Module: kamailio Branch: master Commit: 8d4653cc2e0113bcec4397657e27b8c19b1849a7 URL: https://github.com/kamailio/kamailio/commit/8d4653cc2e0113bcec4397657e27b8c… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2018-09-06T12:57:56+02:00 tls: tls.cfg - more sample tls domain profiles - small edits to explanatory comments --- Modified: src/modules/tls/tls.cfg --- Diff: https://github.com/kamailio/kamailio/commit/8d4653cc2e0113bcec4397657e27b8c… Patch: https://github.com/kamailio/kamailio/commit/8d4653cc2e0113bcec4397657e27b8c… --- diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg index dd25abd4ac..b84ba8fcfc 100644 --- a/src/modules/tls/tls.cfg +++ b/src/modules/tls/tls.cfg @@ -2,8 +2,9 @@ # Example Kamailio TLS Configuration File # -# This is the default server domain, settings -# in this domain will be used for all incoming +# --- +# This is the default server domain profile. +# Settings in this domain will be used for all incoming # connections that do not match any other server # domain in this configuration file. # @@ -20,8 +21,9 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem #ca_list = /usr/local/etc/kamailio/tls/cacert.pem #crl = /usr/local/etc/kamailio/tls/crl.pem -# This is the default client domain, settings -# in this domain will be used for all outgoing +# --- +# This is the default client domain profile. +# Settings in this domain will be used for all outgoing # TLS connections that do not match any other # client domain in this configuration file. # We require that servers present valid certificate. @@ -31,6 +33,7 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem verify_certificate = yes require_certificate = yes +# --- # This is an example server domain for TLS connections # received from the loopback interface. We allow # the use of TLSv1 protocols here, we do @@ -46,11 +49,12 @@ require_certificate = yes #private_key = /usr/local/etc/kamailio/tls/local_key.pem #certificate = /usr/local/etc/kamailio/tls/local_cert.pem #verify_depth = 3 -#ca_list = local_ca.pem -#crl = local_crl.pem +#ca_list = /usr/local/etc/kamailio/tls/local_ca.pem +#crl = /usr/local/etc/kamailio/tls/local_crl.pem #server_name = kamailio.org #server_id = kamailio.org +# --- # Special settings for connecting to the example.sip (1.2.3.4) # public SIP server. We do not verify the certificate of the # server because it can be expired. The server @@ -60,9 +64,43 @@ require_certificate = yes # #[client:1.2.3.4:5061] #verify_certificate = no -#certificate = /usr/local/etc/kamailio/tls/example_client.pem #private_key = /usr/local/etc/kamailio/tls/example_key.pem +#certificate = /usr/local/etc/kamailio/tls/example_cert.pem #ca_list = /usr/local/etc/kamailio/tls/example_ca.pem #crl = /usr/local/etc/kamailio/tls/example_crl.pem #server_name = example.sip #server_id = example.sip + +# --- +# Example server profile for listening on any ip/port +# - it requires to have 'server_name' to match on SNI (domain and subdomains) +# +#[server:any] +#method = TLSv1 +#verify_certificate = yes +#require_certificate = no +#private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem +#certificate = /usr/local/etc/kamailio/tls/mysipserver_org_cert.pem +#verify_depth = 3 +#ca_list = /usr/local/etc/kamailio/tls/mysipserver_org_ca.pem +#crl = /usr/local/etc/kamailio/tls/mysipserver_org_crl.pem +#server_name = mysipserver.org +#server_name_mode = 1 +#server_id = mysipserver.org + +# --- +# Example server profile for listening on any ip/port +# - it requires to have 'server_name' to match on SNI (only subdomains) +# +#[server:any] +#method = TLSv1 +#verify_certificate = yes +#require_certificate = no +#private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem +#certificate = /usr/local/etc/kamailio/tls/mysipserver_net_cert.pem +#verify_depth = 3 +#ca_list = /usr/local/etc/kamailio/tls/mysipserver_net_ca.pem +#crl = /usr/local/etc/kamailio/tls/mysipserver_net_crl.pem +#server_name = mysipserver.net +#server_name_mode = 2 +#server_id = mysipserver.net