[sr-dev] CAcert.org root certs in trunk
Olle E. Johansson
oej at edvina.net
Thu Feb 6 10:32:58 CET 2014
On 06 Feb 2014, at 10:28, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
> Hello,
>
> I think that importing the certificate in the repository will add some overhead, as we have to periodically check if it was revoked or updated.
Root certificates typically have a long timespan to be able to be imported.
>
> Maybe we can add a make target or a script to download and install it on demand.
I wanted it to be included to make sure that there's no excuse. We can of course download
during install so it's in there. Maybe that's a good idea.
>
> Regarding the config options, perhaps is better to add a kamailio-secure.cfg for the time being, where to build a config file targeting secure deployments. I guess we have to do more changes than just few parameter for tls module (or tls config). Over the time, we can push parts (or all) in kamailio.cfg.
Ok.
/O
>
> Cheers,
> Daniel
>
>
> On 06/02/14 08:25, Olle E. Johansson wrote:
>> On 05 Feb 2014, at 18:53, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>>
>>> On 05.02.2014 13:37, Olle E. Johansson wrote:
>>>> Hi!
>>>>
>>>> I would like to add cacert.org root certificates to the Kamailio distribution, so that every Kamailio server gets these as approved certificates by default with the default TLS settings.
>>>>
>>>> Anyone having problems with doing that?
>>> I do not trust cacert anything more than all the commercials CA. Thus I do not want to trust the cacert automatically.
>>>
>>> What would be fine for is something like that in kamailio.cfg:
>>>
>>> # remove the comments from the following lines to accept
>>> # certificates signed by cacert.org:
>>> #modparam("tls", "ca_list", "......cacert.org.pem")
>>>
>> I can live with that.
>>
>> /O
>> _______________________________________________
>> sr-dev mailing list
>> sr-dev at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
More information about the sr-dev
mailing list