[SR-Users] [sr-dev] Panning next major release - v4.4

Juha Heinanen jh at tutpro.com
Fri Jan 8 21:04:18 CET 2016

Daniel-Constantin Mierla writes:

> Afaik, tls.cfg can be reloaded at runtime, that should reload the tls
> certificates linked there. Have you tried and it doesn't work?
> http://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.r.tls.reload

I just tried by replacing ca_list file of my proxy (that contained ca
certs of my peers) with a single bogus ca cert.  Then I executed tls.cfg
and made a call from one of the peers to my proxy.  My proxy still
recognized the call as coming from the peer based on its tls common
name.  My understanding is that this should not have been possible if
the cached ca_list of my proxy would have been updated.

-- Juha

More information about the sr-users mailing list