[sr-dev] git:master:19d0a2a2: tlsa: imported README file

Module: kamailio Branch: master Commit: 19d0a2a2177ca206de417fc1cb412c5b6dd0f393 URL: https://github.com/kamailio/kamailio/commit/19d0a2a2177ca206de417fc1cb412c5… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2021-08-02T12:38:49+02:00 tlsa: imported README file --- Added: src/modules/tlsa/README Modified: src/modules/tlsa/doc/tlsa.xml --- Diff: https://github.com/kamailio/kamailio/commit/19d0a2a2177ca206de417fc1cb412c5… Patch: https://github.com/kamailio/kamailio/commit/19d0a2a2177ca206de417fc1cb412c5… --- diff --git a/src/modules/tlsa/README b/src/modules/tlsa/README new file mode 100644 index 0000000000..100da0fed4 --- /dev/null +++ b/src/modules/tlsa/README @@ -0,0 +1,55 @@ +TLSA Module + +Daniel-Constantin Mierla + + kamailio.org + + Copyright © 2021 kamailio.org + __________________________________________________________________ + + Table of Contents + + 1. Admin Guide + + 1. Overview + +Chapter 1. Admin Guide + + Table of Contents + + 1. Overview + +1. Overview + + This is a pseudo module that builds TLS module compiled statically + against libssl and libcrypto (from OpenSSL project). Its C code files + simply include the files from TLS module, setting a different module + name. + + It is a replacement for tls module, with the same modparams and + functions. Just replace ' loadmodule "tls.so" ' with ' loadmodule + "tlsa.so" ' and ' modparam("tls", ...) ' with ' modparam("tlsa", ...) + '. See the docs of TLS module for all the details related to its + parameters, functions, rpc commands, variables, ... + + The benefit of this module is having the libssl and libcrypto embedded + in the module object file, thus not sharing the SSL/TLS context with + any other modules that may link indirectly to libssl (e.g., like + http_client that links against libcurl, which uses libssl). In this + way, the initialization of SSL context (e.g., setting shared memory + management functions) by tlsa module does not impact the other modules. + + Another benefit could be the ability to link a specific libssl version + (e.g., using source build), not being bound to the version shipped with + the operating system. + + The drawback is that updates to the libssl done via operating system + upgrades are not reflected in the tlsa module. It has to be recompiled + every time a new libssl version is installed and it is wanted to be + used by tlsa module. + + NOTE: the module is known to work to be compiled with GCC on Linux + (tested on Debian Stable 10.x). Other compilers (e.g., clang, icc) may + not support same static linking options. Also, some operating systems + may provide only dynamic libssl and libcrypto libraries via their + packages. diff --git a/src/modules/tlsa/doc/tlsa.xml b/src/modules/tlsa/doc/tlsa.xml index 75da4b765c..eecc5f9ab1 100644 --- a/src/modules/tlsa/doc/tlsa.xml +++ b/src/modules/tlsa/doc/tlsa.xml @@ -65,6 +65,13 @@ be recompiled every time a new libssl version is installed and it is wanted to be used by tlsa module. </para> + <para> + NOTE: the module is known to work to be compiled with GCC on Linux + (tested on Debian Stable 10.x). Other compilers (e.g., clang, icc) + may not support same static linking options. Also, some operating + systems may provide only dynamic libssl and libcrypto libraries + via their packages. + </para> </section> </chapter> </book>