Module: kamailio
Branch: master
Commit: 8d4653cc2e0113bcec4397657e27b8c19b1849a7
URL: https://github.com/kamailio/kamailio/commit/8d4653cc2e0113bcec4397657e27b8c…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2018-09-06T12:57:56+02:00
tls: tls.cfg - more sample tls domain profiles
- small edits to explanatory comments
---
Modified: src/modules/tls/tls.cfg
---
Diff: https://github.com/kamailio/kamailio/commit/8d4653cc2e0113bcec4397657e27b8c…
Patch: https://github.com/kamailio/kamailio/commit/8d4653cc2e0113bcec4397657e27b8c…
---
diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg
index dd25abd4ac..b84ba8fcfc 100644
--- a/src/modules/tls/tls.cfg
+++ b/src/modules/tls/tls.cfg
@@ -2,8 +2,9 @@
# Example Kamailio TLS Configuration File
#
-# This is the default server domain, settings
-# in this domain will be used for all incoming
+# ---
+# This is the default server domain profile.
+# Settings in this domain will be used for all incoming
# connections that do not match any other server
# domain in this configuration file.
#
@@ -20,8 +21,9 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
#ca_list = /usr/local/etc/kamailio/tls/cacert.pem
#crl = /usr/local/etc/kamailio/tls/crl.pem
-# This is the default client domain, settings
-# in this domain will be used for all outgoing
+# ---
+# This is the default client domain profile.
+# Settings in this domain will be used for all outgoing
# TLS connections that do not match any other
# client domain in this configuration file.
# We require that servers present valid certificate.
@@ -31,6 +33,7 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
verify_certificate = yes
require_certificate = yes
+# ---
# This is an example server domain for TLS connections
# received from the loopback interface. We allow
# the use of TLSv1 protocols here, we do
@@ -46,11 +49,12 @@ require_certificate = yes
#private_key = /usr/local/etc/kamailio/tls/local_key.pem
#certificate = /usr/local/etc/kamailio/tls/local_cert.pem
#verify_depth = 3
-#ca_list = local_ca.pem
-#crl = local_crl.pem
+#ca_list = /usr/local/etc/kamailio/tls/local_ca.pem
+#crl = /usr/local/etc/kamailio/tls/local_crl.pem
#server_name = kamailio.org
#server_id = kamailio.org
+# ---
# Special settings for connecting to the example.sip (1.2.3.4)
# public SIP server. We do not verify the certificate of the
# server because it can be expired. The server
@@ -60,9 +64,43 @@ require_certificate = yes
#
#[client:1.2.3.4:5061]
#verify_certificate = no
-#certificate = /usr/local/etc/kamailio/tls/example_client.pem
#private_key = /usr/local/etc/kamailio/tls/example_key.pem
+#certificate = /usr/local/etc/kamailio/tls/example_cert.pem
#ca_list = /usr/local/etc/kamailio/tls/example_ca.pem
#crl = /usr/local/etc/kamailio/tls/example_crl.pem
#server_name = example.sip
#server_id = example.sip
+
+# ---
+# Example server profile for listening on any ip/port
+# - it requires to have 'server_name' to match on SNI (domain and subdomains)
+#
+#[server:any]
+#method = TLSv1
+#verify_certificate = yes
+#require_certificate = no
+#private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem
+#certificate = /usr/local/etc/kamailio/tls/mysipserver_org_cert.pem
+#verify_depth = 3
+#ca_list = /usr/local/etc/kamailio/tls/mysipserver_org_ca.pem
+#crl = /usr/local/etc/kamailio/tls/mysipserver_org_crl.pem
+#server_name = mysipserver.org
+#server_name_mode = 1
+#server_id = mysipserver.org
+
+# ---
+# Example server profile for listening on any ip/port
+# - it requires to have 'server_name' to match on SNI (only subdomains)
+#
+#[server:any]
+#method = TLSv1
+#verify_certificate = yes
+#require_certificate = no
+#private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem
+#certificate = /usr/local/etc/kamailio/tls/mysipserver_net_cert.pem
+#verify_depth = 3
+#ca_list = /usr/local/etc/kamailio/tls/mysipserver_net_ca.pem
+#crl = /usr/local/etc/kamailio/tls/mysipserver_net_crl.pem
+#server_name = mysipserver.net
+#server_name_mode = 2
+#server_id = mysipserver.net