1. Yes - HSM private keys are stored in worker local memory and are not
referenced in old structures during SIP connections. We make one reference
during mod_child: we install it into the shmem SSL_CTX structure once (proc_no
== 0) just to check the the private key corresponds to the cert; subsequently
this reference is not used at connection time.
Later at connection time, even when we use SSL_CTX for proc_no == 0, we load
the worker-local HSM private key JIT into the SSL *object and don't use the
(probably invalid) private key reference in SSL_CTX.
2. All main distros debian/RHEL/ubuntu build OpenSSL with engine support. We
can skip this check and just assume that kamailio is being built with a
reasonable OpenSSL prerequisite if you prefer.
3. License - comments from the community?
4. A few commits for better naming and guards: use better
module/filename-specificsymbol names; also make a few more symbols static to
avoid accidental leakage with common names.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1484#issuecomment-378572496
_______________________________________________
Kamailio (SER) - Development Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
