I have the following settings in tls.cfg and I'd like to verify the server certificate IF one is provided on outbound (client) connections, but this doesn't seem possible and set_verification spits out **Server MUST present valid certificate**. The default tls.cfg https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg#L41 seems to indicate that this is possible.
``` [client:default] method = TLSv1+ verify_certificate = yes require_certificate = no private_key = /etc/kamailio/our.key.pem certificate = /etc/kamailio/our.crt.pem verify_depth = 2 ca_list = /etc/pki/tls/cert.pem ```
When starting Kamailio... ``` INFO: tls [tls_domain.c:278]: fill_missing(): TLSc<default>: tls_method=20 INFO: tls [tls_domain.c:290]: fill_missing(): TLSc<default>: certificate='/etc/kamailio/our.crt.pem' INFO: tls [tls_domain.c:297]: fill_missing(): TLSc<default>: ca_list='/etc/pki/tls/cert.pem' INFO: tls [tls_domain.c:304]: fill_missing(): TLSc<default>: crl='(null)' INFO: tls [tls_domain.c:308]: fill_missing(): TLSc<default>: require_certificate=0 INFO: tls [tls_domain.c:322]: fill_missing(): TLSc<default>: private_key='/etc/kamailio/our.key.pem' INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_certificate=1 INFO: tls [tls_domain.c:329]: fill_missing(): TLSc<default>: verify_depth=2 INFO: tls [tls_domain.c:667]: set_verification(): TLSc<default>: Server MUST present valid certificate ```
--- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/551