[SR-Users] [sr-dev] Panning next major release - v4.4

Daniel-Constantin Mierla miconda at gmail.com
Mon Jan 11 17:38:03 CET 2016

On 09/01/16 01:12, Juha Heinanen wrote:
> Juha Heinanen writes:
>> I just tried by replacing ca_list file of my proxy (that contained ca
>> certs of my peers) with a single bogus ca cert.  Then I executed tls.cfg
>> and made a call from one of the peers to my proxy.  My proxy still
>> recognized the call as coming from the peer based on its tls common
>> name.  My understanding is that this should not have been possible if
>> the cached ca_list of my proxy would have been updated.
> It turned out that the old tls connection from the peer to my proxy was
> still alive.  After terminating the connection, a new connection setup
> was correctly refused.
> So looks like certs can be reloaded on the fly.  I'll try later with
> client and server certs.
OK, added some notes in the docs about it.


Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com

More information about the sr-users mailing list