This latest commit implements some of the TODO's in the curl module.
- default client_cert, client_key, cacert and verifyserver modparams implemented
- added a cipher_suites modparam so the default list provided by libcurl can be overridden (e.g. enabling elliptic-curve ciphers)
- added per-connection value for verifyserver
Here are some followup questions for @oej or anyone else who may use the curl module.
Should the [verify_host](http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html) parameter be configurable as well as verify_peer?
Is the intention to make the client cert/key configurable per-connection?
If we add more parameters to the curlcon modparam, it will easily get unmanageable.
I suggest two modparams, curlcon and curlcon_param. The first sets up the url and parameters (this is unchanged). The second will add parameters to a curlcon that is already defined. E.g.
```
modparam("curl", "curlcon", "apione=>https://myserver.example.com/url;timeout=12")
modparam("curl", "curlcon_param", "apione=>verifyserver=1")
modparam("curl", "curlcon_param", "apione=>clientkey=/var/certs/myserver.example.com.pem")
```
Any thoughts? Have I missed anything else in this area?
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/481
-- Commit Summary --
* curl: Add client key/certificate to curl_connect
-- File Changes --
M modules/curl/curl.c (2)
M modules/curl/curl.h (6)
M modules/curl/curlcon.c (24)
M modules/curl/doc/curl_admin.xml (26)
M modules/curl/functions.c (113)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/481.patchhttps://github.com/kamailio/kamailio/pull/481.diff
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/481