On Thursday 31 May 2018 at 21:49:15, Daniel-Constantin Mierla wrote:
Hello,
older versions of kamailio packages included self signed certificates, but, afaik, the newer do not include as Debian imposed reproducible builds. The certificate being generated at build time, was always different.
Indeed - Debian does not like packages which turn out differently each time they are created on a buildserver.
So you have to generate the certificates yourself. One option is to get a clone of the source tree of kamailio and go to src/modules/tls and run:
./sip-router_cert.sh -d /etc/kamailio/
It's perfectly acceptable (for Debian, I mean) if a package generates its own certificates at install time (rather than at package creation time). Sendmail does this, for example.
It might be helpful to look into adding the above command to the post-install scripts for kamailio so that Debian gets what they want and end users get what they expect.
Regards,
Antony.