Which example? In the modules/tls directory I saw these: https://github.com/kamailio/kamailio/blob/master/modules/tls/sip-router-tls.... https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg and they are very brief. Is there a more complete example somewhere else showing how to verify the client certificate ```subjectAltName``` or ```CN``` matches the ```From``` header of an incoming request?
In the manual: http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.quick_start - this quick start section is very brief
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.p.tls_method - ```tls_method``` documentation isn't clear. ```SSLv23_method``` is actually a very good default and does not actually enable SSL 3.0 or below unless those are explicitly compiled into OpenSSL. This should really be emphasized.
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.p.require_certif... http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.f.is_peer_verfie... - ```require_certificate``` and ```is_peer_verified``` are explained very briefly. Should ```is_peer_verified``` take an argument perhaps, to verify that the peer is verified for a specific URI or domain?
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/531#issuecomment-192922193