Currently tls module has `ca_list` param that
`Sets the CA list file name. This file contains a list of all the trusted CAs certificates
used when connecting to other SIP implementations. If a signature in a certificate chain
belongs to one of the listed CAs, the verification of that certificate will succeed.`
This issue proposes adding a new tls param `ca_path`. Its value would be a directory that
contains any number of CA certificate files thus making it unnecessary to cat these files
to a single `ca_list` file.
Implementation could be based on SSL_CTX_set_default_verify_dir() OpenSSL API function.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682