<param name="tls-cert-dir" value="$${external_ssl_dir}"/>
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
- <!-- Don't verify the date on TLS certificates -->
- <param name="tls-no-verify-date" value="false"/>
+ <!-- Verify the date on TLS certificates -->
+ <param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Don't verify the date on TLS certificates -->
- <param name="tls-no-verify-date" value="false"/>
+ <param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
TPTAG_TLS_VERIFY_DEPTH(profile->tls_verify_depth)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
- TPTAG_TLS_VERIFY_DATE(! profile->tls_no_verify_date)),
+ TPTAG_TLS_VERIFY_DATE(profile->tls_verify_date)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS) && profile->tls_verify_in_subjects,
TPTAG_TLS_VERIFY_SUBJECTS(profile->tls_verify_in_subjects)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
}
}
}
- profile->tls_verify_policy = TPTLS_VERIFY_NONE;
- /* lib default */
- profile->tls_verify_depth = 2;
switch_event_destroy(&xml_params);
}
profile->ndlb |= PFLAG_NDLB_ALLOW_NONDUP_SDP;
profile->te = 101;
+ profile->tls_verify_policy = TPTLS_VERIFY_NONE;
+ /* lib default */
+ profile->tls_verify_depth = 2;
+ profile->tls_verify_date = SWITCH_TRUE;
+
for (param = switch_xml_child(settings, "param"); param; param = param->next) {
char *var = (char *) switch_xml_attr_soft(param, "name");
char *val = (char *) switch_xml_attr_soft(param, "value");
profile->tls_bind_params = switch_core_strdup(profile->pool, val);
} else if (!strcasecmp(var, "tls-only")) {
profile->tls_only = switch_true(val);
- } else if (!strcasecmp(var, "tls-no-verify-date")) {
- profile->tls_no_verify_date = switch_true(val);
+ } else if (!strcasecmp(var, "tls-verify-date")) {
+ profile->tls_verify_date = switch_true(val);
} else if (!strcasecmp(var, "tls-verify-depth")) {
profile->tls_verify_depth = atoi(val);
} else if (!strcasecmp(var, "tls-verify-policy")) {