Hey guys - I'm using the following settings on my Kamailio config:
modparam("tls", "low_mem_threshold2", 1024) modparam("tls", "tls_force_run", 1) modparam("tls", "tls_disable_compression", 1) modparam("tls", "ssl_max_send_fragment", 4096) modparam("tls", "renegotiation", 0) modparam("tls", "low_mem_threshold1", 2048) modparam("tls", "require_certificate", 1)
When a client attempts to connect to Kamailio, the server hello it receives does *not* contain the client certificate request. And I've noticed that kamailio starts with:
tls [tls_domain.c:694]: set_verification(): TLSs<default>: No client certificate required and no checks performed tls [tls_domain.c:320]: fill_missing(): TLSs<default>: require_certificate=0
Complete version output: kamailio 5.1.1 (x86_64/linux) flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
Any hints?
Hey guys - I'm using the following settings on my Kamailio 5.1.1 (x86_64/linux) config:
modparam("tls", "low_mem_threshold2", 1024) modparam("tls", "tls_force_run", 1) modparam("tls", "tls_disable_compression", 1) modparam("tls", "ssl_max_send_fragment", 4096) modparam("tls", "renegotiation", 0) modparam("tls", "low_mem_threshold1", 2048) modparam("tls", "require_certificate", 1)
When a client attempts to connect to Kamailio, the server hello it receives does *not* contain the client certificate request. And I've noticed that kamailio starts with:
tls [tls_domain.c:694]: set_verification(): TLSs<default>: No client certificate required and no checks performed tls [tls_domain.c:320]: fill_missing(): TLSs<default>: require_certificate=0
Any hints?
Hi Patrick,
have you tried to also set this parameter?
modparam("tls", "verify_certificate", 1)
Cheers,
Henning
-- Henning Westerholt - https://skalatan.de/blog/ Kamailio services - https://gilawa.comhttps://gilawa.com/
From: sr-users sr-users-bounces@lists.kamailio.org On Behalf Of Patrick Murphy Sent: Wednesday, January 29, 2020 1:50 PM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: [SR-Users] Kamailio TLS server hello without any client certificate request
Hey guys - I'm using the following settings on my Kamailio 5.1.1 (x86_64/linux) config:
modparam("tls", "low_mem_threshold2", 1024) modparam("tls", "tls_force_run", 1) modparam("tls", "tls_disable_compression", 1) modparam("tls", "ssl_max_send_fragment", 4096) modparam("tls", "renegotiation", 0) modparam("tls", "low_mem_threshold1", 2048) modparam("tls", "require_certificate", 1)
When a client attempts to connect to Kamailio, the server hello it receives does *not* contain the client certificate request. And I've noticed that kamailio starts with:
tls [tls_domain.c:694]: set_verification(): TLSs<default>: No client certificate required and no checks performed tls [tls_domain.c:320]: fill_missing(): TLSs<default>: require_certificate=0
Any hints?
-
Henning Westerholt -
Patrick Murphy