Dirk-Willem van Gulik

Yes - that is exactly right.

1) OPNSense appliance, DEC3850 (not sure of revision; about 2 years old) 2) Protectli Vault FW2B, 4port, rev.7-2020 3) non branded Fanless Mini PC Router Core I3 7167U, no revision/date...

For 1 - that workaround works - with as caveat that on any existing OPNSense applicances coming from21 it seems that the loader.conf.local needs to be manaully removed/emptied post upgrade....

That is what I expected as well. However - it does not seem to be used. HTTP calls do not pass through the URLConnection -- and quick test from Safari,...

Three tests; one installed an x.509 client cert as a profile; the other running an enterprise MDM that adds a security beaker token. Confirm that safari and several other 3rd...

Absolutely happy to do so & then do a pull request. But also understood that ``_Patches relating to chan_sip are also not accepted any longer'_'. And I have no idea...

Know tha the construct OPENSSL=${OPENSSL:-openssl} Allows for you to set export OPENSSL=/opt ….. / openssl To your local copy & put this in your shell profile. So that you override...

As I am somewhat partial to apache :) :) -- I considered that first. The challenge here is that this module just does the auth -- the actual setup; enrollment...

Right - and we build a rudimentary approach with those templates. That works - but is far from ideal. The issue sits in Security by design/privacy by default -- ideally...

Correct - in apache parlance it can defer the 'AuthN' part; but needs to be involved in the 'AuthZ' part. With the important caveat that Sympa needs to expose enough...