<div dir="ltr"><div>Hey Bogdan-Andrei,</div><div><br></div><div>Yeah, we have that patchset running on our 3.6 builds and it looks good. Tested concurrent reloads against concurrent inbound connections without issue. <br><br>Like I mentioned in the pull request, I don't have database provisioned tls domains to double check for regressions in that scenario. If someone using database base provisioning could try it out it would be great. Happy to fix any issues reported.</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Nov 20, 2025 at 2:29 AM Bogdan-Andrei Iancu <<a href="mailto:bogdan@opensips.org">bogdan@opensips.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<font face="monospace">Hi Ryan,<br>
<br>
Should I understand the version here
<a href="https://github.com/OpenSIPS/opensips/pull/3760" target="_blank">https://github.com/OpenSIPS/opensips/pull/3760</a> is quite some
final, working one ?<br>
<br>
Regards,<br>
</font>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a href="https://www.opensips-solutions.com" target="_blank">https://www.opensips-solutions.com</a>
<a href="https://www.siphub.com" target="_blank">https://www.siphub.com</a></pre>
<div>On 15.11.2025 01:07, Ryan Bullock
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Initial testing looks ok. You can see the patchset here <a href="https://github.com/rrb3942/opensips/tree/tls_mgm_reload" target="_blank">https://github.com/rrb3942/opensips/tree/tls_mgm_reload</a></div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Nov 13, 2025 at
3:56 PM Matthew Schumacher <<a href="mailto:schu@schu.net" target="_blank">schu@schu.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="auto">
<div dir="ltr">That’s helpful. If you message me the patch
when you have it, I can help test.</div>
<div dir="ltr"><br>
<blockquote type="cite">On Nov 13, 2025, at 9:39 AM, Ryan
Bullock <<a href="mailto:rrb3942@gmail.com" target="_blank">rrb3942@gmail.com</a>>
wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Hey Matt,<br>
<br>
</div>
OpenSIPs currently only supports tls_reload for
domains managed in a database. Coincidentally I
started a patch set earlier this week to allow
reloading the keys, certificates, etc for domains
defined in the config script. No ETA on a pull request
yet, it is still in testing mode.</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Nov 12, 2025
at 10:00 PM Matthew Schumacher <<a href="mailto:schu@schu.net" target="_blank">schu@schu.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello
All,<br>
<br>
I have a 3.2 server where I can't reload certs. Is
this because I'm not <br>
storing the certs in a database? How can I work
around this? The server <br>
is never idle enough for me to restart and my cert
expires in a few <br>
days. Am I forced to kick people off to restart?
Also, is there a way <br>
to tell opensips to not accept any new calls? I'm
not sure how much that <br>
will help, but it would be good to know.<br>
<br>
Thanks!<br>
<br>
<br>
root@sbc:/etc/opensips# opensips-cli -f
/etc/opensips/opensips-cli.cfg <br>
-x mi tls_reload<br>
ERROR: command 'tls_reload' returned: 500: DB url
not set<br>
<br>
root@sbc:/etc/opensips# opensips-cli -f
/etc/opensips/opensips-cli.cfg <br>
-x mi tls_list<br>
{<br>
"Domains": [<br>
{<br>
"name": "client",<br>
"type": "TLS_DOMAIN_CLI",<br>
"IP ADDRESS FILTERS": [<br>
"*"<br>
],<br>
"SIP DOMAIN FILTERS": [<br>
"*"<br>
],<br>
"METHOD": "TLSv1_2",<br>
"VERIFY_CERT": true,<br>
"REQ_CLI_CERT": false,<br>
"CRL_CHECKALL": false,<br>
"CERT_FILE":
"/etc/ssl/certs/siptrunk_domain_net.crt",<br>
"CRL_DIR": "",<br>
"CA_FILE":
"/etc/ssl/certs/ca-certificates.crt",<br>
"CA_DIR": "/etc/pki/CA/",<br>
"PKEY_FILE":
"/etc/ssl/certs/siptrunk_domain_net.key",<br>
"CIPHER_LIST": "",<br>
"DH_PARAMS_FILE": "",<br>
"EC_CURVE": ""<br>
},<br>
{<br>
"name": "server",<br>
"type": "TLS_DOMAIN_SRV",<br>
"IP ADDRESS FILTERS": [<br>
"x.x.x.x:5061",<br>
"y.y.y.y:5061"<br>
],<br>
"SIP DOMAIN FILTERS": [<br>
"*"<br>
],<br>
"METHOD": "TLSv1_2",<br>
"VERIFY_CERT": false,<br>
"REQ_CLI_CERT": true,<br>
"CRL_CHECKALL": false,<br>
"CERT_FILE":
"/etc/ssl/certs/siptrunk_domain_net.crt",<br>
"CRL_DIR": "",<br>
"CA_FILE":
"/etc/ssl/certs/ca-certificates.crt",<br>
"CA_DIR": "/etc/pki/CA/",<br>
"PKEY_FILE":
"/etc/ssl/certs/siptrunk_domain_net.key",<br>
"CIPHER_LIST":
"ALL:!aNULL:!eNULL:!MD5:!RC4",<br>
"DH_PARAMS_FILE": "",<br>
"EC_CURVE": ""<br>
}<br>
]<br>
}<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<span>_______________________________________________</span><br>
<span>Users mailing list</span><br>
<span><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a></span><br>
<span><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></span><br>
</div>
</blockquote>
</div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div>