[Devel] [ openser-Patches-1477147 ] TLS client domains (name/socket based) and more config

SourceForge.net noreply at sourceforge.net
Thu May 4 11:56:49 CEST 2006

Patches item #1477147, was opened at 2006-04-26 20:35
Message generated for change (Comment added) made by klaus_darilion
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: ver devel
Status: Open
Resolution: None
Priority: 5
Submitted By: Klaus Darilion (klaus_darilion)
Assigned to: Nobody/Anonymous (nobody)
Summary: TLS client domains (name/socket based) and more config

Initial Comment:

I've extended the TLS stack. The changes does not
actually change the TLS processing, but the TLS
configuration and TLS initialization. This patch
includes the features of the previous patch
and allows more flexible configuration.

Not extensive tested, but basic testing succeeded and
as there are no "deep" TLS changes, it should be as
stable as current version.

Detailed changes:

- parameter tls_require_certificate renamed to
tls_require_client_certificate because it is more

- parameter tls_client_domain_avp added: allows
activating of a certain TLS client domain via AVP.

- TLS virtual domain configuration differs between
server and clients domain

- also the default TLS client and server uses the
tls_domain structure now. inside TLS code we have 4
domain lists:
  - tls_default_server_domain (this list has 1 entry)
  - tls_default_client_domain (this list has 1 entry)
  - tls_client_domains (this list has 0 or more entries)
  - tls_server_domains (this list has 0 or more entries)
  This allows configuring also the tls_cipher and
tls_verify_* and tls_require_client_certificate on a
per domain basis
- 2-stage TLS initialization in main.c: before and
after config file parsing

- docs updated

- default values for tls_handshake_timeout and
tls_send_timeout changed from 120 seconds to 30 seconds
as there is no reason for waiting 120 seconds

- removed duplicate TLS initialization code

- more logging and better error handling during

- added to tls_domain structure:
  + int   type;
  + int   verify_cert;
  + int   require_client_cert;
  + char *ciphers_list;
  + str name; Allows TLS domains lookup via a string
based identifier
  The type is "stolen" from ser's TLS code:
  enum tls_domain_type {                              
        TLS_DOMAIN_DEF = (1 << 0), /* Default domain */
        TLS_DOMAIN_SRV = (1 << 1), /* Server domain */
        TLS_DOMAIN_CLI = (1 << 2), /* Client domain */
        TLS_DOMAIN_NAME= (1 << 3)  /* Name based TLS
domain */
- removed unused variables


>Comment By: Klaus Darilion (klaus_darilion)
Date: 2006-05-04 11:56

Logged In: YES 

delete patch as new patch coming soon.


You can respond by visiting: 

More information about the Devel mailing list