I know this is not a solution, but you can also try to run dpkg-reconfigure ca-certificates
and select only a couple of CA certificates you trust. That should make the list much smaller. Debian includes a lot of CA certificates in its default list and I am not sure whether it is a good idea to trust them all blindly, given some of the recent issues with bad CAs.. -Jan On Mon, Mar 19, 2012 at 07:59, Juha Heinanen <j...@tutpro.com> wrote: > Daniel-Constantin Mierla writes: > >> I guess it is loaded two time, for the server and client profiles. Try >> to set it via dedicated module parameter and see if you get better >> memory usage: >> >> http://kamailio.org/docs/modules/stable/modules/tls.html#ca_list > > i tried and it turned out that it is not possible to mix and match tls > config file and module params. if config file param file is given, then > mod param ca_list is ignored. > > also, it looks like it is not possible to share the same ca_list between > different tls.cfg sections, but each section needs to have its own > ca_list entry, which then increases memory requirement. > > -- juha _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
