<div dir="ltr">I don't know if it puts anything in the logs but the theory here is to prevent a potentially longer certificate chain validation. In theory a connection could provide a certificate and then several above that that would get walked to try and validate to the depth specified (and if no matching signed cert is found at that point it would throw an error). Generally having this variable set to the length of the max cert chain-1 should work but you can always set it to more than that without a negative effect.<div><br></div><div>Is your issue you think it should be failing and it isnt or?<br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><br><div>~mitch (they, them)</div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 19, 2021 at 7:44 AM Victor Bogatyryev <<a href="mailto:victor.bogatyryev@gmail.com">victor.bogatyryev@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p><span lang="en"><span><span>Hi!<br>
</span></span></span></p>
<p><span lang="en"><span><span>I
cannot understand how the directive <param
name="tls-verify-depth" value="1" /> works.</span></span><span><span><br>
</span></span></span></p>
<p><span lang="en"><span><span></span></span><span><span>The
verification policy is set like this</span></span><span><span><br>
</span></span></span></p>
<p><span lang="en"><span><span>
</span></span><span><span><param
name="tls-verify-policy" value="all|subjects_all" />.</span></span><span><span>
<br>
</span></span></span></p>
<p><span lang="en"><span><span></span></span><span><span>The
certificate chain has one intermediate CA.</span></span><span><span>
</span></span><span><span>But
I don't see anything in the tport log except for checking
the subject of the user's certificate.</span></span></span></p>
<p><span lang="en"><span><span><br>
</span></span></span></p>
<p><span lang="en"><span><span>Regards.</span></span></span></p>
<p><span lang="en"><span><span>--</span></span></span></p>
<p><span lang="en"><span><span>V.Bogatyryev<br>
</span></span></span> </p>
</div>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>