1. Yes - HSM private keys are stored in worker local memory and are not
referenced in old structures during SIP connections. We make one reference
during mod_child: we install it into the shmem SSL_CTX structure once (proc_no
== 0) just to check the the private key corresponds to the cert; subsequently
this reference is not used at connection time.
Later at connection time, even when we use SSL_CTX for proc_no == 0, we load
the worker-local HSM private key JIT into the SSL *object and don't use the
(probably invalid) private key reference in SSL_CTX.
2. All main distros debian/RHEL/ubuntu build OpenSSL with engine support. We
can skip this check and just assume that kamailio is being built with a
reasonable OpenSSL prerequisite if you prefer.
3. License - comments from the community?
4. A few commits for better naming and guards: use better
module/filename-specificsymbol names; also make a few more symbols static to
avoid accidental leakage with common names.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Kamailio (SER) - Development Mailing List