Hi everybody,
Currently I've a TLS connection properly configured and running with a
Kamailio server but, in order to verify my server's identity, I planned to
use tls_setting.ca_list_file option.
I configured it and everything was OK but, the strange behaviour came when,
just for checking that non valid certificates were properly rejected, I
changed some bytes in cert file and the connection was still established.
I was expecting some kind of certification verification failure. May I be
misunderstanding something?
Thank you very much.
Regards,
Joel.
Did you also set --tls-verify-server option? - Bill
On 6/3/2014 10:31 AM, Joel Centelles wrote:
Hi everybody,
Currently I've a TLS connection properly configured and running with a
Kamailio server but, in order to verify my server's identity, I
planned to use tls_setting.ca_list_file option.
I configured it and everything was OK but, the strange behaviour came
when, just for checking that non valid certificates were properly
rejected, I changed some bytes in cert file and the connection was
still established.
I was expecting some kind of certification verification failure. May I
be misunderstanding something?
Thank you very much.
Regards,
Joel.
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
Hi Bill,
thank for the answer and you're are right, I noticed, just after sending
the this mail, that the problem was that I missed enabling verify_server
flag.
Now certification verification is working properly.
Once again, thank you very much.
Best,
Joel.
2014-06-03 20:29 GMT+02:00 Bill Gardner billg@wavearts.com:
Did you also set --tls-verify-server option? - Bill
On 6/3/2014 10:31 AM, Joel Centelles wrote:
Hi everybody,
Currently I've a TLS connection properly configured and running with a
Kamailio server but, in order to verify my server's identity, I planned to
use tls_setting.ca_list_file option.
I configured it and everything was OK but, the strange behaviour came
when, just for checking that non valid certificates were properly
rejected, I changed some bytes in cert file and the connection was still
established.
I was expecting some kind of certification verification failure. May I
be misunderstanding something?
Thank you very much.
Regards,
Joel.
Visit our blog: http://blog.pjsip.org
pjsip mailing listpjsip@lists.pjsip.orghttp://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org