24 Feb
2009
24 Feb
'09
10:25 p.m.
Andrei Pelinescu-Onciul wrote:
On Feb 23, 2009 at 22:02, Jan Janak
<jan(a)iptel.org> wrote:
I think that's not true. K's TLS also supports name-based TLS domains
(the TLS domain can be selected by setting an AVP) and it also supports
the servername extension (multiple TLS domains use the same socket).
AFAIK these features are not available in ser.
Hello,
If we want to make the sip-router core usable in both projects, we would also
need to merge both tls implementations. In SER we moved the the TLS
implementation into tls module.
In Kamailio it appears that the tls implementation is in tls subdirectory in
the core and then there is tlsops module which contains pseudovariables used
to retrieve information from TLS certificates.
Unless somebody has a better idea, I would propose that we merge the tls
implementation from kamailio core into ser tls module. In addition to that we
could merge the implementation of tls related pseudovariables from tlsops into
the tls module and then put the tls module into the sip-router repository.
I don't think there is anything to merge from kamailio tls core. It's
just basic tls which is fully supported by ser tls module (they have a
common ancestry anyway). Moreover ser tls has lots of workarounds in
place for various bugs in openssl. Regarding tlsops: we already have extensive ser select
support in tls
and as far as I understood from Daniel selects are/will be accessible via
psedo-vars too. So does it make sense to port the pseudo vars from
tlsops? Is that something extra supported by them?
IIRC the tlsops module is basically just the "select" ported from ser to
Kamailio. Of course the servername pseudo variable is not available in
the select.
Otherwise, if there is a generic mechanism to access "selects" via PV
then the tlsops could be removed (with servername added to select).
regards
klaus