[Kamailio-Devel] SF.net SVN: openser:[4680] trunk
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Aug 12 09:26:46 CEST 2008
Revision: 4680
http://openser.svn.sourceforge.net/openser/?rev=4680&view=rev
Author: klaus_darilion
Date: 2008-08-12 07:26:43 +0000 (Tue, 12 Aug 2008)
Log Message:
-----------
- added support for TLS server_name extension (aka SNI=server name indication)
- outgoing TLS requests: configure the tls_server_name_avp
and set it in the script to the requested domain.
- incoming TLS requests: configure like before multiple TLS client domains.
But this time, use the same IP:port but specify the domain by using the new
"tls_server_name" directive. Then, if the incoming TLS request has a
server_name and a matching client domain is found, the SSL_CTX context for
the incoming SSL connection will be switched.
- tlsops module extended to export the incoming indicated server_name as PV
- NOTE: To use this feature, Openser needs an openSSL library with TLS extensions
enabled. Recent openSSL version 0.9.8h supports TLS extensions, but they are not
enabled by default. You have to configure openSSL with
"./configure --enable-tlsext"
and build it yourself.
If you are using debian, just use openssl package >= 0.9.8g-10.1. (on debian the
openssl packages are built with TLS extension by default)
Modified Paths:
--------------
trunk/cfg.lex
trunk/cfg.y
trunk/modules/tlsops/doc/tlsops_admin.xml
trunk/modules/tlsops/tls_select.c
trunk/modules/tlsops/tls_select.h
trunk/modules/tlsops/tlsops.c
trunk/tls/README
trunk/tls/doc/tls.xml
trunk/tls/doc/tls_admin.xml
trunk/tls/doc/tls_devel.xml
trunk/tls/doc/tls_faq.xml
trunk/tls/tls_config.c
trunk/tls/tls_config.h
trunk/tls/tls_domain.c
trunk/tls/tls_domain.h
trunk/tls/tls_init.c
trunk/tls/tls_server.c
trunk/version.h
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the Devel
mailing list