6 Mar
2016
6 Mar
'16
4:06 p.m.
repro servers peer with each other in a federated manner just like SMTP servers for email,
but using TLS mutual authentication to prevent impersonation.
Kamailio has TLS support and should be able to talk to such servers and other Kamailio
servers in the same way.
It would be good to create a recommended sample configuration for this type of service and
also add it to the RTC Quick Start Guide:
http://rtcquickstart.org/guide/multi/sip-proxy.html
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531
6 Mar
6 Mar
4:59 p.m.
What is the issue with the current TLS sample?
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#issuecomment-192903422
6:14 p.m.
Which example? In the modules/tls directory I saw these:
https://github.com/kamailio/kamailio/blob/master/modules/tls/sip-router-tls…
https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg
and they are very brief. Is there a more complete example somewhere else showing how to
verify the client certificate ```subjectAltName``` or ```CN``` matches the ```From```
header of an incoming request?
In the manual:
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.quick_start
- this quick start section is very brief
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.p.tls_method
- ```tls_method``` documentation isn't clear. ```SSLv23_method``` is actually a very
good default and does not actually enable SSL 3.0 or below unless those are explicitly
compiled into OpenSSL. This should really be emphasized.
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.p.require_certi…
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.f.is_peer_verfi…
- ```require_certificate``` and ```is_peer_verified``` are explained very briefly. Should
```is_peer_verified``` take an argument perhaps, to verify that the peer is verified for a
specific URI or domain?
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#issuecomment-192922193
6:17 p.m.
That is Good feedback. Thank you. We will updates the docs
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#issuecomment-192922893
6:17 p.m.
And cn is not the preferred match as you know ;-)
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#issuecomment-192922936
6:24 p.m.
On the ```SSLv23_method``` thing, some more verbose analysis is on the reSIProcate mailing
list
http://list.resiprocate.org/archive/resiprocate-devel/msg08801.html
Once there is a specific example with ```From``` header validation and it is in the Debian
and Fedora packages, would you like to contribute a pull request about it for the RTC
Quick Start Guide?
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#issuecomment-192926050
1 Apr
1 Apr
9:27 a.m.
New subject: [kamailio/kamailio] Enhance TLS module README with better examples and more explanations (#531)
Updated the title to indicate what needs to be changed in Kamailio.
---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#issuecomment-204268174
27 Sep
27 Sep
1:23 p.m.
New subject: [kamailio/kamailio] Enhance TLS module README with better examples and more explanations (#531)
Over the time there were several improvements to the tls docs. I just did some updates to
overview/getting started, to refer to the fact that default kamailio.cfg has tls inside
and needs to be enabled via #!define WITH_TLS. The provided tls.cfg has more examples of
profiles. tls method doc section is listing now all available options for it.
I am closing this issue, if something else is wanted, open a new one with what is (still)
missing/should be added.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#issuecomment-425039146
1:23 p.m.
New subject: [kamailio/kamailio] Enhance TLS module README with better examples and more explanations (#531)
Closed #531.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#event-1870665067
2248
days inactive
3183
days old
8 comments
3 participants
participants (3)
-
Daniel Pocock -
Daniel-Constantin Mierla
-
Olle E. Johansson