git:master:e3e0e52c: tls: document matching on server_id for oubound connections - sr-dev

12 Nov 2015

Module: kamailio
Branch: master
Commit: e3e0e52ca4a06f72f5139623116d1c8bc119b1e3
URL: https://github.com/kamailio/kamailio/commit/e3e0e52ca4a06f72f5139623116d1c8b...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2015-11-12T14:42:12+01:00
tls: document matching on server_id for oubound connections
---
Modified: modules/tls/doc/params.xml
---
Diff:  https://github.com/kamailio/kamailio/commit/e3e0e52ca4a06f72f5139623116d1c8b...
Patch: https://github.com/kamailio/kamailio/commit/e3e0e52ca4a06f72f5139623116d1c8b...
---

diff --git a/modules/tls/doc/params.xml b/modules/tls/doc/params.xml
index dc40322..397e83f 100644
--- a/modules/tls/doc/params.xml
+++ b/modules/tls/doc/params.xml
@@ -1031,8 +1031,17 @@ modparam("tls", "renegotiation", 1)
    		<listitem><para>crl</para></listitem>
    		<listitem><para>cipher_list</para></listitem>
    		<listitem><para>server_name</para></listitem>
+			<listitem><para>server_id</para></listitem>
    </itemizedlist>
    <para>
+		The value for server_id can be any string, being used to match TLS
+		client config profile, overriding the match on ip:port and
+		server_name. This is the recommended way for selecting a specific
+		TLS client config profile, because the local or remote port is hard
+		to predict for a stream connection - see parameter xavp_cfg to learn
+		how to enable it.
+	</para>
+	<para>
    	All the parameters that take filenames as values will be resolved
    	using the same rules as for the tls config filename itself: starting
    	with a '.' means relative to the working directory, a '/' means an
@@ -1071,6 +1080,16 @@ verify_depth = 3
 ca_list = local_ca.pem
 server_name = kamailio.org
+[client:127.0.0.1:5061]
+method = TLSv1
+verify_certificate = yes
+require_certificate = yes
+private_key = default_key.pem
+certificate = default_cert.pem
+ca_list = default_ca.pem
+crl = default_crl.pem
+server_name = kamailio.org
+server_id = kamailio.org
    </programlisting>
    </example>
    <para>
@@ -1108,6 +1127,12 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
    </para>
    <itemizedlist>
    	<listitem><para>server_name - SNI to be used for outbound connections</para></listitem>
+		<listitem><para>server_id - string value to be used to match TLS config profile
+				for client (outbound) connections. If it is set, matching the TLS config
+				profile is done first on server_id and then on ip:port and server_name.
+				This is the recommended way for selecting a specific TLS client config
+				profile as the local or remote port is hard to predict for a stream
+				connection.</para></listitem>
    </itemizedlist>
    <para>
    	The default value is empty (not set).
@@ -1119,6 +1144,7 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
   modparam("tls", "xavp_cfg", "tls")
  ...
   $xavp(tls=>server_name) = "kamailio.org";
+  $xavp(tls=>server_id) = "kamailio.org";
   $du = "sip:kamailio.org:5061;transport=tls";
   route(RELAY);
 ...

    