I'm wondering if anyone can point me in the right direction for the following two issues with Kamailio and tls.cfg
1. When attempting to configure TLS settings for connecting to a specific IPv4 client, it seems that the ca_list indicated in [client:default] overrides the one in the client-specific config. If I don't include the client's CA in the [client:default] section, I get the following, regardless of what is in [client:204.74.213.5:5061]. ERROR: tls [tls_server.c:1230]: tls_read_f(): TLS write:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed [client:default] method = TLSv1+ verify_certificate = yes require_certificate = no private_key = /etc/kamailio/key.pem certificate = /etc/kamailio/crt.pem verify_depth = 2 # In order for the client below to work, the ca_list here needs to support # contain the CA for the specific client. Not sure why, maybe a bug? #ca_list = /etc/pki/CA/myownCA.pem # Can't use this one ca_list = /etc/kamailio/kamailio.tls.ca_list.pem # Contains ALL client CA's [client:204.74.213.5:5061] method = TLSv1+ verify_certificate = yes require_certificate = yes verify_depth = 2 ca_list = /etc/kamailio/204.74.213.5.crt.pem 2. When attempting to configure TLS settings for connecting to a specific IPv6 client, I cannot figure out the syntax needed to specify the IPv6 client. What is the proper syntax? With [client:[2607:5300:60:1f93::0]:5061], I get: ERROR: tls [tls_config.c:71]: parse_ipv6(): tls.cfg:57:9: Invalid IPv6 address Any guidance is appreciated. Thanks. -A -- Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
