On 06 Feb 2014, at 10:28, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
I think that importing the certificate in the repository will add some overhead, as we have to periodically check if it was revoked or updated.
Root certificates typically have a long timespan to be able to be imported.
Maybe we can add a make target or a script to download and install it on demand.
I wanted it to be included to make sure that there's no excuse. We can of course download during install so it's in there. Maybe that's a good idea.
Regarding the config options, perhaps is better to add a kamailio-secure.cfg for the time being, where to build a config file targeting secure deployments. I guess we have to do more changes than just few parameter for tls module (or tls config). Over the time, we can push parts (or all) in kamailio.cfg.
Ok.
/O
Cheers, Daniel
On 06/02/14 08:25, Olle E. Johansson wrote:
On 05 Feb 2014, at 18:53, Klaus Darilion klaus.mailinglists@pernau.at wrote:
On 05.02.2014 13:37, Olle E. Johansson wrote:
Hi!
I would like to add cacert.org root certificates to the Kamailio distribution, so that every Kamailio server gets these as approved certificates by default with the default TLS settings.
Anyone having problems with doing that?
I do not trust cacert anything more than all the commercials CA. Thus I do not want to trust the cacert automatically.
What would be fine for is something like that in kamailio.cfg:
# remove the comments from the following lines to accept # certificates signed by cacert.org: #modparam("tls", "ca_list", "......cacert.org.pem")
I can live with that.
/O _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev