sr-dev September 2010

sr-dev@lists.kamailio.org

25 participants
222 discussions

git:master: xmlrpc: fixed c&p module name error

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: 72ac3f486280d1ad15edfb3d39d8f1859aadb374 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=72ac3f4… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Sep 12 11:47:37 2010 +0200 xmlrpc: fixed c&p module name error - reported by Juha Heinannen --- modules/xmlrpc/README | 4 ++-- modules/xmlrpc/doc/params.xml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/xmlrpc/README b/modules/xmlrpc/README index 7d6cba4..dcf2ae8 100644 --- a/modules/xmlrpc/README +++ b/modules/xmlrpc/README @@ -589,7 +589,7 @@ modparam("xmlrpc", "mode", 1) Example 7. Set url_skip parameter ... -modparam("xhttp", "url_skip", "^/sip") +modparam("xmlrpc", "url_skip", "^/sip") ... 1.5.7. url_match (str) @@ -603,7 +603,7 @@ modparam("xhttp", "url_skip", "^/sip") Example 8. Set url_match parameter ... -modparam("xhttp", "url_match", "^/RPC2") +modparam("xmlrpc", "url_match", "^/RPC2") ... 1.6. Functions diff --git a/modules/xmlrpc/doc/params.xml b/modules/xmlrpc/doc/params.xml index 5cd120a..d9bee27 100644 --- a/modules/xmlrpc/doc/params.xml +++ b/modules/xmlrpc/doc/params.xml @@ -149,7 +149,7 @@ modparam("xmlrpc", "mode", 1) <title>Set <varname>url_skip</varname> parameter</title> <programlisting format="linespecific"> ... -modparam("xhttp", "url_skip", "^/sip") +modparam("xmlrpc", "url_skip", "^/sip") ... </programlisting> </example> @@ -171,7 +171,7 @@ modparam("xhttp", "url_skip", "^/sip") <title>Set <varname>url_match</varname> parameter</title> <programlisting format="linespecific"> ... -modparam("xhttp", "url_match", "^/RPC2") +modparam("xmlrpc", "url_match", "^/RPC2") ... </programlisting> </example>

14 years, 1 month

git:master: xmlrpc: fixed non-sip filter out

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: e02225e4405bc422daa4971fcc0ff87fab713e01 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e02225e… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Fri Sep 10 21:38:31 2010 +0200 xmlrpc: fixed non-sip filter out - issue introduced in previous commit --- modules/xmlrpc/xmlrpc.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules/xmlrpc/xmlrpc.c b/modules/xmlrpc/xmlrpc.c index 90dd397..17cd6de 100644 --- a/modules/xmlrpc/xmlrpc.c +++ b/modules/xmlrpc/xmlrpc.c @@ -2172,7 +2172,7 @@ static int process_xmlrpc(sip_msg_t* msg) char c; ret=NONSIP_MSG_DROP; - if (IS_HTTP(msg)) + if (!IS_HTTP(msg)) return NONSIP_MSG_PASS; if(xmlrpc_url_skip!=NULL || xmlrpc_url_match!=NULL)

14 years, 1 month

[tracker] Task closed: In daemonize mode parent process should exit with error (-1) if main process fails to start

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task is now closed: FS#66 - In daemonize mode parent process should exit with error (-1) if main process fails to start User who did this - Andrei Pelinescu-Onciul (andrei) Reason for closing: Implemented Additional comments about closing: Implemented since GIT#9167c186. More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=66 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 1 month

[tracker] Task closed: wrong type mismatch error

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task is now closed: FS#59 - wrong type mismatch error User who did this - Andrei Pelinescu-Onciul (andrei) Reason for closing: Not a bug More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=59 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 1 month

[tracker] Comment added: wrong type mismatch error

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#59 - wrong type mismatch error User who did this - Andrei Pelinescu-Onciul (andrei) ---------- All the selects are strings by definition (one cannot specify a different type for a select) and hence the error it's ok. If you know that one particular select will produce a string containing and integer, then force-convert it to int, e.g.: if ((int)(a)cfg_get.local.phone_timeout > 10) {...}. ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=59#comment129 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 1 month

[tracker] Task closed: more user friendly module function fixup system

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task is now closed: FS#61 - more user friendly module function fixup system User who did this - Andrei Pelinescu-Onciul (andrei) Reason for closing: Won't fix Additional comments about closing: Something similar can be achieved by not specifying any fixup and using core-autoconversion (see comments). More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=61 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 1 month

[tracker] Comment added: more user friendly module function fixup system

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#61 - more user friendly module function fixup system User who did this - Andrei Pelinescu-Onciul (andrei) ---------- Since GIT#99cff51099 one doesn't not have to specify any fixup for string or any type of variable type arguments. Everything will be converted to string by the core (but note that vars will not be auto-converted if quoted, if you need that you probably need one of the fixup_var_str_12() or fixup_var_pve_str_12()). E.g.: f($a, "$a = " + $a) will work automatically. For ints, either convert the string argument to int by hand, or use fixup_var_int_12() as fixup and then access the args with get_int_fparam(). ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=61#comment128 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 1 month

[tracker] Task changed: Add support of PVs in Regular Expression Transformations

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has been changed. The changes are listed below. For full information about what has changed, visit the URL and click the History tab. FS#70 - Add support of PVs in Regular Expression Transformations User who did this: Andrei Pelinescu-Onciul (andrei) Priority: Normal -> Low Assigned To: Andrei Pelinescu-Onciul -> Daniel-Constantin Mierla More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=70 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 1 month

[tracker] Task changed: SDP parsing when dealing with multi-part bodies

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has been changed. The changes are listed below. For full information about what has changed, visit the URL and click the History tab. FS#73 - SDP parsing when dealing with multi-part bodies User who did this: Andrei Pelinescu-Onciul (andrei) Assigned To: Andrei Pelinescu-Onciul -> Ovidiu Sas More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=73 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 1 month

git:master: tls: doc - CRL howto and expected default ca section

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 3f48edc9726e2402756ec1e307698c482db471bf URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=3f48edc… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Thu Sep 9 22:08:29 2010 +0200 tls: doc - CRL howto and expected default ca section - note about the expected default_ca section paths in openssl.cnf (dir = ./demoCA a.s.o), needed for the example/howto to work. - added a section about revoking a certificate --- modules/tls/README | 63 +++++++++++++++++++++++++++++++++++---- modules/tls/doc/certs_howto.xml | 62 +++++++++++++++++++++++++++++++++++--- 2 files changed, 114 insertions(+), 11 deletions(-) diff --git a/modules/tls/README b/modules/tls/README index 8d5cb83..24fe818 100644 --- a/modules/tls/README +++ b/modules/tls/README @@ -223,6 +223,43 @@ make -C modules/tls extra_defs="-DTLS_WR_DEBUG -DTLS_RD_DEBUG" keys), so make sure the corresponding files are readable only by trusted people. You should use a password for your CA private key. +Assumptions +------------ + +The default openssl configuration (usually /etc/ssl/openssl.cnf) +default_ca section is the one distributed with openssl and uses the default +directories: + +... + +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +... + +If this is not the case create a new openssl config file that uses the above +paths for the default CA and add to all the openssl commands: + -config filename. E.g.: + openssl ca -config my_openssl.cnf -in ser1_cert_req.pem -out ser1_cert.p +em + + Creating CA certificate ----------------------- 1. create CA dir @@ -235,6 +272,7 @@ Creating CA certificate mkdir demoCA/newcerts touch demoCA/index.txt echo 01 >demoCA/serial + echo 01 >demoCA/crlnumber 2. create CA private key openssl genrsa -out demoCA/private/cakey.pem 2048 @@ -249,7 +287,8 @@ Creating a server/client certificate ------------------------------------ 1. create a certificate request (and its private key in privkey.pem) openssl req -out ser1_cert_req.pem -new -nodes - WARNING: the organization name should be the same as in the ca certificate. + WARNING: the organization name should be the same as in the ca certifica +te. 2. sign it with the ca certificate openssl ca -in ser1_cert_req.pem -out ser1_cert.pem @@ -265,8 +304,7 @@ Setting sip-router to use the certificate 2. copy your sip-router certificate, private key and ca list file to your intended machine (preferably in your sip-router configuration directory, - this is the - default place sip-router searches for) + this is the default place sip-router searches for). 3. set up sip-router.cfg to use the certificate if your ser certificate name is different from cert.pem or it is not @@ -275,9 +313,8 @@ Setting sip-router to use the certificate 4. set up sip-router to use the private key if your private key is not contained in the same file as the certificate - (or the - certificate name is not the default cert.pem), add to your sip-router.c -fg: + (or the certificate name is not the default cert.pem), add to your + sip-router.cfg: modparam("tls", "private_key", "/path/private_key_file") 5. set up sip-router to use the ca list (optional) @@ -289,6 +326,20 @@ fg: modparam("tls", "require_certificate", 1) (for more information see the module parameters documentation) + +Revoking a certificate and using a CRL +-------------------------------------- +1. revoking a certificate: + openssl ca -revoke bad_cert.pem + +2. generate/update the certificate revocation list: + openssl ca -gencrl -out my_crl.pem + +3. copy my_crl.pem to your ser config. dir + +4. set up sip-router to use the CRL: + modparam("tls", "crl", "path/my_crl.pem") + 1.9. Parameters Revision History diff --git a/modules/tls/doc/certs_howto.xml b/modules/tls/doc/certs_howto.xml index a5cdae1..f75461a 100644 --- a/modules/tls/doc/certs_howto.xml +++ b/modules/tls/doc/certs_howto.xml @@ -24,6 +24,41 @@ </para> <para> <programlisting> +Assumptions +------------ + +The default openssl configuration (usually /etc/ssl/openssl.cnf) +default_ca section is the one distributed with openssl and uses the default +directories: + +... + +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +... + +If this is not the case create a new openssl config file that uses the above +paths for the default CA and add to all the openssl commands: + -config filename. E.g.: + openssl ca -config my_openssl.cnf -in ser1_cert_req.pem -out ser1_cert.pem + Creating CA certificate ----------------------- @@ -37,6 +72,7 @@ Creating CA certificate mkdir demoCA/newcerts touch demoCA/index.txt echo 01 >demoCA/serial + echo 01 >demoCA/crlnumber 2. create CA private key openssl genrsa -out demoCA/private/cakey.pem 2048 @@ -50,7 +86,7 @@ Creating a server/client certificate ------------------------------------ 1. create a certificate request (and its private key in privkey.pem) openssl req -out ser1_cert_req.pem -new -nodes - WARNING: the organization name should be the same as in the ca certificate. + WARNING: the organization name should be the same as in the ca certificate. 2. sign it with the ca certificate openssl ca -in ser1_cert_req.pem -out ser1_cert.pem @@ -65,8 +101,8 @@ Setting sip-router to use the certificate cat cacert.pem >>calist.pem 2. copy your sip-router certificate, private key and ca list file to your - intended machine (preferably in your sip-router configuration directory, this is the - default place sip-router searches for) + intended machine (preferably in your sip-router configuration directory, + this is the default place sip-router searches for). 3. set up sip-router.cfg to use the certificate if your ser certificate name is different from cert.pem or it is not @@ -74,8 +110,9 @@ Setting sip-router to use the certificate modparam("tls", "certificate", "/path/cert_file_name") 4. set up sip-router to use the private key - if your private key is not contained in the same file as the certificate (or the - certificate name is not the default cert.pem), add to your sip-router.cfg: + if your private key is not contained in the same file as the certificate + (or the certificate name is not the default cert.pem), add to your + sip-router.cfg: modparam("tls", "private_key", "/path/private_key_file") 5. set up sip-router to use the ca list (optional) @@ -87,6 +124,21 @@ Setting sip-router to use the certificate modparam("tls", "require_certificate", 1) (for more information see the module parameters documentation) + +Revoking a certificate and using a CRL +-------------------------------------- +1. revoking a certificate: + openssl ca -revoke bad_cert.pem + +2. generate/update the certificate revocation list: + openssl ca -gencrl -out my_crl.pem + +3. copy my_crl.pem to your ser config. dir + +4. set up sip-router to use the CRL: + modparam("tls", "crl", "path/my_crl.pem") + + </programlisting> </para>

14 years, 1 month

← Newer
1
...
12
13
14
15
16
17
18
...
23
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev September 2010