[SR-Users] [sr-dev] Panning next major release - v4.4
jh at tutpro.com
Fri Jan 8 21:04:18 CET 2016
Daniel-Constantin Mierla writes:
> Afaik, tls.cfg can be reloaded at runtime, that should reload the tls
> certificates linked there. Have you tried and it doesn't work?
I just tried by replacing ca_list file of my proxy (that contained ca
certs of my peers) with a single bogus ca cert. Then I executed tls.cfg
and made a call from one of the peers to my proxy. My proxy still
recognized the call as coming from the peer based on its tls common
name. My understanding is that this should not have been possible if
the cached ca_list of my proxy would have been updated.
More information about the sr-users