19 Mar
2012
19 Mar
'12
5:04 p.m.
I know this is not a solution, but you can also try to run
dpkg-reconfigure ca-certificates
and select only a couple of CA certificates you trust. That should
make the list much smaller. Debian includes a lot of CA certificates
in its default list and I am not sure whether it is a good idea to
trust them all blindly, given some of the recent issues with bad CAs..
-Jan
On Mon, Mar 19, 2012 at 07:59, Juha Heinanen <jh(a)tutpro.com> wrote:
Daniel-Constantin Mierla writes:
I guess it is loaded two time, for the server and
client profiles. Try
to set it via dedicated module parameter and see if you get better
memory usage:
http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list
i tried and it turned out that it is not possible to mix and match tls
config file and module params. if config file param file is given, then
mod param ca_list is ignored.
also, it looks like it is not possible to share the same ca_list between
different tls.cfg sections, but each section needs to have its own
ca_list entry, which then increases memory requirement.
-- juha