git:master:f37344dd: tls: added server_name to module parameters - sr-dev

17 Feb 2015

Module: kamailio
Branch: master
Commit: f37344dddf53514e35a3d8c0e2d47c0672a80825
URL: https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c06...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2015-02-17T14:11:07+01:00
tls: added server_name to module parameters
- not that useful in the case of defining a single set of tls
  attributes, but has to be coherent with the config options
---
Modified: modules/tls/tls_cfg.c
Modified: modules/tls/tls_cfg.h
Modified: modules/tls/tls_mod.c
---
Diff:  https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c06...
Patch: https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c06...
---

diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c
index d6e1048..fd3b950 100644
--- a/modules/tls/tls_cfg.c
+++ b/modules/tls/tls_cfg.c
@@ -35,6 +35,7 @@
 struct cfg_group_tls default_tls_cfg = {
    0, /* tls_force_run */
    STR_STATIC_INIT("TLSv1"), /* method */
+	STR_NULL, /* server name (sni) */
    0, /* verify_certificate */
    9, /* verify_depth */
    0, /* require_certificate */
@@ -138,7 +139,9 @@ cfg_def_t	tls_cfg_def[] = {
    {"force_run", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
    	"force loading the tls module even when initial sanity checks fail"},
    {"method",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"TLS method used (TLSv1, SSLv3, SSLv2, SSLv23)"},
+		"TLS method used (TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23)"},
+	{"server_name",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+		"Server name (SNI)"},
    {"verify_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
    	"if enabled the certificates will be verified" },
    {"verify_depth", CFG_VAR_INT | CFG_READONLY, 0, 100, 0, 0,
diff --git a/modules/tls/tls_cfg.h b/modules/tls/tls_cfg.h
index 2768f0b..36cb662 100644
--- a/modules/tls/tls_cfg.h
+++ b/modules/tls/tls_cfg.h
@@ -41,6 +41,7 @@
 struct cfg_group_tls {
    int force_run;
    str method;
+	str server_name;
    int verify_cert;
    int verify_depth;
    int require_cert;
diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c
index b02e1a1..ed8ac01 100644
--- a/modules/tls/tls_mod.c
+++ b/modules/tls/tls_mod.c
@@ -99,6 +99,7 @@ static tls_domain_t mod_params = {
    {0, },                /* Cipher list */
    TLS_USE_TLSv1,    /* TLS method */
    STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */
+	{0, 0},           /* Server name (SNI) */
    0                 /* next */
 };
@@ -120,6 +121,7 @@ tls_domain_t srv_defaults = {
    {0, 0},                /* Cipher list */
    TLS_USE_TLSv1,    /* TLS method */
    STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */
+	{0, 0},           /* Server name (SNI) */
    0                 /* next */
 };
@@ -141,6 +143,7 @@ tls_domain_t cli_defaults = {
    {0, 0},                /* Cipher list */
    TLS_USE_TLSv1,    /* TLS method */
    {0, 0}, /* Certificate revocation list */
+	{0, 0},           /* Server name (SNI) */
    0                 /* next */
 };
@@ -170,6 +173,7 @@ static cmd_export_t cmds[] = {
  */
 static param_export_t params[] = {
    {"tls_method",          PARAM_STR,    &default_tls_cfg.method       },
+	{"server_name",         PARAM_STR,    &default_tls_cfg.server_name  },
    {"verify_certificate",  PARAM_INT,    &default_tls_cfg.verify_cert  },
    {"verify_depth",        PARAM_INT,    &default_tls_cfg.verify_depth },
    {"require_certificate", PARAM_INT,    &default_tls_cfg.require_cert },
@@ -307,6 +311,7 @@ static int mod_init(void)
    mod_params.crl_file = cfg_get(tls, tls_cfg, crl);
    mod_params.cert_file = cfg_get(tls, tls_cfg, certificate);
    mod_params.cipher_list = cfg_get(tls, tls_cfg, cipher_list);
+	mod_params.server_name = cfg_get(tls, tls_cfg, server_name);
tls_domains_cfg =
    		(tls_domains_cfg_t**)shm_malloc(sizeof(tls_domains_cfg_t*));

    