<p>I have the following settings in tls.cfg and I'd like to verify the server certificate IF one is provided on outbound (client) connections, but this doesn't seem possible and set_verification spits out <strong>Server MUST present valid certificate</strong>.  The default tls.cfg <a href="https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg#L41">https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg#L41</a> seems to indicate that this is possible.</p>

<pre><code>[client:default]
method = TLSv1+
verify_certificate = yes
require_certificate = no
private_key = /etc/kamailio/our.key.pem
certificate = /etc/kamailio/our.crt.pem
verify_depth = 2
ca_list = /etc/pki/tls/cert.pem
</code></pre>

<p>When starting Kamailio...</p>

<pre><code>INFO: tls [tls_domain.c:278]: fill_missing(): TLSc<default>: tls_method=20
INFO: tls [tls_domain.c:290]: fill_missing(): TLSc<default>: certificate='/etc/kamailio/our.crt.pem'
INFO: tls [tls_domain.c:297]: fill_missing(): TLSc<default>: ca_list='/etc/pki/tls/cert.pem'
INFO: tls [tls_domain.c:304]: fill_missing(): TLSc<default>: crl='(null)'
INFO: tls [tls_domain.c:308]: fill_missing(): TLSc<default>: require_certificate=0
INFO: tls [tls_domain.c:322]: fill_missing(): TLSc<default>: private_key='/etc/kamailio/our.key.pem'
INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_certificate=1
INFO: tls [tls_domain.c:329]: fill_missing(): TLSc<default>: verify_depth=2
INFO: tls [tls_domain.c:667]: set_verification(): TLSc<default>: Server MUST present valid certificate
</code></pre>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly or <a href="https://github.com/kamailio/kamailio/issues/551">view it on GitHub</a><img alt="" height="1" src="https://github.com/notifications/beacon/AF36Ze9KOBjUIZ3-bw7R2ol_QDNXqkCMks5pxY_ogaJpZM4H5UGn.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/kamailio/kamailio/issues/551"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>