git:master:19d0a2a2: tlsa: imported README file - sr-dev

2 Aug 2021

Module: kamailio
Branch: master
Commit: 19d0a2a2177ca206de417fc1cb412c5b6dd0f393
URL: https://github.com/kamailio/kamailio/commit/19d0a2a2177ca206de417fc1cb412c5b...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2021-08-02T12:38:49+02:00
tlsa: imported README file
---
Added: src/modules/tlsa/README
Modified: src/modules/tlsa/doc/tlsa.xml
---
Diff:  https://github.com/kamailio/kamailio/commit/19d0a2a2177ca206de417fc1cb412c5b...
Patch: https://github.com/kamailio/kamailio/commit/19d0a2a2177ca206de417fc1cb412c5b...
---

diff --git a/src/modules/tlsa/README b/src/modules/tlsa/README
new file mode 100644
index 0000000000..100da0fed4
--- /dev/null
+++ b/src/modules/tlsa/README
@@ -0,0 +1,55 @@
+TLSA Module
+
+Daniel-Constantin Mierla
+
+   kamailio.org
+
+   Copyright © 2021 kamailio.org
+     __________________________________________________________________
+
+   Table of Contents
+
+   1. Admin Guide
+
+        1. Overview
+
+Chapter 1. Admin Guide
+
+   Table of Contents
+
+   1. Overview
+
+1. Overview
+
+   This is a pseudo module that builds TLS module compiled statically
+   against libssl and libcrypto (from OpenSSL project). Its C code files
+   simply include the files from TLS module, setting a different module
+   name.
+
+   It is a replacement for tls module, with the same modparams and
+   functions. Just replace ' loadmodule "tls.so" ' with ' loadmodule
+   "tlsa.so" ' and ' modparam("tls", ...) ' with ' modparam("tlsa", ...)
+   '. See the docs of TLS module for all the details related to its
+   parameters, functions, rpc commands, variables, ...
+
+   The benefit of this module is having the libssl and libcrypto embedded
+   in the module object file, thus not sharing the SSL/TLS context with
+   any other modules that may link indirectly to libssl (e.g., like
+   http_client that links against libcurl, which uses libssl). In this
+   way, the initialization of SSL context (e.g., setting shared memory
+   management functions) by tlsa module does not impact the other modules.
+
+   Another benefit could be the ability to link a specific libssl version
+   (e.g., using source build), not being bound to the version shipped with
+   the operating system.
+
+   The drawback is that updates to the libssl done via operating system
+   upgrades are not reflected in the tlsa module. It has to be recompiled
+   every time a new libssl version is installed and it is wanted to be
+   used by tlsa module.
+
+   NOTE: the module is known to work to be compiled with GCC on Linux
+   (tested on Debian Stable 10.x). Other compilers (e.g., clang, icc) may
+   not support same static linking options. Also, some operating systems
+   may provide only dynamic libssl and libcrypto libraries via their
+   packages.
diff --git a/src/modules/tlsa/doc/tlsa.xml b/src/modules/tlsa/doc/tlsa.xml
index 75da4b765c..eecc5f9ab1 100644
--- a/src/modules/tlsa/doc/tlsa.xml
+++ b/src/modules/tlsa/doc/tlsa.xml
@@ -65,6 +65,13 @@
    		be recompiled every time a new libssl version is installed and it
    		is wanted to be used by tlsa module.
    	</para>
+		<para>
+			NOTE: the module is known to work to be compiled with GCC on Linux
+			(tested on Debian Stable 10.x). Other compilers (e.g., clang, icc)
+			may not support same static linking options. Also, some operating
+			systems may provide only dynamic libssl and libcrypto libraries
+			via their packages.
+		</para>
    </section>
    </chapter>
 </book>

    