3 Sep
2010
3 Sep
'10
4:25 a.m.
Hello,
Here is a patch to use certificate revocation lists in the TLS plugin. It applies cleanly
to Kamailio 3.0.2 and 3.0.3 (I didn't test 3.1). The paths in the patches are not
right because I can't use Git here. Is there a Git repository of Kamailio accessible
from http somewhere?
About the patch itself: the certification revocation list is loaded from a file by the
"crl" option, like the CA list. I didn't try to concatene multiple
revocation lists like the CA lists, but it should work.
I'll soon send another patch to support reloading the list without resarting the
server. If i understood the code, I have to send the command through a FIFO, like kamctl?
Can I take inspiration in the lcr_reload or dp_reload functions, or is there a better code
somewhere?
Best regards,
Geoffroy
________________________________
Ce message et les pi?ces jointes sont confidentiels et r?serv?s ? l'usage exclusif de
ses destinataires. Il peut ?galement ?tre prot?g? par le secret professionnel. Si vous
recevez ce message par erreur, merci d'en avertir imm?diatement l'exp?diteur et de
le d?truire. L'int?grit? du message ne pouvant ?tre assur?e sur Internet, la
responsabilit? du groupe Atos Origin ne pourra ?tre recherch?e quant au contenu de ce
message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission
exempte de tout virus, l'exp?diteur ne donne aucune garantie ? cet ?gard et sa
responsabilit? ne saurait ?tre recherch?e pour tout dommage r?sultant d'un virus
transmis.
This e-mail and the documents attached are confidential and intended solely for the
addressee; it may also be privileged. If you receive this e-mail in error, please notify
the sender immediately and destroy it. As its integrity cannot be secured on the Internet,
the Atos Origin group liability cannot be triggered for the message content. Although the
sender endeavours to maintain a computer virus-free network, the sender does not warrant
that this transmission is virus-free and will not be liable for any damages resulting from
any virus transmitted.
3 Sep
3 Sep
7:16 a.m.
New subject: [PATCH]Certificate revocation list support in TLS plugin
Am 03.09.2010 10:25, schrieb Couprie Geoffroy:
Hello,
Here is a patch to use certificate revocation lists in the TLS plugin.
It applies cleanly to Kamailio 3.0.2 and 3.0.3 (I didn't test 3.1). The
paths in the patches are not right because I can't use Git here. Is
there a Git repository of Kamailio accessible from http somewhere?
About the patch itself: the certification revocation list is loaded from
a file by the "crl" option, like the CA list. I didn't try to concatene
multiple revocation lists like the CA lists, but it should work.
I'll soon send another patch to support reloading the list without
resarting the server. If i understood the code, I have to send the
command through a FIFO, like kamctl? Can I take inspiration in the
lcr_reload or dp_reload functions, or is there a better code somewhere?
I usually use the ser_cmd tool. There is already support for RPC in tls
module, probably it would be best to reload the CRL when reloading the
whole tls config and separately. See current TLS RPCs:
http://sip-router.org/docbook/sip-router/branch/master/rpc_list/rpc_list.ht…
regards
klaus
Best regards,
Geoffroy
------------------------------------------------------------------------
Ce message et les pièces jointes sont confidentiels et réservés à
l'usage exclusif de ses destinataires. Il peut également être protégé
par le secret professionnel. Si vous recevez ce message par erreur,
merci d'en avertir immédiatement l'expéditeur et de le détruire.
L'intégrité du message ne pouvant être assurée sur Internet, la
responsabilité du groupe Atos Origin ne pourra être recherchée quant au
contenu de ce message. Bien que les meilleurs efforts soient faits pour
maintenir cette transmission exempte de tout virus, l'expéditeur ne
donne aucune garantie à cet égard et sa responsabilité ne saurait être
recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive this
e-mail in error, please notify the sender immediately and destroy it. As
its integrity cannot be secured on the Internet, the Atos Origin group
liability cannot be triggered for the message content. Although the
sender endeavours to maintain a computer virus-free network, the sender
does not warrant that this transmission is virus-free and will not be
liable for any damages resulting from any virus transmitted.
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
6 Sep
6 Sep
5:53 a.m.
New subject: [PATCH]Certificate revocation list support in TLS plugin
please add it to the tracker, otherwise it may get lost in mailing list:
http://sip-router.org/tracker/
Thanks,
Daniel
On 9/3/10 1:16 PM, Klaus Darilion wrote:
Am 03.09.2010 10:25, schrieb Couprie Geoffroy:
--
Daniel-Constantin Mierla
http://www.asipto.com
Hello,
Here is a patch to use certificate revocation lists in the TLS plugin.
It applies cleanly to Kamailio 3.0.2 and 3.0.3 (I didn't test 3.1). The
paths in the patches are not right because I can't use Git here. Is
there a Git repository of Kamailio accessible from http somewhere?
About the patch itself: the certification revocation list is loaded from
a file by the "crl" option, like the CA list. I didn't try to concatene
multiple revocation lists like the CA lists, but it should work.
I'll soon send another patch to support reloading the list without
resarting the server. If i understood the code, I have to send the
command through a FIFO, like kamctl? Can I take inspiration in the
lcr_reload or dp_reload functions, or is there a better code somewhere?
I usually use the ser_cmd tool. There is already support for RPC in
tls module, probably it would be best to reload the CRL when reloading
the whole tls config and separately. See current TLS RPCs:
http://sip-router.org/docbook/sip-router/branch/master/rpc_list/rpc_list.ht…
regards
klaus
Best regards,
Geoffroy
------------------------------------------------------------------------
Ce message et les pièces jointes sont confidentiels et réservés à
l'usage exclusif de ses destinataires. Il peut également être protégé
par le secret professionnel. Si vous recevez ce message par erreur,
merci d'en avertir immédiatement l'expéditeur et de le détruire.
L'intégrité du message ne pouvant être assurée sur Internet, la
responsabilité du groupe Atos Origin ne pourra être recherchée quant au
contenu de ce message. Bien que les meilleurs efforts soient faits pour
maintenir cette transmission exempte de tout virus, l'expéditeur ne
donne aucune garantie à cet égard et sa responsabilité ne saurait être
recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive this
e-mail in error, please notify the sender immediately and destroy it. As
its integrity cannot be secured on the Internet, the Atos Origin group
liability cannot be triggered for the message content. Although the
sender endeavours to maintain a computer virus-free network, the sender
does not warrant that this transmission is virus-free and will not be
liable for any damages resulting from any virus transmitted.
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
5235
days inactive
5238
days old
2 comments
3 participants
participants (3)
-
Couprie Geoffroy -
Daniel-Constantin Mierla -
Klaus Darilion