5 Feb
2014
5 Feb
'14
2:37 p.m.
Hi!
I would like to add cacert.org root certificates to the Kamailio distribution, so that
every Kamailio server gets these as approved certificates by default with the default TLS
settings.
Anyone having problems with doing that?
/O
5 Feb
5 Feb
2:45 p.m.
Hi,
2014-02-05 Olle E. Johansson <oej(a)edvina.net>et>:
I would like to add cacert.org root certificates to
the Kamailio distribution, so that every Kamailio server gets these as approved
certificates by default with the default TLS settings.
from my POV this should be archived at the packaging level. In Debian,
adding a dependence for ca-certificates in tls module package.
Cheers,
Victor
2:50 p.m.
On 05 Feb 2014, at 13:45, Victor Seva <linuxmaniac(a)torreviejawireless.org> wrote:
Hi,
2014-02-05 Olle E. Johansson <oej(a)edvina.net>et>:
Do you really mean "archived" ?
I think doing it at the packaging level is fine, but it does not cover all cases.
/O
I would like to add cacert.org root certificates
to the Kamailio distribution, so that every Kamailio server gets these as approved
certificates by default with the default TLS settings.
from my POV this should be archived at the packaging level. In Debian,
adding a dependence for ca-certificates in tls module package.
3:07 p.m.
2014-02-05 Olle E. Johansson <oej(a)edvina.net>et>:
On 05 Feb 2014, at 13:45, Victor Seva
<linuxmaniac(a)torreviejawireless.org> wrote:
I meant "achieved" :-)
2014-02-05 Olle E. Johansson
<oej(a)edvina.net>et>:
Do you really mean "archived" ? I would like to add cacert.org root certificates
to the Kamailio distribution, so that every Kamailio server gets these as approved
certificates by default with the default TLS settings.
from my POV this should be archived at the packaging level. In Debian,
adding a dependence for ca-certificates in tls module package. I think doing it at the packaging level is fine, but
it does not cover all cases.
Fine. But please do that in a configurable way.
Cheers,
Victor
7:55 p.m.
On 05.02.2014 13:45, Victor Seva wrote:
Hi,
2014-02-05 Olle E. Johansson <oej(a)edvina.net>et>:
That sounds nice (I'm a Debian guy), except that I would like to have to
comment the cacert inclusion by default, as written in the other email.
regards
Klaus
I would like to add cacert.org root certificates
to the Kamailio distribution, so that every Kamailio server gets these as approved
certificates by default with the default TLS settings.
from my POV this should be archived at the packaging level. In Debian,
adding a dependence for ca-certificates in tls module package.
7:53 p.m.
On 05.02.2014 13:37, Olle E. Johansson wrote:
Hi!
I would like to add cacert.org root certificates to the Kamailio distribution, so that
every Kamailio server gets these as approved certificates by default with the default TLS
settings.
Anyone having problems with doing that?
I do not trust cacert anything more than all the commercials CA. Thus I
do not want to trust the cacert automatically.
What would be fine for is something like that in kamailio.cfg:
# remove the comments from the following lines to accept
# certificates signed by cacert.org:
#modparam("tls", "ca_list", "......cacert.org.pem")
regards
Klaus
6 Feb
6 Feb
9:25 a.m.
On 05 Feb 2014, at 18:53, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
On 05.02.2014 13:37, Olle E. Johansson wrote:
I can live with that.
/O
Hi!
I would like to add cacert.org root certificates to the Kamailio distribution, so that
every Kamailio server gets these as approved certificates by default with the default TLS
settings.
Anyone having problems with doing that?
I do not trust cacert anything more than all the commercials CA. Thus I do not want to
trust the cacert automatically.
What would be fine for is something like that in kamailio.cfg:
# remove the comments from the following lines to accept
# certificates signed by cacert.org:
#modparam("tls", "ca_list", "......cacert.org.pem")
11:28 a.m.
Hello,
I think that importing the certificate in the repository will add some
overhead, as we have to periodically check if it was revoked or updated.
Maybe we can add a make target or a script to download and install it on
demand.
Regarding the config options, perhaps is better to add a
kamailio-secure.cfg for the time being, where to build a config file
targeting secure deployments. I guess we have to do more changes than
just few parameter for tls module (or tls config). Over the time, we can
push parts (or all) in kamailio.cfg.
Cheers,
Daniel
On 06/02/14 08:25, Olle E. Johansson wrote:
On 05 Feb 2014, at 18:53, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
On 05.02.2014 13:37, Olle E. Johansson wrote:
I can live with that.
/O
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev Hi!
I would like to add cacert.org root certificates to the Kamailio distribution, so that
every Kamailio server gets these as approved certificates by default with the default TLS
settings.
Anyone having problems with doing that?
I do not trust cacert anything more than
all the commercials CA. Thus I do not want to trust the cacert automatically.
What would be fine for is something like that in kamailio.cfg:
# remove the comments from the following lines to accept
# certificates signed by cacert.org:
#modparam("tls", "ca_list", "......cacert.org.pem")
11:32 a.m.
On 06 Feb 2014, at 10:28, Daniel-Constantin Mierla <miconda(a)gmail.com> wrote:
Hello,
I think that importing the certificate in the repository will add some overhead, as we
have to periodically check if it was revoked or updated.
Root certificates typically
have a long timespan to be able to be imported.
Maybe we can add a make target or a script to download and install it on demand.
I
wanted it to be included to make sure that there's no excuse. We can of course
download
during install so it's in there. Maybe that's a good idea.
Regarding the config options, perhaps is better to add a kamailio-secure.cfg for the time
being, where to build a config file targeting secure deployments. I guess we have to do
more changes than just few parameter for tls module (or tls config). Over the time, we can
push parts (or all) in kamailio.cfg.
Ok.
/O
Cheers,
Daniel
On 06/02/14 08:25, Olle E. Johansson wrote:
On 05 Feb 2014, at 18:53, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev On 05.02.2014 13:37, Olle E. Johansson wrote:
I can live with that.
/O
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev Hi!
I would like to add cacert.org root certificates to the Kamailio distribution, so that
every Kamailio server gets these as approved certificates by default with the default TLS
settings.
Anyone having problems with doing that?
I do not trust cacert anything more than
all the commercials CA. Thus I do not want to trust the cacert automatically.
What would be fine for is something like that in kamailio.cfg:
# remove the comments from the following lines to accept
# certificates signed by cacert.org:
#modparam("tls", "ca_list", "......cacert.org.pem")
11:28 a.m.
Hello,
I think that importing the certificate in the repository will add some
overhead, as we have to periodically check if it was revoked or updated.
Maybe we can add a make target or a script to download and install it on
demand.
Regarding the config options, perhaps is better to add a
kamailio-secure.cfg for the time being, where to build a config file
targeting secure deployments. I guess we have to do more changes than
just few parameter for tls module (or tls config). Over the time, we can
push parts (or all) in kamailio.cfg.
Cheers,
Daniel
On 06/02/14 08:25, Olle E. Johansson wrote:
On 05 Feb 2014, at 18:53, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
On 05.02.2014 13:37, Olle E. Johansson wrote:
I can live with that.
/O
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev Hi!
I would like to add cacert.org root certificates to the Kamailio distribution, so that
every Kamailio server gets these as approved certificates by default with the default TLS
settings.
Anyone having problems with doing that?
I do not trust cacert anything more than
all the commercials CA. Thus I do not want to trust the cacert automatically.
What would be fine for is something like that in kamailio.cfg:
# remove the comments from the following lines to accept
# certificates signed by cacert.org:
#modparam("tls", "ca_list", "......cacert.org.pem")
3947
days inactive
3948
days old
9 comments
4 participants
participants (4)
-
Daniel-Constantin Mierla -
Klaus Darilion -
Olle E. Johansson -
Victor Seva