[Serdev] Path module commit in CVS

Bogdan-Andrei Iancu bogdan at voice-system.ro
Fri Jun 17 17:10:19 UTC 2005 

Hi Cesc,

as we discussed earlier today, I put together as much documentation as 
possible about TLS - for implementation details, I used parts of your 
README - quite useful :)

briefly you have there:
    1) TLS - purpose and scenarios (real application)
    2) compiling TLS support (patching part is missing, since we have it 
built in)
    3) Generating self-signed certificate
    4) How TLS auth works
    5) Setting SER to use TLS - configuration variables
    6) script example for using TLS in a muti-domain setup
    7) developer guide

I put it on the web to be easier for access - 
http://openser.org/docs/tls.html - if still interested, feel free to 
link it.

regards,
bogdan

Cesc wrote:

>I will commit test certificates (root ca plus user certs signed by the root ca).
>I can also commit the .conf files and the basic structure for the ca
>as well as scripts to automate the creation of certs.
>
>Cesc
>
>On 6/17/05, Jan Janak <jan at iptel.org> wrote:
>  
>
>>Also it might be a good idea to add some description about how to
>>create a self-signed certificate for testing:
>>
>>http://sial.org/howto/openssl/self-signed/
>>
>>Or maybe even a shell script.
>>
>>  Jan.
>>
>>On 17-06-2005 15:19, Jan Janak wrote:
>>    
>>
>>>On 17-06-2005 14:43, Cesc wrote:
>>>      
>>>
>>>>The TLS stuff is thought to be checked out and then copied into
>>>>SERROT/tls ... there are too many files which include
>>>>tls/tls_somefile.h headers that it would be a mess ... i think.
>>>>Anyway, this process needs not be done very often ... TLS is stable :)
>>>>
>>>>In my opinion, find a way to make it as simple as possible for the
>>>>user to use this "experimental" code ... it is "bad" enough to have
>>>>them on a separate tree. Let me know if i need to change something
>>>>        
>>>>
>>>  I just tried it and the following procedure seems to work out of the
>>>  box (without patching anything):
>>>
>>>  cd sip_router
>>>  cvs co -d tls experimental/tls
>>>  make clean
>>>  make all TLS=1
>>>
>>>  Then just create a certificate and private key and configure them in
>>>  ser.cfg:
>>>
>>>  listen=tls:127.0.0.1:5061
>>>  tls_certificate="/usr/local/etc/ser/ser.cert"
>>>  tls_private_key="/usr/local/etc/ser/ser.key"
>>>
>>>  I think this is quite easy.
>>>
>>>    Jan.
>>>
>>>_______________________________________________
>>>Serdev mailing list
>>>serdev at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serdev
>>>      
>>>
>
>_______________________________________________
>Serdev mailing list
>serdev at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serdev
>
>  
>

More information about the Serdev mailing list