Currently tls module has ca_list param that

Sets the CA list file name. This file contains a list of all the trusted CAs certificates used when connecting to other SIP implementations. If a signature in a certificate chain belongs to one of the listed CAs, the verification of that certificate will succeed.

This issue proposes adding a new tls param ca_path. Its value would be a directory that contains any number of CA certificate files thus making it unnecessary to cat these files to a single ca_list file.

Implementation could be based on SSL_CTX_set_default_verify_dir() OpenSSL API function.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.