[Kamailio-Devel] [SR-Dev] TLS merge

[Klaus Darilion]

Andrei Pelinescu-Onciul wrote:
> On Feb 23, 2009 at 22:02, Jan Janak <jan at iptel.org> wrote:
>> Hello,
>>
>> If we want to make the sip-router core usable in both projects, we would also
>> need to merge both tls implementations. In SER we moved the the TLS
>> implementation into tls module.
>>
>> In Kamailio it appears that the tls implementation is in tls subdirectory in
>> the core and then there is tlsops module which contains pseudovariables used
>> to retrieve information from TLS certificates.
>>
>> Unless somebody has a better idea, I would propose that we merge the tls
>> implementation from kamailio core into ser tls module. In addition to that we
>> could merge the implementation of tls related pseudovariables from tlsops into
>> the tls module and then put the tls module into the sip-router repository.
> 
> I don't think there is anything to merge from kamailio tls core. It's
> just basic tls which is fully supported by ser tls module (they have a
> common ancestry anyway). Moreover ser tls has lots of workarounds in
> place for various bugs in openssl.

I think that's not true. K's TLS also supports name-based TLS domains 
(the TLS domain can be selected by setting an AVP) and it also supports 
the servername extension (multiple TLS domains use the same socket). 
AFAIK these features are not available in ser.

> Regarding tlsops: we already have extensive ser select support in tls
> and as far as I understood from Daniel selects are/will be accessible via
> psedo-vars too. So does it make sense to port the pseudo vars from
> tlsops? Is that something extra supported by them?

IIRC the tlsops module is basically just the "select" ported from ser to 
Kamailio. Of course the servername pseudo variable is not available in 
the select.

Otherwise, if there is a generic mechanism to access "selects" via PV 
then the tlsops could be removed (with servername added to select).


regards
klaus