transport
protocol = tls
bind = :5061
method = sslv23
require_client_cert = yes
cert_file = /certs/asterisk.crt
priv_key_file=/certs/asterisk.key
ca_list_file=/certs/ca.crt

jcolp · May 2, 2022, 9:40am

You can’t have two transports bound to the same port, and while PJSIP does now support multiple transports for TLS and TCP - it’s not something that has been thoroughly tested with Asterisk.

dennisha · May 2, 2022, 9:43am

Ah, I see. Thank you for your lightning fast reply!

system · June 1, 2022, 9:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.