<!-- Kamailio Pull Request Template --> <!-- IMPORTANT: - for detailed contributing guidelines, read: https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md - pull requests must be done to master branch, unless they are backports of fixes from master branch to a stable branch - backports to stable branches must be done with 'git cherry-pick -x ...' - code is contributed under BSD for core and main components (tm, sl, auth, tls) - code is contributed GPLv2 or a compatible license for the other components - GPL code is contributed with OpenSSL licensing exception --> #### Pre-Submission Checklist <!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply --> <!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above--> <!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list --> - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [x] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [ ] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description The created ssl context in the `db_redis` and `ndb_redis` modules does not use client certificates [1], [2] which is against the default in current Redis configurations [3]. The used Redis server therefore needs to be configured to not use tls-auth-clients [3]. Without setting this configuration in Redis, no TLS connection to the Redis server can be established, since Redis will not accept unsigned/not-validated client certificates. There is also a small typo in "ac_path" in both docs which was fixed to "ca_path", added with some more specification to _which_ certificate is validated. [1]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892a… [2]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892a… [3]: https://redis.io/docs/management/security/encryption/#client-certificate-au… You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3804 -- Commit Summary -- * db_redis: docs - refine docs regarding client certificates [skip ci] * ndb_redis: docs - refine docs regarding client certificates [skip ci] -- File Changes -- M src/modules/db_redis/doc/db_redis_admin.xml (10) M src/modules/ndb_redis/doc/ndb_redis_admin.xml (10) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3804.patch https://github.com/kamailio/kamailio/pull/3804.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3804 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3804(a)github.com>