On Sat, Oct 10, 2009 at 2:05 PM, Olle E. Johansson oej@edvina.net wrote:
10 okt 2009 kl. 14.04 skrev Jan Janak:
On Sat, Oct 10, 2009 at 1:58 PM, Olle E. Johansson oej@edvina.net wrote:
<title><varname>config</varname> (string)</title> <para> Sets the name of the TLS specific config file. </para> ; <para> If set the TLS module will load a special config file, in which different TLS parameters can be specified on a per role (server or client) and domain basis (for now only IPs). The corresponding module parameters will be ignored. </para>
Is this still valid - that we only configure tls on IP?
Currently yes. It is on my todo list to extend the configuration file syntax to also support server names, but I am not there yet.
And we're in code freeze...
<para> This documentation is incomplete. The select framework and rpc sections are completely missing. </para>
Is this also on someone's list? Documentation is still open although code is frozen... ;-)
It is not on mine, so probably not :-). Documenting selects and RPCs for TLS module would be very helpful if you have the time.
We have to RPC commands, tls.reload and tls.list. The command tls.reload can be used to reload the TLS configuration file at runtime. The command tls.list lists all active TLS connections, the output of tls.list contains the following fields: id, timeout, src_ip, src_port, dst_ip, dst_port, and tls (extra TLS information, such as ciphers used).
The module supports both Kamailio TLS PVs and SER selects. They are both implemented in file tls_select.c. That's where you can get the list of currently implemented PVs.
The list of implemented TLS selects is here:
http://sip-router.org/wiki/cookbooks/selects/devel
look for selects starting with @tls. Note that there are aliases, so @tls.peer.cn, @tls.peer.commonName, @tls.peer.common_name, and @tls.peer.name all implement the same thing. I think we should document just one variant, for example all names that use _ as delimiter.
Jan.