[SR-Users] [sr-dev] Panning next major release - v4.4
Daniel-Constantin Mierla
miconda at gmail.com
Mon Jan 11 17:38:03 CET 2016
On 09/01/16 01:12, Juha Heinanen wrote:
> Juha Heinanen writes:
>
>> I just tried by replacing ca_list file of my proxy (that contained ca
>> certs of my peers) with a single bogus ca cert. Then I executed tls.cfg
>> and made a call from one of the peers to my proxy. My proxy still
>> recognized the call as coming from the peer based on its tls common
>> name. My understanding is that this should not have been possible if
>> the cached ca_list of my proxy would have been updated.
> It turned out that the old tls connection from the peer to my proxy was
> still alive. After terminating the connection, a new connection setup
> was correctly refused.
>
> So looks like certs can be reloaded on the fly. I'll try later with
> client and server certs.
OK, added some notes in the docs about it.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
http://miconda.eu
More information about the sr-users
mailing list