Merged #1484.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1484#event-1563652574___
Kamailio (SER) - Development Mailing List
* The current implementation assumes a single global engine, and per profile
private key: via the syntax `private_key: /engine:HSMPRIVATEKEY`. This is an
expedient workaround as the parser treats strings not starting with `/` as
relative PEM files. The magic prefix `/engine:` is meant for the
Are the new config parameters needed only in the global scope of the module
level, or it can be something needed per tls config profile (client/server)
inside tls.cfg?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@aalba6675 pushed 1 commit.
2b90923 revert editor whitespace changes
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/kamailio/kamailio/pull/1484/files/67fe8f07f12660fa61c5602556a4ba5e3fcf3fd7..2b909237ecc525b93f627b36e94c1ed8b743d45f
* I understand the reasoning behind the pre-processor defines now, if this is
an existing patter used in other projects its probably a good idea to use it in
our code as well.
* As for the private key loading procedure related to the fork(), I know this
issue from other modules, good that you
You will notice that the PR moves HSM private keys loading to child (after
fork()). Some further explanation is in order:
Engines like AWS CloudHSM(SafeNet "gem" and "LunaCA3" engines) are wrappers
around their PKCS 11 implementations. Some of these libraries do not behave
predictably after
Thanks for the comments, I summarize actionable items at the bottom as the
conversation develops. I can push further commits, and do the final squash when
it can be accepted.
1. Preprocessor defines `OPENSSL_NO_ENGINE` - followed nginx and HAProxy where
they use this to omit compile-time code
Hello, thank you for the contribution! A few observations/questions from my
side:
* you added the new functionality as a pre-processor define, what was the
reason for this? Will this change break some other functionality, or is there
some other compatibility issue/new dependencies introduced?
Documentation updates will followed after feedback on this PR.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: