On Sat, Oct 10, 2009 at 2:05 PM, Olle E. Johansson <oej(a)edvina.net> wrote:
10 okt 2009 kl. 14.04 skrev Jan Janak:
On Sat, Oct 10, 2009 at 1:58 PM, Olle E.
Johansson <oej(a)edvina.net> wrote:
<title><varname>config</varname> (string)</title>
<para>
Sets the name of the TLS specific config file.
</para> ;
<para>
If set the TLS module will load a special config file, in
which different TLS parameters can be specified on a per role (server or
client) and domain basis (for now only IPs). The corresponding module
parameters will be ignored.
</para>
Is this still valid - that we only configure tls on IP?
Currently yes. It is on my todo list to extend the configuration file
syntax to also support server names, but I am not there yet.
And we're in code freeze...
<para>
This documentation is incomplete. The select
framework and rpc sections are completely missing.
</para>
Is this also on someone's list? Documentation is still open although code is
frozen... ;-)
It is not on mine, so probably not :-). Documenting selects and RPCs
for TLS module would be very helpful if you have the time.
We have to RPC commands, tls.reload and tls.list. The command
tls.reload can be used to reload the TLS configuration file at
runtime. The command tls.list lists all active TLS connections, the
output of tls.list contains the following fields: id, timeout, src_ip,
src_port, dst_ip, dst_port, and tls (extra TLS information, such as
ciphers used).
The module supports both Kamailio TLS PVs and SER selects. They are
both implemented in file tls_select.c. That's where you can get the
list of currently implemented PVs.
The list of implemented TLS selects is here:
http://sip-router.org/wiki/cookbooks/selects/devel
look for selects starting with @tls. Note that there are aliases, so
@tls.peer.cn, @tls.peer.commonName, @tls.peer.common_name, and
@tls.peer.name all implement the same thing. I think we should
document just one variant, for example all names that use _ as
delimiter.
Jan.