9 Nov
2011
9 Nov
'11
4:01 p.m.
IIRC on outgoing TLS connection the certificate validation only includes
verification of the certificate chain against the trusted root CAs. I
think there is no check which compares the SIP domain (R-URI, Route URI)
against the CN/Subject Alternative of the certificate.
Regarding certificate validation checks, I guess if you grep for
"set_verify" you should find the code where the certificate validation
checks are enabled. The validation itself is done inside openssl.
klaus
On 08.11.2011 21:36, Olle E. Johansson wrote:
I am trying to get some detailed understanding on the
TLS code in Kamailio, but have a problem finding the code used to connect to other servers
over TLS. There is some documentation saying that the server part is a bit weird, since we
get into the routing script, having accepted a message, before we can evaluate
certificates. I agree with that documentation, but it kind of works so far.
I can't find a way to verify the certificate of the server I connect to as a client
*BEFORE* I send any message. Anyone that can comment or point me to the right file?
Thanks,
/O
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev