[SR-Users] memory allocation failure while reading ca_list
Jan Janak
jan at ryngle.com
Mon Mar 19 16:04:23 CET 2012
I know this is not a solution, but you can also try to run
dpkg-reconfigure ca-certificates
and select only a couple of CA certificates you trust. That should
make the list much smaller. Debian includes a lot of CA certificates
in its default list and I am not sure whether it is a good idea to
trust them all blindly, given some of the recent issues with bad CAs..
-Jan
On Mon, Mar 19, 2012 at 07:59, Juha Heinanen <jh at tutpro.com> wrote:
> Daniel-Constantin Mierla writes:
>
>> I guess it is loaded two time, for the server and client profiles. Try
>> to set it via dedicated module parameter and see if you get better
>> memory usage:
>>
>> http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list
>
> i tried and it turned out that it is not possible to mix and match tls
> config file and module params. if config file param file is given, then
> mod param ca_list is ignored.
>
> also, it looks like it is not possible to share the same ca_list between
> different tls.cfg sections, but each section needs to have its own
> ca_list entry, which then increases memory requirement.
>
> -- juha
More information about the sr-users
mailing list