Module: kamailio Branch: master Commit: 394878313770a3b8b57a346a0a323effe8e88a4f URL: https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323eff...
Author: AntonyA ascanio.alba7@gmail.com Committer: AntonyA ascanio.alba7@gmail.com Date: 2018-04-09T19:17:06+08:00
tls: add support for OpenSSL engine and private keys in HSM
- add support for OpenSSL engine and loading private keys from HSM - for when kamailio is a TLS edge proxy and needs to use HSM - currently we initialize the engine in worker processes as PKCS#11 libraries are not guaranteed to be fork() safe
- new config params - engine: name the OpenSSL engine - engine_config: an OpenSSL config format file used to bootstrap engines - engine_algorithms: list of algorithms to delegate to the engine
- tested with Gemalto SafeNet Luna (AWS CloudHSM) with RSA and EC private keys TLSv1.2 and PFS cipher suites
---
Added: src/modules/tls/doc/hsm_howto.xml Added: src/modules/tls/tls_map.c Added: src/modules/tls/tls_map.h Modified: src/modules/tls/doc/params.xml Modified: src/modules/tls/doc/tls.xml Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_server.c
---
Diff: https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323eff... Patch: https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323eff...
-
AntonyA