[sr-dev] git:master:242badad: tls: docs for ca_path config option [skip ci]

Tue, 23 Mar 2021 01:12:13 -0700 

Module: kamailio
Branch: master
Commit: 242badad1c2176b061cb7595c3e3ff5a469ad1d5
URL: 
https://github.com/kamailio/kamailio/commit/242badad1c2176b061cb7595c3e3ff5a469ad1d5

Author: Daniel-Constantin Mierla <mico...@gmail.com>
Committer: Daniel-Constantin Mierla <mico...@gmail.com>
Date: 2021-03-23T09:11:02+01:00

tls: docs for ca_path config option [skip ci]

---

Modified: src/modules/tls/doc/params.xml

---

Diff:  
https://github.com/kamailio/kamailio/commit/242badad1c2176b061cb7595c3e3ff5a469ad1d5.diff
Patch: 
https://github.com/kamailio/kamailio/commit/242badad1c2176b061cb7595c3e3ff5a469ad1d5.patch

---

diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
index 63a964d45c..80dbe2f3cc 100644
--- a/src/modules/tls/doc/params.xml
+++ b/src/modules/tls/doc/params.xml
@@ -208,6 +208,32 @@ modparam("tls", "ca_list", 
"/usr/local/etc/kamailio/ca_list.pem")
        </example>
        </section>
 
+       <section id="tls.p.ca_path">
+       <title><varname>ca_path</varname> (str)</title>
+       <para>
+               Sets the path with the trusted CA files, to be given as 
parameter
+               SSL_CTX_load_verify_locations(). The certificates in ca_path 
are only
+               looked up when required, e.g. when building the certificate 
chain
+               or when actually performing the verification of a peer 
certificate. They
+               are not given to the client (not loaded to be provided to
+               SSL_CTX_set_client_CA_list()), only the ones in ca_list files 
are sent
+               to the client. It requires to use c_rehash to generate the hash 
map
+               for certificate search, for more see the manual of libssl for
+               SSL_CTX_load_verify_locations() function.
+       </para>
+       <para>
+               By default it is not set.
+       </para>
+       <example>
+           <title>Set <varname>ca_path</varname> parameter</title>
+           <programlisting>
+...
+modparam("tls", "ca_path", "/usr/local/etc/kamailio/ca")
+...
+           </programlisting>
+       </example>
+       </section>
+
        <section id="tls.p.crl">
        <title><varname>crl</varname> (string)</title>
        <para>


_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to