[Kamailio-Devel] [SR-Dev] TLS merge
Andrei Pelinescu-Onciul
andrei at iptel.org
Tue Feb 24 11:35:14 CET 2009
On Feb 24, 2009 at 11:20, Jan Janak <jan at iptel.org> wrote:
> On 24-02 11:15, Andrei Pelinescu-Onciul wrote:
> > On Feb 23, 2009 at 23:51, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
> > > Hello,
> > >
> > > On 02/23/2009 11:02 PM, Jan Janak wrote:
> > > > Hello,
> > > >
> > > > If we want to make the sip-router core usable in both projects, we would also
> > > > need to merge both tls implementations. In SER we moved the the TLS
> > > > implementation into tls module.
> > > >
> > > > In Kamailio it appears that the tls implementation is in tls subdirectory in
> > > > the core and then there is tlsops module which contains pseudovariables used
> > > > to retrieve information from TLS certificates.
> > > >
> > > > Unless somebody has a better idea, I would propose that we merge the tls
> > > > implementation from kamailio core into ser tls module. In addition to that we
> > > > could merge the implementation of tls related pseudovariables from tlsops into
> > > > the tls module and then put the tls module into the sip-router repository.
> > > >
> > > > What do you think?
> > > yes, tls has to be merged and keeping it as module is fine for me.
> > >
> > > Does the ser core (sip router) still needs to be compiled with some TLS
> > > define in order to get the TLS support, or it is implicit and just
> > > loading the module will do it?
> >
> > No, it's implicit. You have to set enable_tls in .cfg and load the tls
> > module (if you don't load it and have enable_tls=yes you'll get a
> > warning). There is also a define: TLS_HOOKS but's it's set by default.
>
> Is the variable enable_tls really needed? Can't we get rid of it? Or maybe
> set it automatically when the tls module is loaded?
Actually it's there because of the possibility to use tls in the core
instead of the tls module and also to have a similar way of
disabling/enabling tls with tcp and sctp.
If you want auto-setting, change the default to 0 (tls_disable) and
remove the LOG(L_WARN...) in main.c if (!tls_loaded()).
While that would work, I think we need 3 state for tls enable/disable:
auto (depends on tls module), force disable and force enable (if tls
module is not loaded => warning or error).
Andrei
More information about the Devel
mailing list