[sr-dev] CAcert.org root certs in trunk
miconda at gmail.com
Thu Feb 6 10:28:49 CET 2014
I think that importing the certificate in the repository will add some
overhead, as we have to periodically check if it was revoked or updated.
Maybe we can add a make target or a script to download and install it on
Regarding the config options, perhaps is better to add a
kamailio-secure.cfg for the time being, where to build a config file
targeting secure deployments. I guess we have to do more changes than
just few parameter for tls module (or tls config). Over the time, we can
push parts (or all) in kamailio.cfg.
On 06/02/14 08:25, Olle E. Johansson wrote:
> On 05 Feb 2014, at 18:53, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>> On 05.02.2014 13:37, Olle E. Johansson wrote:
>>> I would like to add cacert.org root certificates to the Kamailio distribution, so that every Kamailio server gets these as approved certificates by default with the default TLS settings.
>>> Anyone having problems with doing that?
>> I do not trust cacert anything more than all the commercials CA. Thus I do not want to trust the cacert automatically.
>> What would be fine for is something like that in kamailio.cfg:
>> # remove the comments from the following lines to accept
>> # certificates signed by cacert.org:
>> #modparam("tls", "ca_list", "......cacert.org.pem")
> I can live with that.
> sr-dev mailing list
> sr-dev at lists.sip-router.org
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
More information about the sr-dev