[SR-Dev] New commits on branch master

Jan Janak jan at iptel.org
Thu Mar 26 14:54:18 CET 2009


The is the TLS module from SER, I am going to merge few things from k. tlsops
module and the tls implementation and then this module can replace k. tlsops

  Jan.

On 26-03 14:51, Jan Janak wrote:
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=29b0138a7ce09cab1024e25ac457cb8915a973da
> Author: Jan Janak <jan at iptel.org>
> Date:   Thu Mar 26 14:49:36 2009 +0100
> 
>     Replace TCP_BUF_SIZE with a cfg_get(..).
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f6eed41453b5942a3caa195200ba7272c6ebbc61
> Author: Jan Janak <jan at iptel.org>
> Date:   Thu Mar 26 14:45:40 2009 +0100
> 
>     Remove shm_str_dup function.
>     
>     This function is not being used anywhere in TLS module and conflicts
>     with a function in ../../ut.h
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=371cb375504c4070da78e327112995b8d8d85788
> Author: Jan Janak <jan at iptel.org>
> Date:   Thu Mar 26 14:33:39 2009 +0100
> 
>     Define SER_MOD_INTERFACE in Makefile.
>     
>     This patch adds -DSER_MOD_INTERFACE to the modules Makefile, this
>     is needed to make ser modules compile with the sip router core.
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=91e9758df21927394241b022fe6d67e5f44c1822
> Merge: fc9cfc98af91092de9e12533c255778080b045dd 3018841f0fdc23caa5e8155a5b16bc1904616505
> Author: Jan Janak <jan at iptel.org>
> Date:   Thu Mar 26 14:23:27 2009 +0100
> 
>     Merge ser tls module into the sip-router repository
>     
>     * commit 'ser/modules/tls': (50 commits)
>       - a set of minimalistic config files for testing purposes
>       - tls module todo
>       - default key and certificate names changed to ser-selfsigned*
>       - updated to the latest changes in the cfg parser
>       - Use the new configuration file parser
>       - fixed includes (rm malloc.h) due to portability problems
>       - shm_str_dup and shm_asciiz_dup set the destination buffer to NULL if
>       - Convert all relative pathnames of files to absolute with
>       - modified function get_pathname to return path relative to the
>       - support for setting the source address in tcp_send() and tcpconn_get()
>       - updated all the child_init users to ignore or treat specially the
>       - added low_mem_threshold1 & low_mem_threshold2 (the ammount of free memory
>       - tls: tls_update_fd improvement - use SSL_set_fd only when the connection is
>       - workaround for openssl bug #1491 (multiple problems on low memory): tls
>       -  malloc debugging for openssl and random malloc null returns turened off
>       - added tls module documentation (not yet complete, still missing select, rpc and better tls.cfg description).
>       - make tar doesn't exclude tls*, but instead tls/*
>       - call tls_shutdown() only if tls_set_fd() was succesfull
>       - tls: openssl kerberos malloc bug (# 1467) fixed on cvs (0.9.8e-dev and 0.9.9-dev), so add extra checks for enabling the workarround (which disables kerberos) only when necessary:  if openssl compiled with kerberos support, and openssl < 0.9.8e-beta1 or openssl between 0.9.9-dev and 0.9.9-beta1 apply workarround.
>       - tls-core.patch removed (no longer necessary)
>       ...
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=3018841f0fdc23caa5e8155a5b16bc1904616505
> Author: Jan Janak <jan at iptel.org>
> Date:   Thu Jun 26 15:43:26 2008 +0000
> 
>     - a set of minimalistic config files for testing purposes
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=44fc09b81a4a3b6954d629efa68e40035553417d
> Author: Jan Janak <jan at iptel.org>
> Date:   Thu Jun 26 11:49:22 2008 +0000
> 
>     - tls module todo
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=82b840c785181a3fe7c41eceb1df8c39bbe4491f
> Author: Jan Janak <jan at iptel.org>
> Date:   Mon Jun 23 17:48:40 2008 +0000
> 
>     - default key and certificate names changed to ser-selfsigned*
>     - added ser_certs.sh
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=bb718b6a6d3a1342b82b2e2fa722031378c44b7f
> Author: Jan Janak <jan at iptel.org>
> Date:   Thu Jun 12 16:02:04 2008 +0000
> 
>     - updated to the latest changes in the cfg parser
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d037bb9db03ceb56382cd86b68478c225dddeb51
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Jun 6 00:03:06 2008 +0000
> 
>     - Use the new configuration file parser
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=87db435927622735ced93272d97ebc93730c6063
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Sun Mar 2 16:09:28 2008 +0000
> 
>     - fixed includes (rm malloc.h) due to portability problems
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b717dfd11b7e22c36874f2854544014d8df287c8
> Author: Jan Janak <jan at iptel.org>
> Date:   Mon Feb 11 12:39:49 2008 +0000
> 
>     - shm_str_dup and shm_asciiz_dup set the destination buffer to NULL if
>       the source is NULL too
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d128c59d5f860e9a41e4836499754983f921965a
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Feb 8 05:38:39 2008 +0000
> 
>     - Convert all relative pathnames of files to absolute with
>       respect to the main SER configuration file (the external
>       TLS config file and modparams) or the TLS config file
>       (file included from there).
>     - Use get_abs_pathname from sip_router/ut.c instead of the
>       local function get_pathname
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=aa4ac2d8a67ff69ac57e05b9c3199cccad4c71bd
> Author: Jan Janak <jan at iptel.org>
> Date:   Tue Feb 5 08:27:42 2008 +0000
> 
>     - modified function get_pathname to return path relative to the
>       path of the main SER configuration file if it does not start
>       with /, this is much more sensible then just pre-pending CFG_DIR,
>       it is possible to write modparam("tls", "config", "tls.cfg")
>       and still control the location of the configuration files using
>       -f cmd line option
>     - the function now returns result allocated with malloc, not
>       pkg_malloc
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=878bda92133b683add6ea33ad8df70867513d989
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Aug 1 00:05:40 2007 +0000
> 
>     - support for setting the source address in tcp_send() and tcpconn_get()
>       (should allow for a better tcp force_send_socket() in the future)
>     - add multiple aliases for each connection, to cover all the search
>      possiblities: (dst_ip, dst_port), (local_ip, dst_ip, dst_port),
>       (local_ip, local_port, dst_ip, dst_port).
>     - improved connection hash function
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=30b49d1717fe69a93d4a8b4e3204b5f4a4c12044
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Thu Jun 7 21:46:56 2007 +0000
> 
>     - updated all the child_init users to ignore or treat specially the
>      PROC_INIT rank
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=66fff017aa5041a7b17f7d97a79eb1f3b3a3be07
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Feb 28 01:38:47 2007 +0000
> 
>     - added low_mem_threshold1 & low_mem_threshold2 (the ammount of free memory
>      from which tls operations will start to fail preemptively is now configurable;
>      by default the value depends on the number of processes)
>     - doc update
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=30e67c4f345021f4544442ccf672eb38110381e7
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Mon Feb 26 23:32:29 2007 +0000
> 
>     - tls: tls_update_fd improvement - use SSL_set_fd only when the connection is
>       not fully init. and SSL_get_*bio/BIO_set_fd in the other cases (much faster
>       and avoids SSL_mallocs).
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=433e68963684d786b4e765c6ac21fcefeb7bd4cf
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Fri Feb 23 23:24:32 2007 +0000
> 
>     - workaround for openssl bug #1491 (multiple problems on low memory): tls
>      functions will preemptively fail if the available memory drops under a
>      certain treshold (for now a very conservative value based on the maximum
>      possible number of simultaneously executing connects/accepts - expect
>      something >= 20MB, depending on the number of processes)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=3d980a8e309d7f2da71cb81dd13147190894486f
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Feb 21 20:29:04 2007 +0000
> 
>     -  malloc debugging for openssl and random malloc null returns turened off
>     (I've commited this yesterday by mistake)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=32e4977cdb9c1c9ca24c140a493934f1d2e19fa1
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Feb 21 00:54:44 2007 +0000
> 
>     - added tls module documentation (not yet complete, still missing select, rpc and better tls.cfg description).
>     
>     Test case: try to read the generated README and see if it makes sense and you uderstand at least 88,73% from it. Prerequisites: well rested and a blood alcohol level within legal driving limits. WARNING: known to induce strong drowsiness.
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0e4d732dbde5828f54dbffb72c580997a8c80d4b
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Tue Feb 20 19:41:14 2007 +0000
> 
>     - make tar doesn't exclude tls*, but instead tls/*
>     - don't append -tls to the version number unless CORE_TLS is used
>     (there's enough information in the flags to see if support for the tls
>      modules is enabled)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5777d8667fa0177052d9455aad1c072c15eece06
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Fri Feb 16 21:43:17 2007 +0000
> 
>     - call tls_shutdown() only if tls_set_fd() was succesfull
>     (fixes a tricky bug that can appear on low memory conditions)A
>     - tls_dump_cert_info takes into account the possibility of a failing
>       X609_NAME_oneline() (can happen on low memory)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=560a42b6cbe70fa56f3003730587ed0961e83d4f
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Tue Feb 13 13:22:57 2007 +0000
> 
>     - tls: openssl kerberos malloc bug (# 1467) fixed on cvs (0.9.8e-dev and 0.9.9-dev), so add extra checks for enabling the workarround (which disables kerberos) only when necessary:  if openssl compiled with kerberos support, and openssl < 0.9.8e-beta1 or openssl between 0.9.9-dev and 0.9.9-beta1 apply workarround.
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c9557b130abd433b0f11fa523db261419de0b194
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Sat Feb 10 19:02:56 2007 +0000
> 
>     - tls-core.patch removed (no longer necessary)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6a8994c40bfba566177145e109f58c5ce6d396b5
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Sat Feb 10 19:02:04 2007 +0000
> 
>     - use the new tls hooks api (the core patch is no longer necessary)
>     - renamed some of tls_.* functions to tls_h_.* to avoid name conflicts with
>     the core
>     - fixed shutdown tls before tcp bug (if ser was stopped while tls connections
>      were still active, the tls module was destroyed before tcp => crash when
>       tcp tried to close the tls connections). Now all the destroy operation
>      are moved into the new destroy_tls hook and the module destroy function is
>       empty.
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=dd750880feaff5d8741335d34449a06a65cb4fc1
> Author: Jan Janak <jan at iptel.org>
> Date:   Mon Feb 5 10:20:54 2007 +0000
> 
>     - added missing header files to make tls module compile on FreeBSD
>       reported by Atle Samuelsen
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c20ee398fe841bcc7cbe78c4dd89178cb9bcc362
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Fri Feb 2 15:17:52 2007 +0000
> 
>     - fixed missing warning quotes (problem with older compilers)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=fc660aae7db24b34ba98ddcaaef98db40840866e
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Thu Feb 1 04:24:06 2007 +0000
> 
>      - openssl compression bug detect/workaround enabled at runtime
>      (if zlib compression is detected, we replace openssl version with ours).
>      The previous version had this fix but it was enabled only at compile-time.
>      - SSL_OP_TLS_BLOCK_PADDING_BUG option disabled if
>         0.9.8 <= openssl < 0.9.8c and compresion is used (check at runtime)
>      - more start-up sanity checks:
>         - check if openssl used library version is close enough to the
>           library with which the tls module was compiled (header files)
>           For now it checks for the same major, minor and fix level
>           (e.g. 0.9.8a && 0.9.8c are ok, 0.9.7b and 0.9.8a are not)
>        - try to auto-detect (using the compile flags) if the used library was
>          compiled with kerberos support and if the tls module was compiled with the
>          same setting (or else we won't be able to enable the kerberos bug
>          workarround).
>      - more verbose start-up messages and errors
>      - warning fixes
>      - 2 new module parameters:
>         tls_disable_compression (default 0)
>         tls_force_run (default 0) -- will ignore the start-up sanity checks and
>          continue running even if the library version/options are different
>      References: openssl bugs #1468, #1467 & #1204 (http://rt.openssl.org)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=36cb8fa734fdd4558af6bb9b7764ae5c9300a7da
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Fri Jan 26 23:11:21 2007 +0000
> 
>     - workarround for openssl kerberos malloc bug:
>     openssl kerberos code in kssl.c uses libc malloc/free/calloc instead
>     of the OPENSSL* versions (set using CRYPTO_set_mem_functions()). In ser
>      ssl connections "move" between processes and so everything must be
>      allocated in shared mem. If the wrong malloc function are called ser
>      will eventually crash. This workarround tries to disable kerberos support
>      each time a new SSL structure is created. For this fix to work is important
>      to either use statically linked openssl or re-compile ser on the target
>      machine (if openssl is linked dynamically then it must use the same
>      compilation options as the machine on which ser is compiled).
>     Bug reporterd by Atle Samuelsen <clona at cyberhouse.no>.
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7f8edfa7f46e9507f9519efbe5276f9402379277
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Fri Jan 26 19:56:49 2007 +0000
> 
>     - typo fix: don't attempt to apply the compression fix workarround if no
>      zlib compression was found
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=a558c65ed7b66b3f5f15f985a4f87ec013f7dd75
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Jan 24 18:01:54 2007 +0000
> 
>     - tls fix: set openssl locking functions (should be stable even under high
>      load, lost of connections, and multi-cpu machines)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b2aa9fd79cb25bec9ad0c2ed95156d4466894c91
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Jan 17 20:24:05 2007 +0000
> 
>     - timeouts fixed (all the tcp timeouts use now ticks and not seconds)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ba83663c64dd7b034198e44abf6b26a584668d13
> Author: Jan Janak <jan at iptel.org>
> Date:   Wed Jan 17 10:39:09 2007 +0000
> 
>     - The config file parser did not always return proper
>       variable value
>       closes SER-206
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=2810f7a01ac3b32ad9ac032ea0abebd2c4472c24
> Author: Miklos Tirpak <miklos at iptel.org>
> Date:   Mon Nov 27 13:55:51 2006 +0000
> 
>     @tls.peer.verified did not set the result buffer
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c69b8d9824b1b337ce23bd64a915e398bb0cb1e2
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Nov 24 07:37:28 2006 +0000
> 
>     - fixed wrong comparison values, reported by Klaus Darilion
>       closes SER-108
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b5c9bd68c59b4161861ab47b58756fe584338e93
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Nov 15 19:55:13 2006 +0000
> 
>     - tls init updated to the new get_max_procs() use (not allowed from
>      mod_init())
>     - tls-core.patch updated to the latest tcp changes
>     - lots of warnings and/or small errors fixed
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=14b8a300f2b5fbf453211ec1586260f7281569ef
> Author: Jan Halla <hallik at iptel.org>
> Date:   Sat Nov 4 01:44:34 2006 +0000
> 
>     tls-core.patch updated to be useable with current SER CVS HEAD
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=079850e2baf520a7761393eef5de0e11463e1508
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Tue Sep 19 16:13:27 2006 +0000
> 
>     - applied patch from  Dragos Vingarzan <vingarzan at fokus.fraunhofer.de> which
>      moves all the forking part into 2 functions in pt.c (fork_process and
>       fork_tcp_process).
>     - added PROC_NOCHLDINIT rank value for Dragos's fork_process (if this
>      value is used as child_id/rank_value the mod_child functions will not be
>       called)
>     - added register_procs(processes_no), used from mod_init when a module
>      knows that it will fork some children (replaces the old process_count++
>       / the patch's estimated_process_count++)
>     - added get_max_procs(): returns the maximum (estimated) number of
>       processes
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e618d0eac5cde5075a8ae45d4296d1b109e184ad
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Mar 3 18:23:47 2006 +0000
> 
>     - deallocate lock only if it was really allocated
>     - implemented tls.init (lists all existing TLS connections)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=31c1662eabbf14d821b58a0dd69398e21edaad8b
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Mar 3 15:52:11 2006 +0000
> 
>     - fixed file comments
>     - added missing defines in header files
>     - added missing Id tags
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=742653f8b55e7d61d1ed285729e252ccb1576774
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Mar 3 12:35:41 2006 +0000
> 
>     - fixed get_ssl (TCP extra data contains pointer to a different structure)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5303a643873d3c84a40643d42689e28ca7efb5c6
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Mar 3 12:26:07 2006 +0000
> 
>     - make sure tls modparams do not overview defaults for the external
>       configuration file
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c71c178e4f4d0986710ddc1d67ccea1a88fdc7c3
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Mar 3 12:23:44 2006 +0000
> 
>     - a couple of typos fixed
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=331ddcfa230b13440a637acbe08243179a200af1
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Mar 3 12:22:01 2006 +0000
> 
>     - minor beautification
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c4417073d3e7d5f2f9278e10d4981111b1189d45
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Mar 3 12:20:45 2006 +0000
> 
>     - Example configuration file for tls module
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=38a664796dcbb2a93988b62cadb3bea17b5fca0b
> Author: Jan Janak <jan at iptel.org>
> Date:   Fri Mar 3 11:26:53 2006 +0000
> 
>     - Support for external TLS configuration file
>     - support for relative path names (CFG_DIR will be added automaticaly)
>     - Support for run-time configuration re-load
>     - tls.reload management command implemented
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=88e8426ecd331c7800dec81ed7b083b67b79928a
> Author: Jan Janak <jan at iptel.org>
> Date:   Wed Feb 22 23:41:17 2006 +0000
> 
>     - fixed wrong comment
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f1eadbe56eeb07297ca78c1e79706fdae699faff
> Author: Jan Janak <jan at iptel.org>
> Date:   Wed Feb 22 23:37:19 2006 +0000
> 
>     - TLS configuration file parser (not yet integrated
>       with rest of tls module)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ca552cbb63e2f6922d842ae4b71f6a14e1368fbf
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Feb 22 13:34:00 2006 +0000
> 
>     - by default don't require a certificate
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f875827d43d8949029e19e2623eca51576075204
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Feb 22 13:10:27 2006 +0000
> 
>     - by default don't verify any certs (server or client)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e6526a6476cca38d4f3117f4e83cd3a30e7e3d11
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Wed Feb 22 13:00:36 2006 +0000
> 
>     - applied Klaus Darilion patches (closes SER-98):
>         - updated tls-core.patch
>         - allow configuration of the default TLS-client-domain
>         - more TLS logging during TLS initalisation and when TLS verification fails
>         - use TLSv1 as default method
>         - debian build: libradius-ng-dev as another alternative to the various
>            libradius*
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ddfc8f351db3862baf52244603b62d6537d26221
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date:   Mon Feb 20 23:31:18 2006 +0000
> 
>     - log message fix for tls_connect (s/dst/src)
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b0eb2c7dd892c56c7ac467ae2be9a6cf3c63ce50
> Author: Jan Janak <jan at iptel.org>
> Date:   Mon Jan 30 16:05:39 2006 +0000
> 
>     - fixed @tls.cipher.bits
>     - noisy error turned into debugging message
> 
> URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=dd0647fba0c40716f407a5618b584a5b2b768231
> Author: Jan Janak <jan at iptel.org>
> Date:   Sat Jan 28 12:34:31 2006 +0000
> 
>     Preliminary TLS module (requires core patch which is attached),
>     the module contains:
>     - Many bugfixes and better implementation of tls_write and tls_read
>       by Andrei
>     - openssl compression fix by Andrei
>     - extended tls multi-domain support (most parameters can be configured
>       to different values in different domains)
>     - support for outgoing domains (not complete)
>     - support for certificate based authentication through selects
>       ( if @tls.peer == "Bob") ...
>     - the tls code is merge of experimental/tls and Andrei's tls to get
>       best of both
> 
> 
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev



More information about the sr-dev mailing list