23 Mar
2012
23 Mar
'12
12:14 p.m.
On 3/19/12 12:59 PM, Juha Heinanen wrote:
Daniel-Constantin Mierla writes:
right, would have been hard to distinguish if one
wants to use default
one or none at all when ca_list is not specified in the server profile.
Maybe we can improve a bit in the way that if there are same ca_list and
crl path, to load once and do references from the other profiles. I
don't know if there is lot of coding, but should be kept in mind for
future optimizations. Perhaps could be added in the tracker not to
forget about.
I guess it is loaded two time, for the server and
client profiles. Try
to set it via dedicated module parameter and see if you get better
memory usage:
http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list
i tried and it
turned out that it is not possible to mix and match tls
config file and module params. if config file param file is given, then
mod param ca_list is ignored.
also, it looks like it is not possible to share the same ca_list between
different tls.cfg sections, but each section needs to have its own
ca_list entry, which then increases memory requirement.
At some point I thought
about having a global section, for fallback
purposes, like if not specified per server, use global options. But then
gets into the issue presented in previous paragraph -- how to specify
not to use one at all for some servers.
Cheers,
Daniel
--
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/