sr-dev March 2024

sr-dev@lists.kamailio.org

14 participants
242 discussions

[kamailio/kamailio] Docs: TLS module known limitation needs clarifications (Issue #3717)

by Thierno IB. BARRY

### Description We recently deployed successfully Kamailio with TLS certificates. Now we would like to use let's encrypt certificate which expire after 3 months. Means we need to renew certificate approximatively every 2 months. But while reading docs, in [known limitations](https://kamailio.org/docs/modules/devel/modules/tls.html#tls.k… it says : > TLS specific config reloading is not safe, so for now better don't use it, especially under heavy traffic. We struggle to understand if this behaviour is risky and not recommended under heavy traffic for certificate renewal. The doc has been added initially by @poandrei 18 years ago in Feb 21 2007 (see [commit](https://github.com/kamailio/kamailio/commit/32e4977cdb9c1c9ca24c140…) While digging we came across few discussions Kamailio user groups which are saying "the opposite" (kind of): - [Comments by a co-founder of Kamailio ](https://www.mail-archive.com/sr-users@lists.kamailio.org/msg16014.html)stating that the old connections shouldn’t be affected by reload. - Comments by a Kamailio core developer stating that certificate reload is fine with the “reload” cmd ([link1](https://lists.kamailio.org/pipermail/sr-users/2022-February/114296.h…, [link2](https://github.com/kamailio/kamailio/issues/3305)) Plus in another section in docs: - [By definition :](https://kamailio.org/docs/modules/devel/modules/tls.html#tls.r.tls.reload) (the) existing active TLS connections are not terminated and they continue to use the old certificates. The new configuration will be used for new connections. So 18 years after, Is it safe to use `tls.reload` command in production and in heavy traffic for **TLS certificate renewal** ? Because it sounds scary and confusing. So the documentation as it is, really needs clarifications to let users know which risk they're taking when running the `tls.reload` command.  ### Expected behavior The document should clearly documents risks, at least for certificate renewal. #### Actual observed behavior Docs and Kamailio user/dev groups are confusing. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3717 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3717(a)github.com>

9 months, 1 week

git:5.8:d6cd0859: file_out: Fix var position and initialize

by Xenofon Karamanos

Module: kamailio Branch: 5.8 Commit: d6cd0859158a8013e998ec779e956a550b493934 URL: https://github.com/kamailio/kamailio/commit/d6cd0859158a8013e998ec779e956a5… Author: Xenofon Karamanos <22965395+xkaraman(a)users.noreply.github.com> Committer: Xenofon Karamanos <22965395+xkaraman(a)users.noreply.github.com> Date: 2024-03-14T16:49:27Z file_out: Fix var position and initialize (cherry picked from commit e36b2232e9b097794845659f71543bc57ef58a35) --- Modified: src/modules/file_out/file_out.c --- Diff: https://github.com/kamailio/kamailio/commit/d6cd0859158a8013e998ec779e956a5… Patch: https://github.com/kamailio/kamailio/commit/d6cd0859158a8013e998ec779e956a5… --- diff --git a/src/modules/file_out/file_out.c b/src/modules/file_out/file_out.c index ad055f1852c..549eaa6e48f 100644 --- a/src/modules/file_out/file_out.c +++ b/src/modules/file_out/file_out.c @@ -545,7 +545,10 @@ static int fo_get_full_path(const int index, char *full_path) static int fo_write_to_file(sip_msg_t *msg, char *index, char *log_message) { int result, file_index; - str fo_prefix_str, fo_prefix_val; + str fo_prefix_str = str_init(""); + str fo_prefix_val = str_init(""); + str value = str_init(""); + fo_log_message_t logMessage = {0, 0, 0}; if(index == NULL || log_message == NULL) { LM_ERR("filename or log_messsage is NULL\n"); @@ -558,7 +561,6 @@ static int fo_write_to_file(sip_msg_t *msg, char *index, char *log_message) return -1; } - str value = str_init(""); result = get_str_fparam(&value, msg, (fparam_t *)log_message); if(result < 0) { LM_ERR("Failed to get string from param 1: %d\n", result); @@ -576,7 +578,6 @@ static int fo_write_to_file(sip_msg_t *msg, char *index, char *log_message) } /* Add the logging string to the global gueue */ - fo_log_message_t logMessage = {0, 0, 0}; logMessage.prefix = &fo_prefix_val; logMessage.message = &value; logMessage.dest_file = file_index;

9 months, 1 week

git:master:e36b2232: file_out: Fix var position and initialize

by Xenofon Karamanos

Module: kamailio Branch: master Commit: e36b2232e9b097794845659f71543bc57ef58a35 URL: https://github.com/kamailio/kamailio/commit/e36b2232e9b097794845659f71543bc… Author: Xenofon Karamanos <22965395+xkaraman(a)users.noreply.github.com> Committer: Xenofon Karamanos <22965395+xkaraman(a)users.noreply.github.com> Date: 2024-03-14T16:47:28Z file_out: Fix var position and initialize --- Modified: src/modules/file_out/file_out.c --- Diff: https://github.com/kamailio/kamailio/commit/e36b2232e9b097794845659f71543bc… Patch: https://github.com/kamailio/kamailio/commit/e36b2232e9b097794845659f71543bc… --- diff --git a/src/modules/file_out/file_out.c b/src/modules/file_out/file_out.c index f3dcfb831d9..7e035f13359 100644 --- a/src/modules/file_out/file_out.c +++ b/src/modules/file_out/file_out.c @@ -552,7 +552,10 @@ static int fo_get_full_path(const int index, char *full_path) static int fo_write_to_file(sip_msg_t *msg, char *index, char *log_message) { int result, file_index; - str fo_prefix_str, fo_prefix_val; + str fo_prefix_str = str_init(""); + str fo_prefix_val = str_init(""); + str value = str_init(""); + fo_log_message_t logMessage = {0, 0, 0}; if(index == NULL || log_message == NULL) { LM_ERR("filename or log_messsage is NULL\n"); @@ -565,7 +568,6 @@ static int fo_write_to_file(sip_msg_t *msg, char *index, char *log_message) return -1; } - str value = str_init(""); result = get_str_fparam(&value, msg, (fparam_t *)log_message); if(result < 0) { LM_ERR("Failed to get string from param 1: %d\n", result); @@ -583,7 +585,6 @@ static int fo_write_to_file(sip_msg_t *msg, char *index, char *log_message) } /* Add the logging string to the global gueue */ - fo_log_message_t logMessage = {0, 0, 0}; logMessage.prefix = &fo_prefix_val; logMessage.message = &value; logMessage.dest_file = file_index;

9 months, 1 week

git:master:5f6c8d6b: modules: readme files regenerated - secsipid ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: master Commit: 5f6c8d6b74bb792eb9c5a6fba7a1fc149e838121 URL: https://github.com/kamailio/kamailio/commit/5f6c8d6b74bb792eb9c5a6fba7a1fc1… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2024-03-14T12:16:16+01:00 modules: readme files regenerated - secsipid ... [skip ci] --- Modified: src/modules/secsipid/README --- Diff: https://github.com/kamailio/kamailio/commit/5f6c8d6b74bb792eb9c5a6fba7a1fc1… Patch: https://github.com/kamailio/kamailio/commit/5f6c8d6b74bb792eb9c5a6fba7a1fc1…

9 months, 1 week

git:master:dd1ddf0a: secsipid: docs for secsipid_verify(...)

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: dd1ddf0a5ad57395bc6aa7c71b47e43d1c7c5542 URL: https://github.com/kamailio/kamailio/commit/dd1ddf0a5ad57395bc6aa7c71b47e43… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-03-14T12:15:16+01:00 secsipid: docs for secsipid_verify(...) --- Modified: src/modules/secsipid/doc/secsipid_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/dd1ddf0a5ad57395bc6aa7c71b47e43… Patch: https://github.com/kamailio/kamailio/commit/dd1ddf0a5ad57395bc6aa7c71b47e43… --- diff --git a/src/modules/secsipid/doc/secsipid_admin.xml b/src/modules/secsipid/doc/secsipid_admin.xml index 7ea74f525a0..c43ccf3c637 100644 --- a/src/modules/secsipid/doc/secsipid_admin.xml +++ b/src/modules/secsipid/doc/secsipid_admin.xml @@ -297,6 +297,52 @@ request_route { ... } ... +</programlisting> + </example> + <para> + Further checks can be done with config operations, decoding the JWT header + and payload using {s.select} and {s.decode.base64t} transformations + together with jansson module. + </para> + </section> + <section id="secsipid.f.secsipid_verify"> + <title> + <function moreinfo="none">secsipid_verify(sIdentity, keyVal, opts)</function> + </title> + <para> + Check the validity of the "sIdentity" parameter using the key value + given in the parameter "keyVal". The validity of the JWT + in the sIdentity value is also checked against the "expire" + parameter. + </para> + <para> + The "opts" parameter provides the verify options: + <itemizedlist> + <listitem> + <para> + <emphasis>A</emphasis> (uppercase) - skip verifying the attributes + in the JWT header. + </para> + </listitem> + </itemizedlist> + </para> + <para> + The parameters can contain pseudo-variables. + </para> + <para> + This function can be used from ANY_ROUTE. + </para> + <example> + <title><function>secsipid_verify</function> usage</title> + <programlisting format="linespecific"> +... +request_route { + ... + http_client_query("https://provider.com/stir-shaken/cert.pem", "$var(pubkey)"); + if(secsipid_verify("$hdr(Identity)", "$var(pubkey)", "A")) { ... } + ... +} +... </programlisting> </example> <para> @@ -541,4 +587,3 @@ make install </section> </chapter> -

9 months, 1 week

git:master:3dcebaed: secsipid: new function to verify identity value with options

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 3dcebaed01a75e2666345412713c391b6186cc69 URL: https://github.com/kamailio/kamailio/commit/3dcebaed01a75e2666345412713c391… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-03-14T12:15:16+01:00 secsipid: new function to verify identity value with options - secsipid_verify(identity, keyval, opts) - the options can be: - A - do not verify the header attributes --- Modified: src/modules/secsipid/secsipid_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/3dcebaed01a75e2666345412713c391… Patch: https://github.com/kamailio/kamailio/commit/3dcebaed01a75e2666345412713c391… --- diff --git a/src/modules/secsipid/secsipid_mod.c b/src/modules/secsipid/secsipid_mod.c index b8c80382ac1..d0615d3d058 100644 --- a/src/modules/secsipid/secsipid_mod.c +++ b/src/modules/secsipid/secsipid_mod.c @@ -56,6 +56,8 @@ static int w_secsipid_check_identity( static int w_secsipid_check(sip_msg_t *msg, char *pidentity, char *pkeypath); static int w_secsipid_check_identity_pubkey( sip_msg_t *msg, char *pkeyval, char *str2); +static int w_secsipid_verify( + sip_msg_t *msg, char *pidentity, char *pkeyval, char *popts); static int w_secsipid_add_identity(sip_msg_t *msg, char *porigtn, char *pdesttn, char *pattest, char *porigid, char *px5u, char *pkeypath); static int w_secsipid_build_identity(sip_msg_t *msg, char *porigtn, @@ -96,6 +98,8 @@ static cmd_export_t cmds[]={ fixup_spve_null, fixup_free_spve_null, ANY_ROUTE}, {"secsipid_check", (cmd_function)w_secsipid_check, 2, fixup_spve_spve, fixup_free_spve_spve, ANY_ROUTE}, + {"secsipid_verify", (cmd_function)w_secsipid_verify, 3, + fixup_spve_all, fixup_free_spve_all, ANY_ROUTE}, {"secsipid_add_identity", (cmd_function)w_secsipid_add_identity, 6, fixup_spve_all, fixup_free_spve_all, ANY_ROUTE}, {"secsipid_build_identity", (cmd_function)w_secsipid_build_identity, 6, @@ -405,6 +409,73 @@ static int w_secsipid_check(sip_msg_t *msg, char *pidentity, char *pkeypath) return ki_secsipid_check(msg, &sidentity, &keypath); } +/** + * + */ +static int ki_secsipid_verify( + sip_msg_t *msg, str *sidentity, str *keyval, str *opts) +{ + int ret = 1; + + if(secsipid_cache_dir.len > 0) { + _secsipid_papi.SecSIPIDSetFileCacheOptions( + secsipid_cache_dir.s, secsipid_cache_expire); + } + if(secsipid_libopt_list_used == 0) { + str_list_t *sit; + for(sit = secsipid_libopt_list; sit != NULL; sit = sit->next) { + _secsipid_papi.SecSIPIDOptSetV(sit->s.s); + } + secsipid_libopt_list_used = 1; + } + if(opts != NULL && opts->s[0] == 'A') { + _secsipid_papi.SecSIPIDOptSetN("AttrsVerify", 0); + } + + ret = _secsipid_papi.SecSIPIDCheckFullPubKey(sidentity->s, sidentity->len, + secsipid_expire, keyval->s, keyval->len); + + if(opts != NULL && opts->s[0] == 'A') { + _secsipid_papi.SecSIPIDOptSetN("AttrsVerify", 1); + } + + if(ret == 0) { + LM_DBG("identity verify: ok\n"); + return 1; + } + + LM_DBG("identity verify: failed\n"); + return ret; +} + +/** + * + */ +static int w_secsipid_verify( + sip_msg_t *msg, char *pidentity, char *pkeyval, char *popts) +{ + str sidentity = STR_NULL; + str keyval = STR_NULL; + str opts = STR_NULL; + + if(fixup_get_svalue(msg, (gparam_t *)pidentity, &sidentity) < 0) { + LM_ERR("failed to get identity value parameter\n"); + return -1; + } + + if(fixup_get_svalue(msg, (gparam_t *)pkeyval, &keyval) < 0) { + LM_ERR("failed to get keyval parameter\n"); + return -1; + } + + if(fixup_get_svalue(msg, (gparam_t *)popts, &opts) < 0) { + LM_ERR("failed to get opts parameter\n"); + return -1; + } + + return ki_secsipid_verify(msg, &sidentity, &keyval, &opts); +} + #define SECSIPID_MODE_VALHDR (1 << 0) #define SECSIPID_MODE_VALVAR (1 << 1) #define SECSIPID_MODE_KEYPATH (1 << 2) @@ -1025,6 +1096,11 @@ static sr_kemi_t sr_kemi_secsipid_exports[] = { { SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE } }, + { str_init("secsipid"), str_init("secsipid_verify"), + SR_KEMIP_INT, ki_secsipid_verify, + { SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_STR, + SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE } + }, { str_init("secsipid"), str_init("secsipid_add_identity"), SR_KEMIP_INT, ki_secsipid_add_identity, { SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_STR,

9 months, 1 week

git:5.7:1666d4bc: topos: properly handle cases of no user in contact for mode 1

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.7 Commit: 1666d4bce924b8c0d44119491199a164c9642469 URL: https://github.com/kamailio/kamailio/commit/1666d4bce924b8c0d44119491199a16… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-03-14T10:12:11+01:00 topos: properly handle cases of no user in contact for mode 1 - contact mode 1 accepted cases with no-user in contact uri but not in r-uri, however, requests within dialog can have one's contact in r-uri and then processing failed (cherry picked from commit 24e410f9a20d004f55bcc79cd10fb35cb26e4570) (cherry picked from commit 45ee72fcf0ae8aeb135196ef8729fe0cea14048e) --- Modified: src/modules/topos/tps_storage.c --- Diff: https://github.com/kamailio/kamailio/commit/1666d4bce924b8c0d44119491199a16… Patch: https://github.com/kamailio/kamailio/commit/1666d4bce924b8c0d44119491199a16… --- diff --git a/src/modules/topos/tps_storage.c b/src/modules/topos/tps_storage.c index 1399017cf77..a7b331ca7f4 100644 --- a/src/modules/topos/tps_storage.c +++ b/src/modules/topos/tps_storage.c @@ -223,6 +223,7 @@ int tps_storage_fill_contact( int i; int contact_len; int cparam_len; + int cuser_len = 0; sr_xavp_t *vavu = NULL; if(dir == TPS_DIR_DOWNSTREAM) { @@ -315,21 +316,27 @@ int tps_storage_fill_contact( LM_ERR("failed to parse the contact uri\n"); return -1; } - memcpy(td->cp, curi.user.s, curi.user.len); - td->cp += curi.user.len; + if(curi.user.len > 0) { + memcpy(td->cp, curi.user.s, curi.user.len); + td->cp += curi.user.len; + cuser_len = curi.user.len; + } else { + LM_DBG("no contact user - skipping it\n"); + } } else { /* extract the ruri */ if(parse_sip_msg_uri(msg) < 0) { LM_ERR("failed to parse r-uri\n"); return -1; } - if(msg->parsed_uri.user.len == 0) { - LM_ERR("no r-uri user\n"); - return -1; + if(msg->parsed_uri.user.len > 0) { + memcpy(td->cp, msg->parsed_uri.user.s, + msg->parsed_uri.user.len); + td->cp += msg->parsed_uri.user.len; + cuser_len = msg->parsed_uri.user.len; + } else { + LM_DBG("no r-uri user - skipping it\n"); } - memcpy(td->cp, msg->parsed_uri.user.s, - msg->parsed_uri.user.len); - td->cp += msg->parsed_uri.user.len; } } else if(ctmode == 2) { if(dir == TPS_DIR_DOWNSTREAM) { @@ -342,6 +349,7 @@ int tps_storage_fill_contact( } memcpy(td->cp, vavu->val.v.s.s, vavu->val.v.s.len); td->cp += vavu->val.v.s.len; + cuser_len = vavu->val.v.s.len; } else { /* extract the b contact */ vavu = xavu_get_child_with_sval( @@ -352,11 +360,11 @@ int tps_storage_fill_contact( } memcpy(td->cp, vavu->val.v.s.s, vavu->val.v.s.len); td->cp += vavu->val.v.s.len; + cuser_len = vavu->val.v.s.len; } } - if(!((ctmode == 1) && (dir == TPS_DIR_DOWNSTREAM) - && (curi.user.len <= 0))) { + if(cuser_len > 0) { *td->cp = '@'; td->cp++; }

9 months, 1 week

git:5.7:0f31190e: topos: small rearangement by removing else after return in the true block

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.7 Commit: 0f31190eb15b1e1244f478cc9538bf071317cb35 URL: https://github.com/kamailio/kamailio/commit/0f31190eb15b1e1244f478cc9538bf0… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-03-14T10:02:24+01:00 topos: small rearangement by removing else after return in the true block - reduce level of indentation - a few wraps in curly braces for clearer view of the if block (cherry picked from commit b6fccea258e56b7d3195659245713a6d44acb013) (cherry picked from commit 772b464552cff0b9ebb769e57fae718c0357ba11) --- Modified: src/modules/topos/tps_storage.c --- Diff: https://github.com/kamailio/kamailio/commit/0f31190eb15b1e1244f478cc9538bf0… Patch: https://github.com/kamailio/kamailio/commit/0f31190eb15b1e1244f478cc9538bf0… --- diff --git a/src/modules/topos/tps_storage.c b/src/modules/topos/tps_storage.c index 70c003c944c..1399017cf77 100644 --- a/src/modules/topos/tps_storage.c +++ b/src/modules/topos/tps_storage.c @@ -241,8 +241,9 @@ int tps_storage_fill_contact( } contact_len = sv.len; - if(_tps_contact_host.len) + if(_tps_contact_host.len) { contact_len = sv.len - puri.host.len + _tps_contact_host.len; + } if(ctmode == 1 || ctmode == 2) { cparam_len = _tps_cparam_name.len; @@ -282,8 +283,9 @@ int tps_storage_fill_contact( for(i = 0; i < sv.len; i++) { *td->cp = sv.s[i]; td->cp++; - if(sv.s[i] == ':') + if(sv.s[i] == ':') { break; + } } if(ctmode == 1 || ctmode == 2) { /* create new URI parameter for Contact header */ @@ -294,27 +296,24 @@ int tps_storage_fill_contact( || msg->contact == NULL) { LM_WARN("bad sip message or missing Contact hdr\n"); return -1; - } else { - if(parse_contact(msg->contact) < 0 - || ((contact_body_t *)msg->contact->parsed) - ->contacts - == NULL - || ((contact_body_t *)msg->contact->parsed) - ->contacts->next - != NULL) { - LM_ERR("bad Contact header\n"); - return -1; - } else { - if(parse_uri(((contact_body_t *)msg->contact->parsed) - ->contacts->uri.s, - ((contact_body_t *)msg->contact->parsed) - ->contacts->uri.len, - &curi) - < 0) { - LM_ERR("failed to parse the contact uri\n"); - return -1; - } - } + } + if(parse_contact(msg->contact) < 0 + || ((contact_body_t *)msg->contact->parsed)->contacts + == NULL + || ((contact_body_t *)msg->contact->parsed) + ->contacts->next + != NULL) { + LM_ERR("bad Contact header\n"); + return -1; + } + if(parse_uri(((contact_body_t *)msg->contact->parsed) + ->contacts->uri.s, + ((contact_body_t *)msg->contact->parsed) + ->contacts->uri.len, + &curi) + < 0) { + LM_ERR("failed to parse the contact uri\n"); + return -1; } memcpy(td->cp, curi.user.s, curi.user.len); td->cp += curi.user.len;

9 months, 1 week

git:5.8:f9b1cca3: pkg/kamailio/obs: Allow builders to disable wolfssl module [skip ci]

by Victor Seva

Module: kamailio Branch: 5.8 Commit: f9b1cca33a45560f06b2708975c624da9728b6f5 URL: https://github.com/kamailio/kamailio/commit/f9b1cca33a45560f06b2708975c624d… Author: Oded Arbel <oded(a)geek.co.il> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2024-03-14T11:04:48+01:00 pkg/kamailio/obs: Allow builders to disable wolfssl module [skip ci] Building the WolfSSL module should be optional, even if it is on by default, builders should be able to choose to not need to install 4th party repositories. fixes #3781 (cherry picked from commit 5392dbf8070abf36734d9c857924df91186bc2dd) --- Modified: pkg/kamailio/obs/kamailio.spec --- Diff: https://github.com/kamailio/kamailio/commit/f9b1cca33a45560f06b2708975c624d… Patch: https://github.com/kamailio/kamailio/commit/f9b1cca33a45560f06b2708975c624d… --- diff --git a/pkg/kamailio/obs/kamailio.spec b/pkg/kamailio/obs/kamailio.spec index 3d83430e9dc..d8811a2d1f9 100644 --- a/pkg/kamailio/obs/kamailio.spec +++ b/pkg/kamailio/obs/kamailio.spec @@ -29,6 +29,7 @@ %bcond_without sctp %bcond_without websocket %bcond_without xmlrpc +%bcond_without wolfssl %endif %if 0%{?rhel} == 7 @@ -65,6 +66,7 @@ %bcond_without sctp %bcond_without websocket %bcond_without xmlrpc +%bcond_without wolfssl %endif %if 0%{?rhel} == 8 @@ -111,6 +113,7 @@ %bcond_without sctp %bcond_without websocket %bcond_without xmlrpc +%bcond_without wolfssl %endif %if 0%{?rhel} == 9 @@ -157,6 +160,7 @@ %bcond_without sctp %bcond_without websocket %bcond_without xmlrpc +%bcond_without wolfssl %endif %if 0%{?suse_version} @@ -186,6 +190,7 @@ %bcond_without sctp %bcond_without websocket %bcond_without xmlrpc +%bcond_without wolfssl %endif # build with openssl 1.1.1 on RHEL 7 based dists @@ -1037,6 +1042,7 @@ BuildRequires: openssl-devel TLS transport for Kamailio. +%if %{with wolfssl} %package tls_wolfssl Summary: TLS transport for Kamailio based on wolfSSL Group: %{PKGGROUP} @@ -1044,6 +1050,7 @@ BuildRequires: pkgconfig(wolfssl) %description tls_wolfssl TLS transport for Kamailio based on wolfSSL +%endif %package tcpops @@ -1291,7 +1298,11 @@ make every-module skip_modules="app_mono db_cassandra db_oracle iptrtpproxy \ %if "%{?_unitdir}" != "" ksystemd \ %endif - ktls ktls_wolfssl kunixodbc kutils \ + ktls \ +%if %{with wolfssl} + ktls_wolfssl \ +%endif + kunixodbc kutils \ %if %{with websocket} kwebsocket \ %endif @@ -1400,7 +1411,11 @@ make install-modules-all skip_modules="app_mono db_cassandra db_oracle \ %if "%{?_unitdir}" != "" ksystemd \ %endif - ktls ktls_wolfssl kunixodbc kutils \ + ktls \ +%if %{with wolfssl} + ktls_wolfssl \ +%endif + kunixodbc kutils \ %if %{with websocket} kwebsocket \ %endif @@ -2337,10 +2352,12 @@ fi %{_libdir}/kamailio/modules/tls.so +%if %{with wolfssl} %files tls_wolfssl %defattr(-,root,root) %doc %{_docdir}/kamailio/modules/README.tls_wolfssl %{_libdir}/kamailio/modules/tls_wolfssl.so +%endif %files tcpops

9 months, 1 week

[kamailio/kamailio] Allow builders to disable wolfssl module (PR #3781)

by Oded Arbel

#### Pre-Submission Checklist - [ ] Commit message has the format required by CONTRIBUTING guide - [ ] Commits are split per component (core, individual modules, libs, utils, ...) - [ ] Each component has a single commit (if not, squash them into one commit) - [ ] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist: - [x] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #3592 #### Description Building the WolfSSL module should be optional, even if it is on by default, builders should be able to choose to not need to install 4th party repositories. See pr #3592 and specifically [this comment](https://github.com/kamailio/kamailio/pull/3592#issuecomment-198730… You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3781 -- Commit Summary -- * Allow builders to disable wolfssl module -- File Changes -- M pkg/kamailio/obs/kamailio.spec (21) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3781.patch https://github.com/kamailio/kamailio/pull/3781.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3781 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3781(a)github.com>

9 months, 1 week

← Newer
1
...
13
14
15
16
17
18
19
...
25
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev March 2024