[sr-dev] [kamailio/kamailio] add ca_path param to tls module (#2682)

juha-h notifications at github.com
Wed Mar 24 07:07:04 CET 2021


Both as client and as server work after command `c_rehash .` is executed in ca_path directory.  It creates two (why two?) links to each ca certificate file, for example:
```
$ ls -ls
total 16
0 lrwxrwxrwx 1 jh jh   18 Mar 24 07:58 12d55845.0 -> dst_root_ca_x3.pem
0 lrwxrwxrwx 1 jh jh   18 Mar 24 07:58 2e5ac55d.0 -> dst_root_ca_x3.pem
0 lrwxrwxrwx 1 jh jh   32 Mar 24 07:58 4a0a35c0.0 -> lets-encrypt-x3-cross-signed.pem
0 lrwxrwxrwx 1 jh jh   32 Mar 24 07:58 4f06f81d.0 -> lets-encrypt-x3-cross-signed.pem
0 lrwxrwxrwx 1 jh jh   14 Mar 24 07:58 590d426f.0 -> class3_X0E.crt
0 lrwxrwxrwx 1 jh jh   12 Mar 24 07:58 5ed36f99.0 -> root_X0F.crt
0 lrwxrwxrwx 1 jh jh   12 Mar 24 07:58 99d0fa06.0 -> root_X0F.crt
4 -rw-r--r-- 1 jh jh 2427 Mar 23 16:40 class3_X0E.crt
4 -rw-r--r-- 1 jh jh 1200 Mar 23 16:40 dst_root_ca_x3.pem
0 lrwxrwxrwx 1 jh jh   14 Mar 24 07:58 e5662767.0 -> class3_X0E.crt
4 -rw-r--r-- 1 jh jh 1647 Mar 23 16:40 lets-encrypt-x3-cross-signed.pem
4 -rw-r--r-- 1 jh jh 2464 Mar 23 16:40 root_X0F.crt
```
Text on page [https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html](url) is not very clear about the links:

`
If CApath is not NULL, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the c_rehash utility to create the necessary links.
`


-- 
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682#issuecomment-805528425
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210323/f905c0b0/attachment.htm>


More information about the sr-dev mailing list