1. Yes - HSM private keys are stored in worker local memory and are not 
referenced in old structures during SIP connections. We make one reference 
during mod_child: we install it into the shmem SSL_CTX structure once (proc_no 
== 0) just to check the the private key corresponds to the cert; subsequently 
this reference is not used at connection time.

Later at connection time, even when we use SSL_CTX for proc_no == 0, we load 
the worker-local HSM  private key JIT into the SSL *object and don't use the 
(probably invalid) private key reference in SSL_CTX.

2. All main distros debian/RHEL/ubuntu build OpenSSL with engine support. We 
can skip this check and just assume that kamailio is being built with a 
reasonable OpenSSL prerequisite if you prefer.

3. License - comments from the community?

4. A few commits for better naming and guards: use better 
module/filename-specificsymbol names; also make a few more symbols static to 
avoid accidental leakage with common names.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1484#issuecomment-378572496
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to