Re: [SR-Users] [sr-dev] Panning next major release - v4.4

8 Jan 2016


      Daniel-Constantin Mierla writes:
...
Afaik, tls.cfg can be reloaded at runtime, that should reload the tls
certificates linked there. Have you tried and it doesn't work?
http://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.r.tls.reloa...
I just tried by replacing ca_list file of my proxy (that contained ca
certs of my peers) with a single bogus ca cert.  Then I executed tls.cfg
and made a call from one of the peers to my proxy.  My proxy still
recognized the call as coming from the peer based on its tls common
name.  My understanding is that this should not have been possible if
the cached ca_list of my proxy would have been updated.
-- Juha

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] [sr-dev] Panning next major release - v4.4