[sr-dev] CAcert.org root certs in trunk
Daniel-Constantin Mierla
miconda at gmail.com
Thu Feb 6 10:28:49 CET 2014
Hello,
I think that importing the certificate in the repository will add some
overhead, as we have to periodically check if it was revoked or updated.
Maybe we can add a make target or a script to download and install it on
demand.
Regarding the config options, perhaps is better to add a
kamailio-secure.cfg for the time being, where to build a config file
targeting secure deployments. I guess we have to do more changes than
just few parameter for tls module (or tls config). Over the time, we can
push parts (or all) in kamailio.cfg.
Cheers,
Daniel
On 06/02/14 08:25, Olle E. Johansson wrote:
> On 05 Feb 2014, at 18:53, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>
>> On 05.02.2014 13:37, Olle E. Johansson wrote:
>>> Hi!
>>>
>>> I would like to add cacert.org root certificates to the Kamailio distribution, so that every Kamailio server gets these as approved certificates by default with the default TLS settings.
>>>
>>> Anyone having problems with doing that?
>> I do not trust cacert anything more than all the commercials CA. Thus I do not want to trust the cacert automatically.
>>
>> What would be fine for is something like that in kamailio.cfg:
>>
>> # remove the comments from the following lines to accept
>> # certificates signed by cacert.org:
>> #modparam("tls", "ca_list", "......cacert.org.pem")
>>
> I can live with that.
>
> /O
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
More information about the sr-dev
mailing list