Module: kamailio Branch: master Commit: 6faa180661e799187eff3a498f8b13e96719fa92 URL: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e9...

Author: Jannik Volkland volkland@sipgate.de Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2024-04-04T12:55:38+02:00

ndb_redis: docs - refine docs regarding client certificates [skip ci]

The created ssl context does not use client certificates [1,2] which is against the default in current Redis configurations [3]. The used Redis server therefore needs to be configured to not use tls-auth-clients [3].

There is also a small typo in "ac_path" which was fixed to "ca_path".

[1]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892ac... [2]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892ac... [3]: https://redis.io/docs/management/security/encryption/#client-certificate-aut...

---

Modified: src/modules/ndb_redis/doc/ndb_redis_admin.xml

---

Diff: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e9... Patch: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e9...

---

diff --git a/src/modules/ndb_redis/doc/ndb_redis_admin.xml b/src/modules/ndb_redis/doc/ndb_redis_admin.xml index 74d35c75cc9..024b01315ac 100644 --- a/src/modules/ndb_redis/doc/ndb_redis_admin.xml +++ b/src/modules/ndb_redis/doc/ndb_redis_admin.xml @@ -75,6 +75,12 @@ many REDIS servers, just give different attributes and use the specific server name when querying the REDIS instance. </para> + <para> + If tls is enabled, the module will validate the REDIS server certificate against the + ca_path. There is currently no way to connect with a specified client certificate, the + <ulink url="https://redis.io/docs/management/security/encryption/#client-certificate-authentication">corresponding configuration</ulink> + to check client certificates in the REDIS server must therefore be turned off. + </para> <para> <emphasis> Default value is NULL. @@ -330,9 +336,9 @@ modparam("ndb_redis", "debug", 1) </example> </section> <section id="ndb_redis.p.ca_path"> - <title><varname>ac_path</varname> (string)</title> + <title><varname>ca_path</varname> (string)</title> <para> - Sets the path where Certificates Authorities certs are stored. + Sets the path where Certificates Authorities certs for the REDIS server certificate are stored. </para> <para> Default value: "" (empty).