This latest commit implements some of the TODO's in the curl module. - default client_cert, client_key, cacert and verifyserver modparams implemented - added a cipher_suites modparam so the default list provided by libcurl can be overridden (e.g. enabling elliptic-curve ciphers) - added per-connection value for verifyserver
Here are some followup questions for @oej or anyone else who may use the curl module. Should the [verify_host](http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html) parameter be configurable as well as verify_peer? Is the intention to make the client cert/key configurable per-connection?
If we add more parameters to the curlcon modparam, it will easily get unmanageable. I suggest two modparams, curlcon and curlcon_param. The first sets up the url and parameters (this is unchanged). The second will add parameters to a curlcon that is already defined. E.g. ``` modparam("curl", "curlcon", "apione=>https://myserver.example.com/url;timeout=12") modparam("curl", "curlcon_param", "apione=>verifyserver=1") modparam("curl", "curlcon_param", "apione=>clientkey=/var/certs/myserver.example.com.pem") ```
Any thoughts? Have I missed anything else in this area? You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/481
-- Commit Summary --
* curl: Add client key/certificate to curl_connect
-- File Changes --
M modules/curl/curl.c (2) M modules/curl/curl.h (6) M modules/curl/curlcon.c (24) M modules/curl/doc/curl_admin.xml (26) M modules/curl/functions.c (113)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/481.patch https://github.com/kamailio/kamailio/pull/481.diff
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/481