[SR-Users] memory allocation failure while reading ca_list

Jan Janak jan at ryngle.com
Mon Mar 19 16:04:23 CET 2012


I know this is not a solution, but you can also try to run

dpkg-reconfigure ca-certificates

and select only a couple of CA certificates you trust. That should
make the list much smaller. Debian includes a lot of CA certificates
in its default list and I am not sure whether it is a good idea to
trust them all blindly, given some of the recent issues with bad CAs..

-Jan

On Mon, Mar 19, 2012 at 07:59, Juha Heinanen <jh at tutpro.com> wrote:
> Daniel-Constantin Mierla writes:
>
>> I guess it is loaded two time, for the server and client profiles. Try
>> to set it via dedicated module parameter and see if you get better
>> memory usage:
>>
>> http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list
>
> i tried and it turned out that it is not possible to mix and match tls
> config file and module params.  if config file param file is given, then
> mod param ca_list is ignored.
>
> also, it looks like it is not possible to share the same ca_list between
> different tls.cfg sections, but each section needs to have its own
> ca_list entry, which then increases memory requirement.
>
> -- juha



More information about the sr-users mailing list