Module: kamailio Branch: master Commit: f37344dddf53514e35a3d8c0e2d47c0672a80825 URL: https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c0… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-02-17T14:11:07+01:00 tls: added server_name to module parameters - not that useful in the case of defining a single set of tls attributes, but has to be coherent with the config options --- Modified: modules/tls/tls_cfg.c Modified: modules/tls/tls_cfg.h Modified: modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c0… Patch: https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c0… --- diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c index d6e1048..fd3b950 100644 --- a/modules/tls/tls_cfg.c +++ b/modules/tls/tls_cfg.c @@ -35,6 +35,7 @@ struct cfg_group_tls default_tls_cfg = { 0, /* tls_force_run */ STR_STATIC_INIT("TLSv1"), /* method */ + STR_NULL, /* server name (sni) */ 0, /* verify_certificate */ 9, /* verify_depth */ 0, /* require_certificate */ @@ -138,7 +139,9 @@ cfg_def_t tls_cfg_def[] = { {"force_run", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0, "force loading the tls module even when initial sanity checks fail"}, {"method", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0, - "TLS method used (TLSv1, SSLv3, SSLv2, SSLv23)"}, + "TLS method used (TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23)"}, + {"server_name", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0, + "Server name (SNI)"}, {"verify_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0, "if enabled the certificates will be verified" }, {"verify_depth", CFG_VAR_INT | CFG_READONLY, 0, 100, 0, 0, diff --git a/modules/tls/tls_cfg.h b/modules/tls/tls_cfg.h index 2768f0b..36cb662 100644 --- a/modules/tls/tls_cfg.h +++ b/modules/tls/tls_cfg.h @@ -41,6 +41,7 @@ struct cfg_group_tls { int force_run; str method; + str server_name; int verify_cert; int verify_depth; int require_cert; diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c index b02e1a1..ed8ac01 100644 --- a/modules/tls/tls_mod.c +++ b/modules/tls/tls_mod.c @@ -99,6 +99,7 @@ static tls_domain_t mod_params = { {0, }, /* Cipher list */ TLS_USE_TLSv1, /* TLS method */ STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */ + {0, 0}, /* Server name (SNI) */ 0 /* next */ }; @@ -120,6 +121,7 @@ tls_domain_t srv_defaults = { {0, 0}, /* Cipher list */ TLS_USE_TLSv1, /* TLS method */ STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */ + {0, 0}, /* Server name (SNI) */ 0 /* next */ }; @@ -141,6 +143,7 @@ tls_domain_t cli_defaults = { {0, 0}, /* Cipher list */ TLS_USE_TLSv1, /* TLS method */ {0, 0}, /* Certificate revocation list */ + {0, 0}, /* Server name (SNI) */ 0 /* next */ }; @@ -170,6 +173,7 @@ static cmd_export_t cmds[] = { */ static param_export_t params[] = { {"tls_method", PARAM_STR, &default_tls_cfg.method }, + {"server_name", PARAM_STR, &default_tls_cfg.server_name }, {"verify_certificate", PARAM_INT, &default_tls_cfg.verify_cert }, {"verify_depth", PARAM_INT, &default_tls_cfg.verify_depth }, {"require_certificate", PARAM_INT, &default_tls_cfg.require_cert }, @@ -307,6 +311,7 @@ static int mod_init(void) mod_params.crl_file = cfg_get(tls, tls_cfg, crl); mod_params.cert_file = cfg_get(tls, tls_cfg, certificate); mod_params.cipher_list = cfg_get(tls, tls_cfg, cipher_list); + mod_params.server_name = cfg_get(tls, tls_cfg, server_name); tls_domains_cfg = (tls_domains_cfg_t**)shm_malloc(sizeof(tls_domains_cfg_t*));