[Freeswitch-users] tls-verify-depth

Mitch Capper mitch.capper at gmail.com
Wed Oct 6 16:44:00 UTC 2021


I don't know if it puts anything in the logs but the theory here is to
prevent a potentially longer certificate chain validation.   In theory a
connection could provide a certificate and then several above that that
would get walked to try and validate to the depth specified (and if no
matching signed cert is found at that point it would throw an error).
Generally having this variable set to the length of the max cert chain-1
should work but you can always set it to more than that without a negative
effect.

Is your issue you think it should be failing and it isnt or?

~mitch (they, them)


On Thu, Aug 19, 2021 at 7:44 AM Victor Bogatyryev <
victor.bogatyryev at gmail.com> wrote:

> Hi!
>
> I cannot understand how the directive <param name="tls-verify-depth"
> value="1" /> works.
>
> The verification policy is set like this
>
> <param name="tls-verify-policy" value="all|subjects_all" />.
>
> The certificate chain has one intermediate CA. But I don't see anything
> in the tport log except for checking the subject of the user's certificate.
>
>
> Regards.
>
> --
>
> V.Bogatyryev
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20211006/d871552a/attachment.html>


More information about the FreeSWITCH-users mailing list