[sr-dev] TLS CRL configuration
Amarnath Kanchivanam
ykamarnath.sip at gmail.com
Tue Jul 3 07:01:55 CEST 2018
Hi,
Any help would be appreciated!!
Regards,
Amarnath
On Thu, Jun 28, 2018 at 11:56 AM Amarnath Kanchivanam <
ykamarnath.sip at gmail.com> wrote:
> Hi All,
>
> I'm trying to configured kamailio as TLS server with below configuration
> (tls.cfg) and TLS server is started successfully.
>
> [server:default]
> method = TLSv1+
> verify_certificate = yes
> require_certificate = yes
> private_key = ./sip/server.key
> certificate = ./sip/server.crt
> ca_list = ./bundle.crt
> crl = ./sip_crl.pem
> verify_depth = 9
>
> [client:default]
> verify_certificate = no
> require_certificate = no
>
> TLS connection works fine.
> Later i have updated the sip_crl.pem with server certificate revoked
> details and performed tls.reload command to load the latest update.
> After this I expect any TLS client trying to establish TLS connection
> should fail, as the client and server certificates are signed by same
> authority and server certificate is revoked. But the clients are able to
> establish TLS connection without any errors.
>
> I'm not getting any traces to confirm CRL validation has been performed
> before accepting the TLS connection.
>
> Any advice would be help to proceed with evaluating CRL functionality.
>
> -Amar
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20180703/d7c0a705/attachment.html>
More information about the sr-dev
mailing list