<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><a href="http://haxx.se" class="">haxx.se</a>&nbsp;are the makers of curl.<div class=""><br class=""><div style=""><blockquote type="cite" class=""><div class="">On Dec 6, 2016, at 12:24 PM, Vladyslav Zakhozhai &lt;<a href="mailto:v.zakhozhai@gmail.com" class="">v.zakhozhai@gmail.com</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi,<div class=""><br class=""></div><div class="">I wonder why freeswitch does not use system's CA certificates for SSL/TLS verification? I have Let's Encrypt certificate on the web secrive side and I have troubles with http_cache over https (server's cert cant be verified).</div><div class=""><br class=""></div><div class="">In freeswitch'es wiki I've read (<a href="https://wiki.freeswitch.org/wiki/Mod_http_cache#Installing" class="">https://wiki.freeswitch.org/wiki/Mod_http_cache#Installing</a>):</div><div class=""><br class=""></div><div class=""><span style="font-family: sans-serif; font-size: 12.8px;" class="">For HTTPS support, grab the latest CA certs from&nbsp;</span><a rel="nofollow" class="external gmail-free" href="http://curl.haxx.se/ca/cacert.pem" style="text-decoration:none;color:rgb(102,51,102);background-image:url(&quot;data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAVklEQVR4Xn3PgQkAMQhDUXfqTu7kTtkpd5RA8AInfArtQ2iRXFWT2QedAfttj2FsPIOE1eCOlEuoWWjgzYaB/IkeGOrxXhqB+uA9Bfcm0lAZuh+YIeAD+cAqSz4kCMUAAAAASUVORK5CYII=&quot;);background-position:100% 50%;background-size:initial;background-repeat:no-repeat;background-origin:initial;background-clip:initial;padding-right:13px;font-family:sans-serif;font-size:12.8px">http://curl.haxx.se/ca/cacert.pem</a><span style="font-family: sans-serif; font-size: 12.8px;" class="">&nbsp;and install in /usr/local/freeswitch/conf. An older copy is also available in freeswitch/src/mod/applications/mod_http_cache/conf/cacert.pem.</span><br class=""></div><div class=""><span style="font-family: sans-serif; font-size: 12.8px;" class=""><br class=""></span></div><div class=""><span style="font-family: sans-serif; font-size: 12.8px;" class="">First, what is <a href="http://haxx.se/" class="">haxx.se</a>? I do not know and it is not an authority for me. So do I need to bundle cacers myself? Why do I need to do it (for verification of SSL/TLS of external service with real certificate) if I already have it on my system?</span></div><div class=""><span style="font-family: sans-serif; font-size: 12.8px;" class=""><br class=""></span></div><div class=""><span style="font-family: sans-serif; font-size: 12.8px;" class="">Tell me please where I am wrong? Thanks in advance.</span></div><div class=""><div class=""><br class=""></div>-- <br class=""><div class="gmail_signature"><div dir="ltr" class="">С уважением,<br class="">Владислав Захожай<br class=""><br class=""></div></div>
</div></div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></div></body></html>