[Devel] TLS ...
Daniel-Constantin Mierla
daniel at voice-system.ro
Thu Feb 23 10:07:09 CET 2006
Hello Klaus,
I believe some of those can use same static buffer and have hooks inside
the buffer to start of the pseudo-variable value and the length. Like
with sip message, there is a static buffer and for each process and then
the parser just links the hooks. What do you think?
Cheers,
Daniel
On 02/22/06 21:54, Klaus Darilion wrote:
> Daniel-Constantin Mierla wrote:
>>> Please check if I got it right:
>>> We can make a function ascii2str which copies the ascii string into
>>> a statice buffer (e.g. maxlen=255, I have to check if there a length
>>> limits for certificate parameters).
>>>
>>> $cn retrieves the certificate subject from openssl as ASCII. it then
>>> uses ascii2str to copy it into the static buffer.
>>>
>>> Would that mean also that in the following snippet all these tasks
>>> are done 3 times (xlog+xlog+accounting)?
>> It is up to the implementation. The pseudo-variables getting the time
>> calls time(NULL) only once per message, as well as TM module sets one
>> time the global transaction variable (it does not search the
>> transaction each time is needed per script processing). So, you can
>> do it each time, or once per script processing, it is a matter of
>> internal design and developer's choice - recommended is to be once
>> per script processing.
>
>
> If we want to have it once per script processing, we need a static
> buffer for each parameter. Given the list of possible parameters
> (taken from ser's tls module) this will add 46 static buffers. Is this
> something we should do or should we choose another implementation?
>
> regards
> klaus
>
> List of possible TLS parameters:
> @tls String description of the TLS layer
> @tls.version Protocol version being used
> @tls.desc The same as @tls
> @tls.cipher Cipher name being used
> @tls.cipher.bits Number of bits used for encryption
> @tls.peer Peer certificate subject common name
> @tls.me Local certificate subject common name
> @tls.peer.subject same as @tls.peer
> @tls.peer.issuer Peer certificate issuer common name
> @tls.peer.verified True if peer cert has been verified
> @tls.peer.version Peer/local certificate version
> @tls.peer.sn Peer/local certificate number
> @tls.peer.not_before Certificate validity start
> @tls.peer.not_after Certificate validity end
> @tls.peer.email Email address from subj alternative name
> @tls.peer.host DNS anme from subj alternative name
> @tls.peer.uri URI from subj alternative name
> @tls.peer.ip IP address from subj alternative name
> @tls.peer.subj.locality locality component
> @tls.peer.subj.country subject country
> @tls.peer.subj.state subject state
> @tls.peer.subj.organization subject organization
> @tls.peer.subj.unit subject organizational unit
> @tls.peer.issuer.locality locality component
> @tls.peer.issuer.country issuer country
> @tls.peer.issuer.state issuer state
> @tls.peer.issuer.organization issuer organization
> @tls.peer.issuer.unit issuer organizational unit
> @tls.my.version Peer/local certificate version
> @tls.my.sn Peer/local certificate number
> @tls.my.not_before Certificate validity start
> @tls.my.not_after Certificate validity end
> @tls.my.email Email address from subj alternative name
> @tls.my.host DNS anme from subj alternative name
> @tls.my.uri URI from subj alternative name
> @tls.my.ip IP address from subj alternative name
> @tls.my.subj.locality locality component
> @tls.my.subj.country subject country
> @tls.my.subj.state subject state
> @tls.my.subj.organization subject organization
> @tls.my.subj.unit subject organizational unit
> @tls.my.issuer.locality locality component
> @tls.my.issuer.country issuer country
> @tls.my.issuer.state issuer state
> @tls.my.issuer.organization issuer organization
> @tls.my.issuer.unit issuer organizational unit
>
More information about the Devel
mailing list