I have the following settings in tls.cfg and I'd like to verify the server certificate IF one is provided on outbound (client) connections, but this doesn't seem possible and set_verification spits out Server MUST present valid certificate. The default tls.cfg https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg#L41 seems to indicate that this is possible.
[client:default]
method = TLSv1+
verify_certificate = yes
require_certificate = no
private_key = /etc/kamailio/our.key.pem
certificate = /etc/kamailio/our.crt.pem
verify_depth = 2
ca_list = /etc/pki/tls/cert.pem
When starting Kamailio...
INFO: tls [tls_domain.c:278]: fill_missing(): TLSc<default>: tls_method=20
INFO: tls [tls_domain.c:290]: fill_missing(): TLSc<default>: certificate='/etc/kamailio/our.crt.pem'
INFO: tls [tls_domain.c:297]: fill_missing(): TLSc<default>: ca_list='/etc/pki/tls/cert.pem'
INFO: tls [tls_domain.c:304]: fill_missing(): TLSc<default>: crl='(null)'
INFO: tls [tls_domain.c:308]: fill_missing(): TLSc<default>: require_certificate=0
INFO: tls [tls_domain.c:322]: fill_missing(): TLSc<default>: private_key='/etc/kamailio/our.key.pem'
INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_certificate=1
INFO: tls [tls_domain.c:329]: fill_missing(): TLSc<default>: verify_depth=2
INFO: tls [tls_domain.c:667]: set_verification(): TLSc<default>: Server MUST present valid certificate
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub