1. Yes - HSM private keys are stored in worker local memory and are not 
referenced in old structures during SIP connections. We make one reference 
during mod_child: we install it into the shmem SSL_CTX structure once (proc_no 
== 0) just to check the the private key corresponds to the cert; subsequently 
this reference is not used at connection time.

Later at connection time, even when we use SSL_CTX for proc_no == 0, we load 
the worker-local HSM  private key JIT into the SSL *object and don't use the 
(probably invalid) private key reference in SSL_CTX.

2. All main distros debian/RHEL/ubuntu build OpenSSL with engine support. We 
can skip this check and just assume that kamailio is being built with a 
reasonable OpenSSL prerequisite if you prefer.

3. License - comments from the community?

4. A few commits for better naming and guards: use better 
module/filename-specificsymbol names; also make a few more symbols static to 
avoid accidental leakage with common names.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Kamailio (SER) - Development Mailing List

Reply via email to