Module: kamailio Branch: master Commit: e3e0e52ca4a06f72f5139623116d1c8bc119b1e3 URL: https://github.com/kamailio/kamailio/commit/e3e0e52ca4a06f72f5139623116d1c8… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2015-11-12T14:42:12+01:00 tls: document matching on server_id for oubound connections --- Modified: modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/e3e0e52ca4a06f72f5139623116d1c8… Patch: https://github.com/kamailio/kamailio/commit/e3e0e52ca4a06f72f5139623116d1c8… --- diff --git a/modules/tls/doc/params.xml b/modules/tls/doc/params.xml index dc40322..397e83f 100644 --- a/modules/tls/doc/params.xml +++ b/modules/tls/doc/params.xml @@ -1031,8 +1031,17 @@ modparam("tls", "renegotiation", 1) <listitem><para>crl</para></listitem> <listitem><para>cipher_list</para></listitem> <listitem><para>server_name</para></listitem> + <listitem><para>server_id</para></listitem> </itemizedlist> <para> + The value for server_id can be any string, being used to match TLS + client config profile, overriding the match on ip:port and + server_name. This is the recommended way for selecting a specific + TLS client config profile, because the local or remote port is hard + to predict for a stream connection - see parameter xavp_cfg to learn + how to enable it. + </para> + <para> All the parameters that take filenames as values will be resolved using the same rules as for the tls config filename itself: starting with a '.' means relative to the working directory, a '/' means an @@ -1071,6 +1080,16 @@ verify_depth = 3 ca_list = local_ca.pem server_name = kamailio.org +[client:127.0.0.1:5061] +method = TLSv1 +verify_certificate = yes +require_certificate = yes +private_key = default_key.pem +certificate = default_cert.pem +ca_list = default_ca.pem +crl = default_crl.pem +server_name = kamailio.org +server_id = kamailio.org </programlisting> </example> <para> @@ -1108,6 +1127,12 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") </para> <itemizedlist> <listitem><para>server_name - SNI to be used for outbound connections</para></listitem> + <listitem><para>server_id - string value to be used to match TLS config profile + for client (outbound) connections. If it is set, matching the TLS config + profile is done first on server_id and then on ip:port and server_name. + This is the recommended way for selecting a specific TLS client config + profile as the local or remote port is hard to predict for a stream + connection.</para></listitem> </itemizedlist> <para> The default value is empty (not set). @@ -1119,6 +1144,7 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") modparam("tls", "xavp_cfg", "tls") ... $xavp(tls=>server_name) = "kamailio.org"; + $xavp(tls=>server_id) = "kamailio.org"; $du = "sip:kamailio.org:5061;transport=tls"; route(RELAY); ...