Daniel-Constantin Mierla writes:
Is this by one ca_list only, or do you have many tls domains, each with own profile?
just a single ca_list and tls domain. my tls.cfg looks like this:
[client:default] verify_certificate = yes require_certificate = yes tls_method = TLSv1 private_key = /etc/sip-proxy/certs/sip-proxy/key.pem certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem #ca_list = /etc/sip-proxy/certs/demoCA/cert.pem ca_list = /etc/ssl/certs/ca-certificates.crt
[server:default] verify_certificate = no require_certificate = no tls_method = SSLv23 private_key = /etc/sip-proxy/certs/sip-proxy/key.pem certificate = /etc/sip-proxy/certs/sip-proxy/cert.pem #ca_list = /etc/sip-proxy/certs/demoCA/cert.pem ca_list = /etc/ssl/certs/ca-certificates.crt
sending over tls works fine if i use line
ca_list = /etc/sip-proxy/certs/demoCA/cert.pem
where cert.pem contains just three ca certs one of them being cacert.org ca cert that i use in this test.
-- juha