Daniel-Constantin Mierla writes:

> Being Kamailio specific coding, I added the config option and set it
> value as parameter to SSL_CTX_load_verify_locations() based on the
> feature request description, but it might not be complete
> implementation because its manual specify that the folder content is
> not send to client via SSL_CTX_set_client_CA_list():
>
> * https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_load_verify_locations.html

Neither is contents of CAfile sent to client:

In server mode, when requesting a client certificate, the server must
send the list of CAs of which it will accept client certificates. This
list is not influenced by the contents of CAfile or CApath and must
explicitly be set using the SSL_CTX_set_client_CA_list(3) family of
functions.

-- Juha

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.