3 Jul
2018
3 Jul
'18
9:16 p.m.
Hello,
haven't played with CRL lately, but kamailio should just call libssl
functions for validating the certificates, after initializing the
context with CRL file.
Maybe you can open an issue on github.com/kamailio/kamailio tracker, add
there all log messages printed by kamailio with debug=3 in kamailio.cfg.
In this way we do not forget about it and can be investigated properly.
Cheers,
Daniel
On 28.06.18 08:47, Amarnath Kanchivanam wrote:
Hi All,
I'm trying to configured kamailio as TLS server with below
configuration (tls.cfg) and TLS server is started successfully.
[server:default]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key = ./sip/server.key
certificate = ./sip/server.crt
ca_list = ./bundle.crt
crl = ./sip_crl.pem
verify_depth = 9
[client:default]
verify_certificate = no
require_certificate = no
TLS connection works fine.
Later i have updated the sip_crl.pem with server certificate revoked
details and performed tls.reload command to load the latest update.
After this I expect any TLS client trying to establish TLS connection
should fail, as the client and server certificates are signed by same
authority and server certificate is revoked. But the clients are able
to establish TLS connection without any errors.
I'm not getting any traces to confirm CRL validation has been
performed before accepting the TLS connection.
Any advice would be help to proceed with evaluating CRL functionality.
-Amar
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference -- www.kamailioworld.com