[Devel] TLS ideas

Daniel-Constantin Mierla daniel at voice-system.ro
Wed Mar 29 11:25:17 CEST 2006


Hello,

On 03/27/06 18:01, Klaus Darilion wrote:
> Hi!
>
> I think one big thing missing in TLS module is outgoing TLS client 
> domains (having multiple SSL contexts an choose one of these when 
> creating a new outgoing TLS connection). I think this can be easily 
> added (maybe reuse some parts of ser's new TLS code). The problem is, 
> currently the TLS domain is chosen based on the remote IP address.
>
> IMO it would be necessary to choose the TLS domain based on some other 
> identifier to (e.g. an AVP, or the domain in the request URI ...). 
> Otherwise configuration of outgoing TLS domains wont work in 
> plug'n'play style.
>
> For this,it would be necessary to signal the identifier from the tm 
> module to the tls module. Thus, the TLS module can select the proper 
> SSL context for creating a new TLS connection (or reuse an existing 
> connection)
as I understand, you need to access the domain part of destination URI. 
This is either dst-uri, r-uri or the parameter of the relay functions. 
First two are easy to access via pseudo-variables, the last one we have 
to think about since it is kept in as a compiled structure after fixup 
function.

Cheers,
Daniel

>
> I reviewed the code to implement it but get lost in SEND_BUFFER and 
> struct cell *t. Can you please give me some hints how this can be done?
>
> thanks
> klaus
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>



More information about the Devel mailing list