git:master:f1f5ec13: modules: readme files regenerated - tls ... [skip ci] - sr-dev

27 Sep 2018

Module: kamailio
Branch: master
Commit: f1f5ec13937ae14aee0c1610dd1dcd2e1100966b
URL: https://github.com/kamailio/kamailio/commit/f1f5ec13937ae14aee0c1610dd1dcd2e...
Author: Kamailio Dev kamailio.dev@kamailio.org
Committer: Kamailio Dev kamailio.dev@kamailio.org
Date: 2018-09-27T12:31:37+02:00
modules: readme files regenerated - tls ... [skip ci]
---
Modified: src/modules/tls/README
---
Diff:  https://github.com/kamailio/kamailio/commit/f1f5ec13937ae14aee0c1610dd1dcd2e...
Patch: https://github.com/kamailio/kamailio/commit/f1f5ec13937ae14aee0c1610dd1dcd2e...
---

diff --git a/src/modules/tls/README b/src/modules/tls/README
index 578333ea44..3ea60f8949 100644
--- a/src/modules/tls/README
+++ b/src/modules/tls/README
@@ -91,7 +91,7 @@ Olle E. Johansson
List of Examples
-   1.1. Quick start config
+   1.1. Quick Start Basic Config
    1.2. Compiling TLS with Debug Messages
    1.3. Set tls_method parameter
    1.4. Set certificate parameter
@@ -223,24 +223,38 @@ Chapter 1. Admin Guide
2. Quick Start
-   Make sure you have a proper certificate and private key and either use
-   the certificate and private_key module parameters, or make sure the
-   certificate and key are in the same PEM file, named cert.pem an placed
-   in [your-cfg-install-prefix]/etc/kamailio/. Don't forget to load the
-   tls module and to enable TLS (add enable_tls=yes to your config).
+   The default kamailio.cfg file has basic tls support included, it has to
+   be enabled with "#!define WITH_TLS" directive.
-   Example 1.1. Quick start config
+   The most important parameters to set the path to the public certificate
+   and private key files. You can either have them in different file or in
+   the same file in PEM format. The parameters for them are certificate
+   and private_key. They can be given as modparam or or provided in the
+   profiles of tls.cfg file.
+
+   When installing tls module of kamailio, a sample 'tls.cfg' file is
+   deployed in the same folder with 'kamailio.cfg', along with freshly
+   generated self signed certificates.
+
+   HINT: be sure you have enable_tls=yes to your kamailio.cfg.
+
+   Example 1.1. Quick Start Basic Config
 #...
-loadmodule "modules/tls/tls.so"
+loadmodule "sl.so"
+loadmodule "tls.so"
-modparam("tls", "private_key", "./andrei-test.pem")
-modparam("tls", "certificate", "./andrei-test.pem")
+modparam("tls", "private_key", "./server-test.pem")
+modparam("tls", "certificate", "./server-test.pem")
 modparam("tls", "ca_list", "./calist.pem")
enable_tls=yes
-route{
-        # ....
+request_route {
+        if(proto != TLS) {
+                sl_send_reply("403", "Accepting TLS Only");
+                exit;
+        }
+        ...
 }
3. Important Notes
@@ -1445,14 +1459,16 @@ modparam("tls", "engine_algorithms", "ALL")
11.1. is_peer_verified()
-   Returns true if the connection on which the message was received is TLS
-   , the peer presented an X509 certificate and the certificate chain
-   verified ok. It can be used only in a request route.
+   Returns true if the connection on which the message was received is
+   TLS, the peer presented an X509 certificate and the certificate chain
+   verified ok.
+
+   It can be used only in a request route.
Example 1.45. is_peer_verified usage
-        if (proto==TLS && !is_peer_verified()){
+        if (proto==TLS && !is_peer_verified()) {
                 sl_send_reply("400", "No certificate or verification failed");
-                drop;
+                exit;
         }
12. RPC Commands

    