[sr-dev] [kamailio/kamailio] add ca_path param to tls module (#2682)

juha-h notifications at github.com
Tue Mar 23 12:53:32 CET 2021


Daniel-Constantin Mierla writes:

> Being Kamailio specific coding, I added the config option and set it
> value as parameter to SSL_CTX_load_verify_locations() based on the
> feature request description, but it might not be complete
> implementation because its manual specify that the folder content is
> not send to client via SSL_CTX_set_client_CA_list(): 
> 
>   * https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_load_verify_locations.html

Neither is contents of CAfile sent to client:

  In server mode, when requesting a client certificate, the server must
  send the list of CAs of which it will accept client certificates. This
  list is not influenced by the contents of CAfile or CApath and must
  explicitly be set using the SSL_CTX_set_client_CA_list(3) family of
  functions.

-- Juha


-- 
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682#issuecomment-804840617
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210323/10796d83/attachment.htm>


More information about the sr-dev mailing list