[Devel] TLS ideas
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Mar 27 17:01:51 CEST 2006
Hi!
I think one big thing missing in TLS module is outgoing TLS client
domains (having multiple SSL contexts an choose one of these when
creating a new outgoing TLS connection). I think this can be easily
added (maybe reuse some parts of ser's new TLS code). The problem is,
currently the TLS domain is chosen based on the remote IP address.
IMO it would be necessary to choose the TLS domain based on some other
identifier to (e.g. an AVP, or the domain in the request URI ...).
Otherwise configuration of outgoing TLS domains wont work in plug'n'play
style.
For this,it would be necessary to signal the identifier from the tm
module to the tls module. Thus, the TLS module can select the proper SSL
context for creating a new TLS connection (or reuse an existing connection)
I reviewed the code to implement it but get lost in SEND_BUFFER and
struct cell *t. Can you please give me some hints how this can be done?
thanks
klaus
More information about the Devel
mailing list