Re: [SR-Users] [sr-dev] Panning next major release - v4.4

9 Jan 2016


      Juha Heinanen writes:
...
I just tried by replacing ca_list file of my proxy (that contained ca
certs of my peers) with a single bogus ca cert.  Then I executed tls.cfg
and made a call from one of the peers to my proxy.  My proxy still
recognized the call as coming from the peer based on its tls common
name.  My understanding is that this should not have been possible if
the cached ca_list of my proxy would have been updated.
It turned out that the old tls connection from the peer to my proxy was
still alive.  After terminating the connection, a new connection setup
was correctly refused.
So looks like certs can be reloaded on the fly.  I'll try later with
client and server certs.
-- Juha

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] [sr-dev] Panning next major release - v4.4