[sr-dev] setting up TLS connections from Kamailio
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Nov 9 16:01:36 CET 2011
IIRC on outgoing TLS connection the certificate validation only includes
verification of the certificate chain against the trusted root CAs. I
think there is no check which compares the SIP domain (R-URI, Route URI)
against the CN/Subject Alternative of the certificate.
Regarding certificate validation checks, I guess if you grep for
"set_verify" you should find the code where the certificate validation
checks are enabled. The validation itself is done inside openssl.
klaus
On 08.11.2011 21:36, Olle E. Johansson wrote:
> I am trying to get some detailed understanding on the TLS code in Kamailio, but have a problem finding the code used to connect to other servers over TLS. There is some documentation saying that the server part is a bit weird, since we get into the routing script, having accepted a message, before we can evaluate certificates. I agree with that documentation, but it kind of works so far.
>
> I can't find a way to verify the certificate of the server I connect to as a client *BEFORE* I send any message. Anyone that can comment or point me to the right file?
>
> Thanks,
> /O
>
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
More information about the sr-dev
mailing list