3 May
2005
3 May
'05
4:38 p.m.
Hi everybody,
The last i sent is a replacement as a whole for the original code sent by P. Griffiths.
Sorry i forgot to mention that.
The patches for cfg.y and cfg.lex are both in the same file (patch.core.cfg..files.diff)
within the zip. I was lazy :)
I resent it as a whole, and not as a diff, because i indented all the code with tabs,
instead of spaces (so a diff would be bigger than just sending all the files).
As for the CVS thing ... i agree with Juha. Either gets into the "official" cvs
or we do something about it. The code i think is rather stable as it is (i only tested on
my debian linux box, soon i will try on an ARM linux and i will report back on that too).
For me, as long as it gets into a CVS, i don't care if it is mantained against HEAD or
0.9.0 (i use 0.9.0 .... so all my patches are against it).
On a more philosophical level, i understand the "quietness" on iptel's side
... they have their own version, and make money on it. But the thing is that this free
version is here to stay ... it is the "problem" of opensource.
Another option would be for them to release their proprietary implementation if they feel
that it is a better, more tested one.
In any case, i think that this whole thing needs to be decided fast.
Regards!
Cesc
>> Alex Mack <amack(a)fhm.edu> 05/03/05
01:26PM >>>
Hi Cesc!
Nice to have those fixes in a package.
Is your cfg.y-patch to be applied *after* cfg.y.patch was applied or
*instead* of cfg.y.patch?
Or is your version a patched one which replaces the original
implementation as a whole? In that case where's cfg.lex.patch?
Alex Mack
Cesc Santasusana schrieb:
Hi,
I really hate to be so pushy, but i dont understand how such an important piece of code as
TLS is not moving on into CVS ... or anywhere else by this matter. I will keep sending
patches till i get tired (soon).
Anyway ... i thought someone may be interested in a compilation fix for cfg.y introduced
with the tls_domains (it would not compile if the cfg.y file had been patched but the
tls-core files were not there); a bug fix for the session caching (fixed by turning
session caching and resumption off); and an extension (the ability to choose the list of
allowed ciphers from the config file). Oh, and all the files have been tabbed, instead of
spaced (for indentation).
Enjoy!
Cesc
Unclassified
------------------------------------------------------------------------
_______________________________________________
Serdev mailing list
serdev(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serdev
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
4 May
4 May
3:01 p.m.
Hi Cesc!
I compiled in your patch.
Now I'm facing a new problem: SER wants a client certificate from the
UA. Snom phones immediately reply with an ALERT and break up connection
upon the certificate requests. MS Messenger on the other hand sends at
least a reply - without certificate - and SER rejects the Client Hello
because of the missing client certificate:
tls_accept: Error in SSL:
tls_error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
did not return a certificate
Could you please provide some more documentation about the new TLS
options you added? It seems you've implemented support for client
certificates for a two-way certificate authorization - which would be a
good thing if supported by the UAs, which don't right now. So how can I
turn it off again and get back to server side certification?
Alex Mack
Cesc Santasusana schrieb:
Hi everybody,
The last i sent is a replacement as a whole for the original code sent by P. Griffiths.
Sorry i forgot to mention that.
The patches for cfg.y and cfg.lex are both in the same file (patch.core.cfg..files.diff)
within the zip. I was lazy :)
I resent it as a whole, and not as a diff, because i indented all the code with tabs,
instead of spaces (so a diff would be bigger than just sending all the files).
As for the CVS thing ... i agree with Juha. Either gets into the "official" cvs
or we do something about it. The code i think is rather stable as it is (i only tested on
my debian linux box, soon i will try on an ARM linux and i will report back on that too).
For me, as long as it gets into a CVS, i don't care if it is mantained against HEAD or
0.9.0 (i use 0.9.0 .... so all my patches are against it).
On a more philosophical level, i understand the "quietness" on iptel's side
... they have their own version, and make money on it. But the thing is that this free
version is here to stay ... it is the "problem" of opensource.
Another option would be for them to release their proprietary implementation if they feel
that it is a better, more tested one.
In any case, i think that this whole thing needs to be decided fast.
Regards!
Cesc
>>Alex Mack <amack(a)fhm.edu> 05/03/05
01:26PM >>>
>>
Hi Cesc!
Nice to have those fixes in a package.
Is your cfg.y-patch to be applied *after* cfg.y.patch was applied or
*instead* of cfg.y.patch?
Or is your version a patched one which replaces the original
implementation as a whole? In that case where's cfg.lex.patch?
Alex Mack
Cesc Santasusana schrieb:
Hi,
I really hate to be so pushy, but i dont understand how such an important piece of code as
TLS is not moving on into CVS ... or anywhere else by this matter. I will keep sending
patches till i get tired (soon).
Anyway ... i thought someone may be interested in a compilation fix for cfg.y introduced
with the tls_domains (it would not compile if the cfg.y file had been patched but the
tls-core files were not there); a bug fix for the session caching (fixed by turning
session caching and resumption off); and an extension (the ability to choose the list of
allowed ciphers from the config file). Oh, and all the files have been tabbed, instead of
spaced (for indentation).
Enjoy!
Cesc
Unclassified
------------------------------------------------------------------------
_______________________________________________
Serdev mailing list
serdev(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serdev
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7145
days inactive
7146
days old
1 comments
2 participants
participants (2)
-
Alex Mack -
Cesc Santasusana