Module: kamailio Branch: master Commit: a0b6b3abe1beab33e11a52ff601c9cc50f7e2d56 URL: https://github.com/kamailio/kamailio/commit/a0b6b3abe1beab33e11a52ff601c9cc… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2018-02-13T08:41:13+01:00 tls: small updates to tls config --- Modified: src/modules/tls/tls.cfg --- Diff: https://github.com/kamailio/kamailio/commit/a0b6b3abe1beab33e11a52ff601c9cc… Patch: https://github.com/kamailio/kamailio/commit/a0b6b3abe1beab33e11a52ff601c9cc… --- diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg index 102990b421..c1a08f6759 100644 --- a/src/modules/tls/tls.cfg +++ b/src/modules/tls/tls.cfg @@ -17,8 +17,8 @@ verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem -#ca_list = ./modules/tls/cacert.pem -#crl = ./modules/tls/crl.pem +#ca_list = /usr/local/etc/kamailio/tls/cacert.pem +#crl = /usr/local/etc/kamailio/tls/crl.pem # This is the default client domain, settings # in this domain will be used for all outgoing @@ -27,6 +27,7 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem # We require that servers present valid certificate. # [client:default] +#method = TLSv1 verify_certificate = yes require_certificate = yes @@ -39,25 +40,25 @@ require_certificate = yes # interface. # #[server:127.0.0.1:5061] -#method = SSLv23 +#method = TLSv1 #verify_certificate = yes #require_certificate = no -#private_key = ./modules/tls/local_key.pem -#certificate = ./modules/tls/local_cert.pem +#private_key = /usr/local/etc/kamailio/tls/local_key.pem +#certificate = /usr/local/etc/kamailio/tls/local_cert.pem #verify_depth = 3 #ca_list = local_ca.pem #crl = local_crl.pem -# Special settings for the iptel.org public SIP +# Special settings for the example.sip (1.2.3.4) public SIP # server. We do not verify the certificate of the # server because it can be expired. The server # implements authentication using SSL client # certificates so configure the client certificate # that was given to use by iptel.org staff here. # -#[client:195.37.77.101:5061] +#[client:1.2.3.4:5061] #verify_certificate = no -#certificate = ./modules/tls/iptel_client.pem -#private_key = ./modules/tls/iptel_key.pem -#ca_list = ./modules/tls/iptel_ca.pem -#crl = ./modules/tls/iptel_crl.pem +#certificate = /usr/local/etc/kamailio/tls/example_client.pem +#private_key = /usr/local/etc/kamailio/tls/example_key.pem +#ca_list = /usr/local/etc/kamailio/tls/example_ca.pem +#crl = /usr/local/etc/kamailio/tls/example_crl.pem