Daniel-Constantin Mierla writes:
Being Kamailio specific coding, I added the config
option and set it
value as parameter to SSL_CTX_load_verify_locations() based on the
feature request description, but it might not be complete
implementation because its manual specify that the folder content is
not send to client via SSL_CTX_set_client_CA_list():
*
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_load_verify_locations.ht…
Neither is contents of CAfile sent to client:
In server mode, when requesting a client certificate, the server must
send the list of CAs of which it will accept client certificates. This
list is not influenced by the contents of CAfile or CApath and must
explicitly be set using the SSL_CTX_set_client_CA_list(3) family of
functions.
-- Juha
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682#issuecomment-804840617