[Devel] TLS ideas
Daniel-Constantin Mierla
daniel at voice-system.ro
Wed Mar 29 11:25:17 CEST 2006
Hello,
On 03/27/06 18:01, Klaus Darilion wrote:
> Hi!
>
> I think one big thing missing in TLS module is outgoing TLS client
> domains (having multiple SSL contexts an choose one of these when
> creating a new outgoing TLS connection). I think this can be easily
> added (maybe reuse some parts of ser's new TLS code). The problem is,
> currently the TLS domain is chosen based on the remote IP address.
>
> IMO it would be necessary to choose the TLS domain based on some other
> identifier to (e.g. an AVP, or the domain in the request URI ...).
> Otherwise configuration of outgoing TLS domains wont work in
> plug'n'play style.
>
> For this,it would be necessary to signal the identifier from the tm
> module to the tls module. Thus, the TLS module can select the proper
> SSL context for creating a new TLS connection (or reuse an existing
> connection)
as I understand, you need to access the domain part of destination URI.
This is either dst-uri, r-uri or the parameter of the relay functions.
First two are easy to access via pseudo-variables, the last one we have
to think about since it is kept in as a compiled structure after fixup
function.
Cheers,
Daniel
>
> I reviewed the code to implement it but get lost in SEND_BUFFER and
> struct cell *t. Can you please give me some hints how this can be done?
>
> thanks
> klaus
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>
More information about the Devel
mailing list