<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Ryan,<br>
<br>
Thanks for the feedback here, I will take a look at the PR.<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
<a class="moz-txt-link-freetext" href="https://www.siphub.com">https://www.siphub.com</a></pre>
<div class="moz-cite-prefix">On 20.11.2025 21:36, Ryan Bullock
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAcj4gWMWm5gOD4qOd3+ZhmRqyZbHf1woEuefYDKAFQd80jaDA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hey Bogdan-Andrei,</div>
<div><br>
</div>
<div>Yeah, we have that patchset running on our 3.6 builds and
it looks good. Tested concurrent reloads against concurrent
inbound connections without issue. <br>
<br>
Like I mentioned in the pull request, I don't have database
provisioned tls domains to double check for regressions in
that scenario. If someone using database base provisioning
could try it out it would be great. Happy to fix any issues
reported.</div>
</div>
<br>
<div class="gmail_quote gmail_quote_container">
<div dir="ltr" class="gmail_attr">On Thu, Nov 20, 2025 at
2:29 AM Bogdan-Andrei Iancu <<a
href="mailto:bogdan@opensips.org" moz-do-not-send="true"
class="moz-txt-link-freetext">bogdan@opensips.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div> <font face="monospace">Hi Ryan,<br>
<br>
Should I understand the version here <a
href="https://github.com/OpenSIPS/opensips/pull/3760"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://github.com/OpenSIPS/opensips/pull/3760</a>
is quite some final, working one ?<br>
<br>
Regards,<br>
</font>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a href="https://www.opensips-solutions.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.opensips-solutions.com</a>
<a href="https://www.siphub.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.siphub.com</a></pre>
<div>On 15.11.2025 01:07, Ryan Bullock wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Initial testing looks ok. You can see the patchset
here <a
href="https://github.com/rrb3942/opensips/tree/tls_mgm_reload"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://github.com/rrb3942/opensips/tree/tls_mgm_reload</a></div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Nov 13, 2025
at 3:56 PM Matthew Schumacher <<a
href="mailto:schu@schu.net" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">schu@schu.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="auto">
<div dir="ltr">That’s helpful. If you message me
the patch when you have it, I can help test.</div>
<div dir="ltr"><br>
<blockquote type="cite">On Nov 13, 2025, at
9:39 AM, Ryan Bullock <<a
href="mailto:rrb3942@gmail.com"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">rrb3942@gmail.com</a>>
wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Hey Matt,<br>
<br>
</div>
OpenSIPs currently only supports tls_reload
for domains managed in a database.
Coincidentally I started a patch set earlier
this week to allow reloading the keys,
certificates, etc for domains defined in the
config script. No ETA on a pull request yet,
it is still in testing mode.</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Nov
12, 2025 at 10:00 PM Matthew Schumacher <<a
href="mailto:schu@schu.net"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">schu@schu.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello
All,<br>
<br>
I have a 3.2 server where I can't reload
certs. Is this because I'm not <br>
storing the certs in a database? How can I
work around this? The server <br>
is never idle enough for me to restart and
my cert expires in a few <br>
days. Am I forced to kick people off to
restart? Also, is there a way <br>
to tell opensips to not accept any new
calls? I'm not sure how much that <br>
will help, but it would be good to know.<br>
<br>
Thanks!<br>
<br>
<br>
root@sbc:/etc/opensips# opensips-cli -f
/etc/opensips/opensips-cli.cfg <br>
-x mi tls_reload<br>
ERROR: command 'tls_reload' returned: 500:
DB url not set<br>
<br>
root@sbc:/etc/opensips# opensips-cli -f
/etc/opensips/opensips-cli.cfg <br>
-x mi tls_list<br>
{<br>
"Domains": [<br>
{<br>
"name": "client",<br>
"type": "TLS_DOMAIN_CLI",<br>
"IP ADDRESS FILTERS": [<br>
"*"<br>
],<br>
"SIP DOMAIN FILTERS": [<br>
"*"<br>
],<br>
"METHOD": "TLSv1_2",<br>
"VERIFY_CERT": true,<br>
"REQ_CLI_CERT": false,<br>
"CRL_CHECKALL": false,<br>
"CERT_FILE":
"/etc/ssl/certs/siptrunk_domain_net.crt",<br>
"CRL_DIR": "",<br>
"CA_FILE":
"/etc/ssl/certs/ca-certificates.crt",<br>
"CA_DIR": "/etc/pki/CA/",<br>
"PKEY_FILE":
"/etc/ssl/certs/siptrunk_domain_net.key",<br>
"CIPHER_LIST": "",<br>
"DH_PARAMS_FILE": "",<br>
"EC_CURVE": ""<br>
},<br>
{<br>
"name": "server",<br>
"type": "TLS_DOMAIN_SRV",<br>
"IP ADDRESS FILTERS": [<br>
"x.x.x.x:5061",<br>
"y.y.y.y:5061"<br>
],<br>
"SIP DOMAIN FILTERS": [<br>
"*"<br>
],<br>
"METHOD": "TLSv1_2",<br>
"VERIFY_CERT": false,<br>
"REQ_CLI_CERT": true,<br>
"CRL_CHECKALL": false,<br>
"CERT_FILE":
"/etc/ssl/certs/siptrunk_domain_net.crt",<br>
"CRL_DIR": "",<br>
"CA_FILE":
"/etc/ssl/certs/ca-certificates.crt",<br>
"CA_DIR": "/etc/pki/CA/",<br>
"PKEY_FILE":
"/etc/ssl/certs/siptrunk_domain_net.key",<br>
"CIPHER_LIST":
"ALL:!aNULL:!eNULL:!MD5:!RC4",<br>
"DH_PARAMS_FILE": "",<br>
"EC_CURVE": ""<br>
}<br>
]<br>
}<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<span>_______________________________________________</span><br>
<span>Users mailing list</span><br>
<span><a href="mailto:Users@lists.opensips.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Users@lists.opensips.org</a></span><br>
<span><a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></span><br>
</div>
</blockquote>
</div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>