sr-dev October 2019

sr-dev@lists.kamailio.org

22 participants
436 discussions

git:5.2:e10d4f02: modules: readme files regenerated - modules ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: 5.2 Commit: e10d4f0224132952ebb9411b06d173b5520b5509 URL: https://github.com/kamailio/kamailio/commit/e10d4f0224132952ebb9411b06d173b… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2019-10-15T15:17:01+02:00 modules: readme files regenerated - modules ... [skip ci] --- Modified: src/modules/tls/README --- Diff: https://github.com/kamailio/kamailio/commit/e10d4f0224132952ebb9411b06d173b… Patch: https://github.com/kamailio/kamailio/commit/e10d4f0224132952ebb9411b06d173b… --- diff --git a/src/modules/tls/README b/src/modules/tls/README index 55a2f93a09..c02343ca3a 100644 --- a/src/modules/tls/README +++ b/src/modules/tls/README @@ -614,6 +614,8 @@ Place holder 10.1. tls_method (string) Sets the TLS protocol method. Possible values are: + * TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted + (available starting with openssl/libssl v1.1.1) * TLSv1.2 - only TLSv1.2 connections are accepted (available starting with openssl/libssl v1.0.1e) * TLSv1.1+ - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted

4 years, 8 months

git:5.3:98e22d5e: modules: readme files regenerated - modules ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: 5.3 Commit: 98e22d5e11be5ef9e669635ea472ffe4f1d81e42 URL: https://github.com/kamailio/kamailio/commit/98e22d5e11be5ef9e669635ea472ffe… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2019-10-15T15:16:40+02:00 modules: readme files regenerated - modules ... [skip ci] --- Modified: src/modules/tls/README --- Diff: https://github.com/kamailio/kamailio/commit/98e22d5e11be5ef9e669635ea472ffe… Patch: https://github.com/kamailio/kamailio/commit/98e22d5e11be5ef9e669635ea472ffe… --- diff --git a/src/modules/tls/README b/src/modules/tls/README index 3f40adf0f0..a625036a92 100644 --- a/src/modules/tls/README +++ b/src/modules/tls/README @@ -617,6 +617,8 @@ Place holder 10.1. tls_method (string) Sets the TLS protocol method. Possible values are: + * TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted + (available starting with openssl/libssl v1.1.1) * TLSv1.2 - only TLSv1.2 connections are accepted (available starting with openssl/libssl v1.0.1e) * TLSv1.1+ - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted @@ -1436,6 +1438,7 @@ end * krand - use internal kam_rand() function * fastrand - use internal fastrand (ISAAC) function * cryptorand - use internal cryptorand (Fortuna) function + * kxlibssl - default libssl rand engine wrapped by a Kamailio mutex Note: the krand and fastrand engines are not recommended for use on systems requiring strong security, as they may not generate numbers

4 years, 8 months

git:master:33b174b9: modules: readme files regenerated - tls ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: master Commit: 33b174b979a0c8f3057e82089fb840cff69e380e URL: https://github.com/kamailio/kamailio/commit/33b174b979a0c8f3057e82089fb840c… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2019-10-15T15:16:23+02:00 modules: readme files regenerated - tls ... [skip ci] --- Modified: src/modules/tls/README --- Diff: https://github.com/kamailio/kamailio/commit/33b174b979a0c8f3057e82089fb840c… Patch: https://github.com/kamailio/kamailio/commit/33b174b979a0c8f3057e82089fb840c… --- diff --git a/src/modules/tls/README b/src/modules/tls/README index c3b40949ca..a625036a92 100644 --- a/src/modules/tls/README +++ b/src/modules/tls/README @@ -617,6 +617,8 @@ Place holder 10.1. tls_method (string) Sets the TLS protocol method. Possible values are: + * TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted + (available starting with openssl/libssl v1.1.1) * TLSv1.2 - only TLSv1.2 connections are accepted (available starting with openssl/libssl v1.0.1e) * TLSv1.1+ - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted

4 years, 8 months

git:5.3:dc41cb04: tls: fix missing TLSv1.2+ parameter documentation

by Henning Westerholt

Module: kamailio Branch: 5.3 Commit: dc41cb04a5af37192ac5363bb939efb3a45efe90 URL: https://github.com/kamailio/kamailio/commit/dc41cb04a5af37192ac5363bb939efb… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T15:16:12+02:00 tls: fix missing TLSv1.2+ parameter documentation (cherry picked from commit 5e00109fabe3507f1c20cbef80348e72ddb78cc8) --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/dc41cb04a5af37192ac5363bb939efb… Patch: https://github.com/kamailio/kamailio/commit/dc41cb04a5af37192ac5363bb939efb… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 301183c566..2d627876bc 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -19,6 +19,12 @@ Sets the TLS protocol method. Possible values are: </para> <itemizedlist> + <listitem> + <para> + <emphasis>TLSv1.2+</emphasis> - TLSv1.2 or newer (TLSv1.3, ...) + connections are accepted (available starting with openssl/libssl v1.1.1) + </para> + </listitem> <listitem> <para> <emphasis>TLSv1.2</emphasis> - only TLSv1.2 connections are accepted

4 years, 8 months

git:5.2:597ac3f5: tls: fix missing TLSv1.2+ parameter documentation

by Henning Westerholt

Module: kamailio Branch: 5.2 Commit: 597ac3f589b82982c02631f3dc8b7962969b9645 URL: https://github.com/kamailio/kamailio/commit/597ac3f589b82982c02631f3dc8b796… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T15:15:56+02:00 tls: fix missing TLSv1.2+ parameter documentation (cherry picked from commit 5e00109fabe3507f1c20cbef80348e72ddb78cc8) --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/597ac3f589b82982c02631f3dc8b796… Patch: https://github.com/kamailio/kamailio/commit/597ac3f589b82982c02631f3dc8b796… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 301183c566..2d627876bc 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -19,6 +19,12 @@ Sets the TLS protocol method. Possible values are: </para> <itemizedlist> + <listitem> + <para> + <emphasis>TLSv1.2+</emphasis> - TLSv1.2 or newer (TLSv1.3, ...) + connections are accepted (available starting with openssl/libssl v1.1.1) + </para> + </listitem> <listitem> <para> <emphasis>TLSv1.2</emphasis> - only TLSv1.2 connections are accepted

4 years, 8 months

git:5.1:4b480e6a: tls: fix missing TLSv1.2+ parameter documentation

by Henning Westerholt

Module: kamailio Branch: 5.1 Commit: 4b480e6abac93bef6ae9a571db6e72192f3be4b2 URL: https://github.com/kamailio/kamailio/commit/4b480e6abac93bef6ae9a571db6e721… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T15:15:38+02:00 tls: fix missing TLSv1.2+ parameter documentation (cherry picked from commit 5e00109fabe3507f1c20cbef80348e72ddb78cc8) --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/4b480e6abac93bef6ae9a571db6e721… Patch: https://github.com/kamailio/kamailio/commit/4b480e6abac93bef6ae9a571db6e721… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index e3d236dea4..2839b62658 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -19,6 +19,12 @@ Sets the TLS protocol method. Possible values are: </para> <itemizedlist> + <listitem> + <para> + <emphasis>TLSv1.2+</emphasis> - TLSv1.2 or newer (TLSv1.3, ...) + connections are accepted (available starting with openssl/libssl v1.1.1) + </para> + </listitem> <listitem> <para> <emphasis>TLSv1.2</emphasis> - only TLSv1.2 connections are accepted

4 years, 8 months

git:master:aedd2c64: tls: add TLSv1.2+ to example configuration

by Henning Westerholt

Module: kamailio Branch: master Commit: aedd2c6470feb6410605110e8e31eca8b43feefb URL: https://github.com/kamailio/kamailio/commit/aedd2c6470feb6410605110e8e31eca… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T15:13:32+02:00 tls: add TLSv1.2+ to example configuration --- Modified: src/modules/tls/tls.cfg --- Diff: https://github.com/kamailio/kamailio/commit/aedd2c6470feb6410605110e8e31eca… Patch: https://github.com/kamailio/kamailio/commit/aedd2c6470feb6410605110e8e31eca… --- diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg index d8b20049ae..1bfdfc6919 100644 --- a/src/modules/tls/tls.cfg +++ b/src/modules/tls/tls.cfg @@ -8,12 +8,12 @@ # connections that do not match any other server # domain in this configuration file. # -# We do not enable anything else than TLSv1.2 +# We do not enable anything else than TLSv1.2+ # over the public internet. Clients do not have # to present client certificates by default. # [server:default] -method = TLSv1.2 +method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key @@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem # We require that servers present valid certificate. # [client:default] -#method = TLSv1.2 +#method = TLSv1.2+ verify_certificate = yes require_certificate = yes # --- # This is an example server domain for TLS connections # received from the loopback interface. We allow -# the use of TLSv1.2 protocols here, we do +# the use of TLSv1.2+ protocols here, we do # not require that clients present client certificates # but if they present it it must be valid. We also use # a special certificate and CA list for loopback # interface. # #[server:5.6.7.8:5061] -#method = TLSv1.2 +#method = TLSv1.2+ #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/local_key.pem @@ -76,7 +76,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (domain and subdomains) # #[server:any] -#method = TLSv1.2 +#method = TLSv1.2+ #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem @@ -93,7 +93,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (only subdomains) # #[server:any] -#method = TLSv1.2 +#method = TLSv1.2+ #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem

4 years, 8 months

git:master:5e00109f: tls: fix missing TLSv1.2+ parameter documentation

by Henning Westerholt

Module: kamailio Branch: master Commit: 5e00109fabe3507f1c20cbef80348e72ddb78cc8 URL: https://github.com/kamailio/kamailio/commit/5e00109fabe3507f1c20cbef80348e7… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T15:13:09+02:00 tls: fix missing TLSv1.2+ parameter documentation --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/5e00109fabe3507f1c20cbef80348e7… Patch: https://github.com/kamailio/kamailio/commit/5e00109fabe3507f1c20cbef80348e7… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 301183c566..2d627876bc 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -19,6 +19,12 @@ Sets the TLS protocol method. Possible values are: </para> <itemizedlist> + <listitem> + <para> + <emphasis>TLSv1.2+</emphasis> - TLSv1.2 or newer (TLSv1.3, ...) + connections are accepted (available starting with openssl/libssl v1.1.1) + </para> + </listitem> <listitem> <para> <emphasis>TLSv1.2</emphasis> - only TLSv1.2 connections are accepted

4 years, 8 months

git:5.3:c32bccf1: tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore

by Henning Westerholt

Module: kamailio Branch: 5.3 Commit: c32bccf1cebf70e512f16c15124db1c717e01769 URL: https://github.com/kamailio/kamailio/commit/c32bccf1cebf70e512f16c15124db1c… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T14:18:14+02:00 tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore (cherry picked from commit 3fa7b04cb6ac4170343455fa4f591fa95f7a3ff9) --- Modified: src/modules/tls/tls.cfg --- Diff: https://github.com/kamailio/kamailio/commit/c32bccf1cebf70e512f16c15124db1c… Patch: https://github.com/kamailio/kamailio/commit/c32bccf1cebf70e512f16c15124db1c… --- diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg index b84ba8fcfc..d8b20049ae 100644 --- a/src/modules/tls/tls.cfg +++ b/src/modules/tls/tls.cfg @@ -8,12 +8,12 @@ # connections that do not match any other server # domain in this configuration file. # -# We do not enable anything else than TLSv1 +# We do not enable anything else than TLSv1.2 # over the public internet. Clients do not have # to present client certificates by default. # [server:default] -method = TLSv1 +method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key @@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem # We require that servers present valid certificate. # [client:default] -#method = TLSv1 +#method = TLSv1.2 verify_certificate = yes require_certificate = yes # --- # This is an example server domain for TLS connections # received from the loopback interface. We allow -# the use of TLSv1 protocols here, we do +# the use of TLSv1.2 protocols here, we do # not require that clients present client certificates # but if they present it it must be valid. We also use # a special certificate and CA list for loopback # interface. # #[server:5.6.7.8:5061] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/local_key.pem @@ -76,7 +76,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (domain and subdomains) # #[server:any] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem @@ -93,7 +93,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (only subdomains) # #[server:any] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem

4 years, 8 months

git:5.3:7454cb89: dispatcher: add some debug logging for ds_update_state function

by Henning Westerholt

Module: kamailio Branch: 5.3 Commit: 7454cb8938df103ad77a3ec6c7eb733558ceea86 URL: https://github.com/kamailio/kamailio/commit/7454cb8938df103ad77a3ec6c7eb733… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T14:18:29+02:00 dispatcher: add some debug logging for ds_update_state function (cherry picked from commit 8ee71161f907201e1734a4b2476636cfb518dab3) --- Modified: src/modules/dispatcher/dispatch.c --- Diff: https://github.com/kamailio/kamailio/commit/7454cb8938df103ad77a3ec6c7eb733… Patch: https://github.com/kamailio/kamailio/commit/7454cb8938df103ad77a3ec6c7eb733… --- diff --git a/src/modules/dispatcher/dispatch.c b/src/modules/dispatcher/dispatch.c index a3c33a0cbb..483ddb418f 100644 --- a/src/modules/dispatcher/dispatch.c +++ b/src/modules/dispatcher/dispatch.c @@ -2688,6 +2688,7 @@ int ds_update_state(sip_msg_t *msg, int group, str *address, int state) LM_ERR("destination set [%d] not found\n", group); return -1; } + LM_DBG("update state for %.*s in group %d to %d\n", address->len, address->s, group, state); while(i < idx->nr) { if(idx->dlist[i].uri.len == address->len @@ -2718,12 +2719,15 @@ int ds_update_state(sip_msg_t *msg, int group, str *address, int state) if(state & DS_TRYING_DST) { idx->dlist[i].message_count++; + LM_DBG("destination did not replied %d times, threshold %d\n", + idx->dlist[i].message_count, probing_threshold); /* Destination is not replying.. Increasing failure counter */ if(idx->dlist[i].message_count >= probing_threshold) { - /* Destionation has too much lost messages.. Bringing it to inactive state */ + /* Destination has too much lost messages.. Bringing it to inactive state */ idx->dlist[i].flags &= ~DS_TRYING_DST; idx->dlist[i].flags |= DS_INACTIVE_DST; idx->dlist[i].message_count = 0; + LM_DBG("deactivate destination, threshold %d reached\n", probing_threshold); } } else { if(!(init_state & DS_TRYING_DST) @@ -2733,9 +2737,12 @@ int ds_update_state(sip_msg_t *msg, int group, str *address, int state) if(idx->dlist[i].message_count < inactive_threshold) { /* Destination has not enough successful replies.. Leaving it into inactive state */ idx->dlist[i].flags |= DS_INACTIVE_DST; + LM_DBG("destination replied successful %d times, threshold %d\n", + idx->dlist[i].message_count, inactive_threshold); } else { /* Destination has enough replied messages.. Bringing it to active state */ idx->dlist[i].message_count = 0; + LM_DBG("activate destination, threshold %d reached\n", inactive_threshold); } } else { idx->dlist[i].message_count = 0; @@ -2753,6 +2760,7 @@ int ds_update_state(sip_msg_t *msg, int group, str *address, int state) ds_reinit_rweight_on_state_change( old_state, idx->dlist[i].flags, idx); + LM_DBG("old state was %d, set new state to %d\n", old_state, idx->dlist[i].flags); return 0; } i++;

4 years, 8 months

← Newer
1
...
21
22
23
24
25
26
27
...
44
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev October 2019