[sr-dev] [kamailio/kamailio] stirshaken: Properly handle intermediary/chain certificates when caching certificates (PR #3175)

Later notifications at github.com
Mon Jul 4 13:28:31 CEST 2022


@piotrgregor commented on this pull request.

@mrtrev Thank you very much for the PR. Indeed, certificate chain is not handled in libstirshaken when doing disk I/O. These changes would ideally go there. Methods that need to be changed (in libstirshaken) are:

`stir_shaken_load_x509_from_file` - read complete cert/chain object with `PEM_read_X509`/`sk_X509_push` just as you're doing that in `stirshaken_handle_cache_from_disk`

`stir_shaken_x509_to_disk` - write complete cett/chain object with `PEM_write_X509`/`sk_X509_num` just as you're doing this in `stirshaken_handle_cache_to_disk`

Can you please suggest these changes to [libstirshaken](https://github.com/signalwire/libstirshaken)? Then we do not need to make changes to this module (maybe just the logging related).

@miconda I suggest this is handled in libstirshaken, then optionally cosmetic changes (@mrtrev proposed also some more logging) are merged.



-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3175#pullrequestreview-1027418018
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/3175/review/1027418018 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20220704/b47ae7ed/attachment.htm>


More information about the sr-dev mailing list