[sr-dev] [kamailio] TLS [client:default] no way to verify_certificate but not require_certificate (#551)
Anthony Messina
notifications at github.com
Sat Mar 26 20:58:32 CET 2016
I have the following settings in tls.cfg and I'd like to verify the server certificate IF one is provided on outbound (client) connections, but this doesn't seem possible and set_verification spits out **Server MUST present valid certificate**. The default tls.cfg https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg#L41 seems to indicate that this is possible.
```
[client:default]
method = TLSv1+
verify_certificate = yes
require_certificate = no
private_key = /etc/kamailio/our.key.pem
certificate = /etc/kamailio/our.crt.pem
verify_depth = 2
ca_list = /etc/pki/tls/cert.pem
```
When starting Kamailio...
```
INFO: tls [tls_domain.c:278]: fill_missing(): TLSc<default>: tls_method=20
INFO: tls [tls_domain.c:290]: fill_missing(): TLSc<default>: certificate='/etc/kamailio/our.crt.pem'
INFO: tls [tls_domain.c:297]: fill_missing(): TLSc<default>: ca_list='/etc/pki/tls/cert.pem'
INFO: tls [tls_domain.c:304]: fill_missing(): TLSc<default>: crl='(null)'
INFO: tls [tls_domain.c:308]: fill_missing(): TLSc<default>: require_certificate=0
INFO: tls [tls_domain.c:322]: fill_missing(): TLSc<default>: private_key='/etc/kamailio/our.key.pem'
INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_certificate=1
INFO: tls [tls_domain.c:329]: fill_missing(): TLSc<default>: verify_depth=2
INFO: tls [tls_domain.c:667]: set_verification(): TLSc<default>: Server MUST present valid certificate
```
---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/551
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20160326/61d406ed/attachment.html>
More information about the sr-dev
mailing list