28 Jan
2013
28 Jan
'13
9:58 a.m.
Hi!
Yesterday I tested the TLS module and noticed a few things:
- Kamailio compiled on OS/X refuse to connect to a kamailio server running a CAcert class
3 certificate.
So does Counterpath Bria and Blink. I need to figure out the difference between their
class 1 and class3 certs,
unless someone here already knows.
- Even though verification is turned off (default) Kamailio refuses to use the self-signed
cert created by the
install unless you have the selfsigned cert in the ca-list pem file. This is propably a
bug.
- If you only want to use Kamailio as a TLS client, connecting to other servers you have
to add a listen
port and a server certificate. Always. This is propably the design. To set up a
connection, we base it
on an existing listen port. If that doesn't exist, Kamailio refuse to connect.
- I can't find any way to check the server certificate for the server we connect to in
the routing script.
I guess the ONSEND route runs after we've selected server and transport, but before
we're actually
connected (in first transaction).
The TLS module selects claim we have no TLS transport, even though ONSEND claims we have
TLS
transport... The tls.peer selects seems to be designed for inbound connections, not
outbound.
This is not yet a bug report, just notes for comments and for the archives :-)
/O