Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[Freeswitch-users] tls-verify-depth


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users
View previous topic :: View next topic  
Author Message
mitch.capper at gmail.com
Guest
PostPosted: Wed Oct 06, 2021 12:12 pm    Post subject: [Freeswitch-users] tls-verify-depth Reply with quote
I don't know if it puts anything in the logs but the theory here is to prevent a potentially longer certificate chain validation.   In theory a connection could provide a certificate and then several above that that would get walked to try and validate to the depth specified (and if no matching signed cert is found at that point it would throw an error).  Generally having this variable set to the length of the max cert chain-1 should work but you can always set it to more than that without a negative effect.

Is your issue you think it should be failing and it isnt or?
~mitch (they, them)









On Thu, Aug 19, 2021 at 7:44 AM Victor Bogatyryev <victor.bogatyryev@gmail.com (victor.bogatyryev@gmail.com)> wrote:

Quote:

Hi!

I cannot understand how the directive <param name="tls-verify-depth" value="1" /> works.

The verification policy is set like this

<param name="tls-verify-policy" value="all|subjects_all" />.

The certificate chain has one intermediate CA. But I don't see anything in the tport log except for checking the subject of the user's certificate.


Regards.
--
V.Bogatyryev

_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services