< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [repro-users] Authenticated identity && repro

From: "Scott Godin" <slgodin@xxxxxxxxxxxx>
Date: Mon, 8 Oct 2007 11:11:13 -0400

Repro will only add an identity header if it performed digest authentication
on the request (challenged with a 407).  Adding an ACL rule for your
endpoint will cause repro to skip authentication, so it will not add the
identity header.  If you can get authentication to work properly, you should
see an identity header in the outbound requests.

Note:  Root certs are used for authenticating certificates returned to repro
during the outbound TLS authentication process.  Domain certs are used to
identify the repro server to clients that form TLS connections to repro.
The domain certs are also used to sign the identity headers.  You must
provide both public and private keys for the domain certs.

-----Original Message-----
From: repro-users-bounces@xxxxxxxxxxxxxxx
[mailto:repro-users-bounces@xxxxxxxxxxxxxxx] On Behalf Of Gergely Kovacs
Sent: October 8, 2007 10:37 AM
To: repro-users@xxxxxxxxxxxxxxx
Subject: [repro-users] Authenticated identity && repro

Hi,

I'd like to make rePro add Identity headers to messages. I compiled 
recirpocate with use SSL.  Main/resip/stack/test/testIdentity util 
computes the right Identiy.

My scenario is simple:
root@xxxxxxxxx calls root@xxxxxxxxx

root@xxxxxxxxx -> atest.com (0.0.0.0:5060) -> btest.com (0.0.0.0:5062) 
-> root@xxxxxxxxx

IP address of btest.com comes from DNS, and the port is set by a rePro 
route. There is a rePro ACLS rule that covers caller's IP address to 
avoid authentication. (otherwise I get "403 forbidden" for outgoing 
messages from rePro even if the authentication was successful). I 
created certification and private key for the domain and copied to the 
corresponding directory; rePro finds it and loads them.

I execute repro by this command:
repro -v INFO -l syslog -d btest.com --enable-cert-server -t atest.com
(I've tried all combination of the switches above)

Basically it works but the authentication headers are missing.

What is the difference between domain_cert and root_cert? (my root_cert 
is a simlink to domain_cert)
What should I do to have repro compute the indenity header?

Thanks,
Gergely



_______________________________________________
repro-users mailing list
repro-users@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/repro-users

Follow-Ups:
- Re: [repro-users] Authenticated identity && repro
  - From: Gergely Kovacs

References:
- [repro-users] Authenticated identity && repro
  - From: Gergely Kovacs

Prev by Date: [repro-users] Authenticated identity && repro
Next by Date: Re: [repro-users] Authenticated identity && repro
Previous by thread: [repro-users] Authenticated identity && repro
Next by thread: Re: [repro-users] Authenticated identity && repro
Index(es):
- Date
- Thread