Hi Patrick,
have you tried to also set this parameter?
modparam("tls", "verify_certificate", 1)
Cheers,
Henning
--
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://gilawa.com<https://gilawa.com/>
From: sr-users <[email protected]> On Behalf Of Patrick Murphy
Sent: Wednesday, January 29, 2020 1:50 PM
To: Kamailio (SER) - Users Mailing List <[email protected]>
Subject: [SR-Users] Kamailio TLS server hello without any client certificate
request
Hey guys - I'm using the following settings on my Kamailio 5.1.1 (x86_64/linux)
config:
modparam("tls", "low_mem_threshold2", 1024)
modparam("tls", "tls_force_run", 1)
modparam("tls", "tls_disable_compression", 1)
modparam("tls", "ssl_max_send_fragment", 4096)
modparam("tls", "renegotiation", 0)
modparam("tls", "low_mem_threshold1", 2048)
modparam("tls", "require_certificate", 1)
When a client attempts to connect to Kamailio, the server hello it receives
does *not* contain the client certificate request. And I've noticed that
kamailio starts with:
tls [tls_domain.c:694]: set_verification(): TLSs<default>: No client
certificate required and no checks performed
tls [tls_domain.c:320]: fill_missing(): TLSs<default>: require_certificate=0
Any hints?
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
