Module: kamailio Branch: master Commit: 242badad1c2176b061cb7595c3e3ff5a469ad1d5 URL: https://github.com/kamailio/kamailio/commit/242badad1c2176b061cb7595c3e3ff5… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2021-03-23T09:11:02+01:00 tls: docs for ca_path config option [skip ci] --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/242badad1c2176b061cb7595c3e3ff5… Patch: https://github.com/kamailio/kamailio/commit/242badad1c2176b061cb7595c3e3ff5… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 63a964d45c..80dbe2f3cc 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -208,6 +208,32 @@ modparam("tls", "ca_list", "/usr/local/etc/kamailio/ca_list.pem") </example> </section> + <section id="tls.p.ca_path"> + <title><varname>ca_path</varname> (str)</title> + <para> + Sets the path with the trusted CA files, to be given as parameter + SSL_CTX_load_verify_locations(). The certificates in ca_path are only + looked up when required, e.g. when building the certificate chain + or when actually performing the verification of a peer certificate. They + are not given to the client (not loaded to be provided to + SSL_CTX_set_client_CA_list()), only the ones in ca_list files are sent + to the client. It requires to use c_rehash to generate the hash map + for certificate search, for more see the manual of libssl for + SSL_CTX_load_verify_locations() function. + </para> + <para> + By default it is not set. + </para> + <example> + <title>Set <varname>ca_path</varname> parameter</title> + <programlisting> +... +modparam("tls", "ca_path", "/usr/local/etc/kamailio/ca") +... + </programlisting> + </example> + </section> + <section id="tls.p.crl"> <title><varname>crl</varname> (string)</title> <para>