[sr-dev] [kamailio/kamailio] add ca_path param to tls module (#2682)

Tue Mar 23 13:07:32 CET 2021

Daniel-Constantin Mierla writes:

> Pushed a commit to fix the error message.

Now kamailio starts, but when baresip sip client tries to connect over
TLS, I get these errors:

Mar 23 14:02:23 lohi /usr/bin/sip-proxy[1732]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
Mar 23 14:02:23 lohi /usr/bin/sip-proxy[1732]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
Mar 23 14:02:23 lohi /usr/bin/sip-proxy[1732]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 192.168.43.253
Mar 23 14:02:23 lohi /usr/bin/sip-proxy[1732]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 192.168.43.160

If I in tls.cfg replace ca_path with ca_list, the same client connects
without errors.

-- Juha