Menu

#103 TLS: CA loading on the fly

open
nobody
core (12)
5
2012-10-24
2012-10-24
Dragos Oancea
No

Hi

I need opensips to be able to load CA files from a predefined directory which is configurable in the routing script
with an option like "tls_ca_dir" (similar to "tls_ca_list").
I also want to be able to load them on the fly , with an MI command.

I saw that SSL_CTX_load_verify_locations() is able to load the CAs from a directory , so I created
a small function in tls_init.c that would load the CAs from a directory at start time.
But how should I load the CA files with an MI command that would be called for example "load_ca_from_dir <filename>" ?
I do not want to restart opensips everytime a CA is added.
Is it possible to implement such a command easily ?

Any comment or suggestion is welcome.

Thank you!
Dragos

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.