Re: [SR-Users] TLS CRL configuration

On 28.06.18 08:47, Amarnath Kanchivanam wrote: Hi All, I'm trying to configured kamailio as TLS server with below configuration (tls.cfg) and TLS server is started successfully. [server:default] method = TLSv1+ verify_certificate = yes require_certificate = yes private_key = ./sip/server.key certificate = ./sip/server.crt ca_list = ./bundle.crt crl = ./sip_crl.pem verify_depth = 9 [client:default] verify_certificate = no require_certificate = no TLS connection works fine. Later i have updated the sip_crl.pem with server certificate revoked details and performed tls.reload command to load the latest update. After this I expect any TLS client trying to establish TLS connection should fail, as the client and server certificates are signed by same authority and server certificate is revoked. But the clients are able to establish TLS connection without any errors. I'm not getting any traces to confirm CRL validation has been performed before accepting the TLS connection. Any advice would be help to proceed with evaluating CRL functionality. -Amar _______________________________________________ Kamailio (SER) - Users Mailing List sr-users(a)lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users