On 3/19/12 12:59 PM, Juha Heinanen wrote:
Daniel-Constantin Mierla writes:
I guess it is loaded two time, for the server and client profiles. Try to set it via dedicated module parameter and see if you get better memory usage:
http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list
i tried and it turned out that it is not possible to mix and match tls config file and module params. if config file param file is given, then mod param ca_list is ignored.
right, would have been hard to distinguish if one wants to use default one or none at all when ca_list is not specified in the server profile.
Maybe we can improve a bit in the way that if there are same ca_list and crl path, to load once and do references from the other profiles. I don't know if there is lot of coding, but should be kept in mind for future optimizations. Perhaps could be added in the tracker not to forget about.
also, it looks like it is not possible to share the same ca_list between different tls.cfg sections, but each section needs to have its own ca_list entry, which then increases memory requirement.
At some point I thought about having a global section, for fallback purposes, like if not specified per server, use global options. But then gets into the issue presented in previous paragraph -- how to specify not to use one at all for some servers.
Cheers, Daniel