Hi All,
Am using Kamailio 5.1.9 version, In my tls.cfg i have one client
and server profile,
along with default client and server profile.
I have crl enabled for the non default client and server profile , the crl
file size is 4 MB in my case.
I have 22 child tcp process.
With this what i observe is load_crl is taking close to 90 seconds to
finish its execution and return.
It is very clear from the code, its because of this for loop.
procs_no=get_max_procs();
for(i = 0; i < procs_no; i++) {
if (SSL_CTX_load_verify_locations(d->ctx[i], d->crl_file.s, 0) != 1) {
ERR("%s: Unable to load certificate revocation list '%s'\n",
tls_domain_str(d), d->crl_file.s);
TLS_ERR("load_crl:");
return -1;
}
store = SSL_CTX_get_cert_store(d->ctx[i]);
X509_STORE_set_flags(store,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
}
Is there a way this can be enhanced or as per the current kamailio design
this is a must to do for each and every profile and the child process array
list.
Please suggest, is it justifiable for load_crl to take 90 seconds , to
complete its execution, with one client and server profile and 22 child tcp
process and crl file size of 4MB.
More info of my setup:
-----------------------------
Kamailio 5.1.9 version is running on the below
Linux Kernel version : 3.10.0-693.el7.x86_64
Centos version : CentOS Linux release 7.4.1708 (Core)
CPU : 2 cores with model name : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
[root@miv5000 ~]# cat /proc/meminfo
MemTotal: 3882076 kB
MemFree: 811244 kB
MemAvailable: 2320356 kB
Openssl verison : OpenSSL 1.0.2k-fips 26 Jan 2017
Regards,
Mahesh.B
Hi List,
my google skills dont help me.
I know there is a kind of build-in variable that you can use for example
to return the name of the route you are referring to right now.
here some pseudo kamailio-scripting-language:
route[FANCY_ROUTE] {
xlog("L_INFO", "$??? something happened\n";
}
I search for $??? (as placeholder) which should return the route-name
"route[FANCY_ROUTE]" or something like that?
Take care.
--
Cheers
*Karsten Horsmann*
Hello,
For those of you integrating with WebRTC and using a websocket control
plane like SIP.js how do you handle trickle ICE? If you use trickle
ICE any recommended RTP media servers (FreeSWITCH, Kurento, ....)?
SIP.js does some trick like delay XXX ms before sending out the offer
assuming the browser has collected all the ICE candidates, or maybe
even wait for the IceGatheringDone event: what do you think of such a
pattern?
I see that rtpengine source code mentions "trickle" in a few places,
but the rtpengine module doesn't make it clear how to send a ICE
candidate for an existing call.
Cheers
Anthony Alba
