Hi Patrick,

 

have you tried to also set this parameter?

 

modparam("tls", "verify_certificate", 1)

 

Cheers,

 

Henning

 

--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com

 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of Patrick Murphy
Sent: Wednesday, January 29, 2020 1:50 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: [SR-Users] Kamailio TLS server hello without any client certificate request

 

 

Hey guys - I'm using the following settings on my Kamailio 5.1.1 (x86_64/linux) config:

 

modparam("tls", "low_mem_threshold2", 1024)

modparam("tls", "tls_force_run", 1)

modparam("tls", "tls_disable_compression", 1)

modparam("tls", "ssl_max_send_fragment", 4096)

modparam("tls", "renegotiation", 0)

modparam("tls", "low_mem_threshold1", 2048)

modparam("tls", "require_certificate", 1)

 

When a client attempts to connect to Kamailio, the server hello it receives does *not* contain the client certificate request. And I've noticed that kamailio starts with:

 

tls [tls_domain.c:694]: set_verification(): TLSs<default>: No client certificate required and no checks performed

tls [tls_domain.c:320]: fill_missing(): TLSs<default>: require_certificate=0

 

 

 

Any hints?