Currently tls module has `ca_list` param that
`Sets the CA list file name. This file contains a list of all the trusted CAs
certificates used when connecting to other SIP implementations. If a signature
in a certificate chain belongs to one of the listed CAs, the verification of
that certificate will succeed.`
This issue proposes adding a new tls param `ca_path`. Its value would be a
directory that contains any number of CA certificate files thus making it
unnecessary to cat these files to a single `ca_list` file.
Implementation could be based on SSL_CTX_set_default_verify_dir() OpenSSL API
function.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
