[SR-Dev] New commits on branch master
Jan Janak
jan at iptel.org
Thu Mar 26 14:54:18 CET 2009
The is the TLS module from SER, I am going to merge few things from k. tlsops
module and the tls implementation and then this module can replace k. tlsops
Jan.
On 26-03 14:51, Jan Janak wrote:
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=29b0138a7ce09cab1024e25ac457cb8915a973da
> Author: Jan Janak <jan at iptel.org>
> Date: Thu Mar 26 14:49:36 2009 +0100
>
> Replace TCP_BUF_SIZE with a cfg_get(..).
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f6eed41453b5942a3caa195200ba7272c6ebbc61
> Author: Jan Janak <jan at iptel.org>
> Date: Thu Mar 26 14:45:40 2009 +0100
>
> Remove shm_str_dup function.
>
> This function is not being used anywhere in TLS module and conflicts
> with a function in ../../ut.h
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=371cb375504c4070da78e327112995b8d8d85788
> Author: Jan Janak <jan at iptel.org>
> Date: Thu Mar 26 14:33:39 2009 +0100
>
> Define SER_MOD_INTERFACE in Makefile.
>
> This patch adds -DSER_MOD_INTERFACE to the modules Makefile, this
> is needed to make ser modules compile with the sip router core.
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=91e9758df21927394241b022fe6d67e5f44c1822
> Merge: fc9cfc98af91092de9e12533c255778080b045dd 3018841f0fdc23caa5e8155a5b16bc1904616505
> Author: Jan Janak <jan at iptel.org>
> Date: Thu Mar 26 14:23:27 2009 +0100
>
> Merge ser tls module into the sip-router repository
>
> * commit 'ser/modules/tls': (50 commits)
> - a set of minimalistic config files for testing purposes
> - tls module todo
> - default key and certificate names changed to ser-selfsigned*
> - updated to the latest changes in the cfg parser
> - Use the new configuration file parser
> - fixed includes (rm malloc.h) due to portability problems
> - shm_str_dup and shm_asciiz_dup set the destination buffer to NULL if
> - Convert all relative pathnames of files to absolute with
> - modified function get_pathname to return path relative to the
> - support for setting the source address in tcp_send() and tcpconn_get()
> - updated all the child_init users to ignore or treat specially the
> - added low_mem_threshold1 & low_mem_threshold2 (the ammount of free memory
> - tls: tls_update_fd improvement - use SSL_set_fd only when the connection is
> - workaround for openssl bug #1491 (multiple problems on low memory): tls
> - malloc debugging for openssl and random malloc null returns turened off
> - added tls module documentation (not yet complete, still missing select, rpc and better tls.cfg description).
> - make tar doesn't exclude tls*, but instead tls/*
> - call tls_shutdown() only if tls_set_fd() was succesfull
> - tls: openssl kerberos malloc bug (# 1467) fixed on cvs (0.9.8e-dev and 0.9.9-dev), so add extra checks for enabling the workarround (which disables kerberos) only when necessary: if openssl compiled with kerberos support, and openssl < 0.9.8e-beta1 or openssl between 0.9.9-dev and 0.9.9-beta1 apply workarround.
> - tls-core.patch removed (no longer necessary)
> ...
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=3018841f0fdc23caa5e8155a5b16bc1904616505
> Author: Jan Janak <jan at iptel.org>
> Date: Thu Jun 26 15:43:26 2008 +0000
>
> - a set of minimalistic config files for testing purposes
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=44fc09b81a4a3b6954d629efa68e40035553417d
> Author: Jan Janak <jan at iptel.org>
> Date: Thu Jun 26 11:49:22 2008 +0000
>
> - tls module todo
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=82b840c785181a3fe7c41eceb1df8c39bbe4491f
> Author: Jan Janak <jan at iptel.org>
> Date: Mon Jun 23 17:48:40 2008 +0000
>
> - default key and certificate names changed to ser-selfsigned*
> - added ser_certs.sh
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=bb718b6a6d3a1342b82b2e2fa722031378c44b7f
> Author: Jan Janak <jan at iptel.org>
> Date: Thu Jun 12 16:02:04 2008 +0000
>
> - updated to the latest changes in the cfg parser
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d037bb9db03ceb56382cd86b68478c225dddeb51
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Jun 6 00:03:06 2008 +0000
>
> - Use the new configuration file parser
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=87db435927622735ced93272d97ebc93730c6063
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Sun Mar 2 16:09:28 2008 +0000
>
> - fixed includes (rm malloc.h) due to portability problems
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b717dfd11b7e22c36874f2854544014d8df287c8
> Author: Jan Janak <jan at iptel.org>
> Date: Mon Feb 11 12:39:49 2008 +0000
>
> - shm_str_dup and shm_asciiz_dup set the destination buffer to NULL if
> the source is NULL too
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d128c59d5f860e9a41e4836499754983f921965a
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Feb 8 05:38:39 2008 +0000
>
> - Convert all relative pathnames of files to absolute with
> respect to the main SER configuration file (the external
> TLS config file and modparams) or the TLS config file
> (file included from there).
> - Use get_abs_pathname from sip_router/ut.c instead of the
> local function get_pathname
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=aa4ac2d8a67ff69ac57e05b9c3199cccad4c71bd
> Author: Jan Janak <jan at iptel.org>
> Date: Tue Feb 5 08:27:42 2008 +0000
>
> - modified function get_pathname to return path relative to the
> path of the main SER configuration file if it does not start
> with /, this is much more sensible then just pre-pending CFG_DIR,
> it is possible to write modparam("tls", "config", "tls.cfg")
> and still control the location of the configuration files using
> -f cmd line option
> - the function now returns result allocated with malloc, not
> pkg_malloc
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=878bda92133b683add6ea33ad8df70867513d989
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Aug 1 00:05:40 2007 +0000
>
> - support for setting the source address in tcp_send() and tcpconn_get()
> (should allow for a better tcp force_send_socket() in the future)
> - add multiple aliases for each connection, to cover all the search
> possiblities: (dst_ip, dst_port), (local_ip, dst_ip, dst_port),
> (local_ip, local_port, dst_ip, dst_port).
> - improved connection hash function
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=30b49d1717fe69a93d4a8b4e3204b5f4a4c12044
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Thu Jun 7 21:46:56 2007 +0000
>
> - updated all the child_init users to ignore or treat specially the
> PROC_INIT rank
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=66fff017aa5041a7b17f7d97a79eb1f3b3a3be07
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Feb 28 01:38:47 2007 +0000
>
> - added low_mem_threshold1 & low_mem_threshold2 (the ammount of free memory
> from which tls operations will start to fail preemptively is now configurable;
> by default the value depends on the number of processes)
> - doc update
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=30e67c4f345021f4544442ccf672eb38110381e7
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Mon Feb 26 23:32:29 2007 +0000
>
> - tls: tls_update_fd improvement - use SSL_set_fd only when the connection is
> not fully init. and SSL_get_*bio/BIO_set_fd in the other cases (much faster
> and avoids SSL_mallocs).
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=433e68963684d786b4e765c6ac21fcefeb7bd4cf
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Fri Feb 23 23:24:32 2007 +0000
>
> - workaround for openssl bug #1491 (multiple problems on low memory): tls
> functions will preemptively fail if the available memory drops under a
> certain treshold (for now a very conservative value based on the maximum
> possible number of simultaneously executing connects/accepts - expect
> something >= 20MB, depending on the number of processes)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=3d980a8e309d7f2da71cb81dd13147190894486f
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Feb 21 20:29:04 2007 +0000
>
> - malloc debugging for openssl and random malloc null returns turened off
> (I've commited this yesterday by mistake)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=32e4977cdb9c1c9ca24c140a493934f1d2e19fa1
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Feb 21 00:54:44 2007 +0000
>
> - added tls module documentation (not yet complete, still missing select, rpc and better tls.cfg description).
>
> Test case: try to read the generated README and see if it makes sense and you uderstand at least 88,73% from it. Prerequisites: well rested and a blood alcohol level within legal driving limits. WARNING: known to induce strong drowsiness.
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0e4d732dbde5828f54dbffb72c580997a8c80d4b
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Tue Feb 20 19:41:14 2007 +0000
>
> - make tar doesn't exclude tls*, but instead tls/*
> - don't append -tls to the version number unless CORE_TLS is used
> (there's enough information in the flags to see if support for the tls
> modules is enabled)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5777d8667fa0177052d9455aad1c072c15eece06
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Fri Feb 16 21:43:17 2007 +0000
>
> - call tls_shutdown() only if tls_set_fd() was succesfull
> (fixes a tricky bug that can appear on low memory conditions)A
> - tls_dump_cert_info takes into account the possibility of a failing
> X609_NAME_oneline() (can happen on low memory)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=560a42b6cbe70fa56f3003730587ed0961e83d4f
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Tue Feb 13 13:22:57 2007 +0000
>
> - tls: openssl kerberos malloc bug (# 1467) fixed on cvs (0.9.8e-dev and 0.9.9-dev), so add extra checks for enabling the workarround (which disables kerberos) only when necessary: if openssl compiled with kerberos support, and openssl < 0.9.8e-beta1 or openssl between 0.9.9-dev and 0.9.9-beta1 apply workarround.
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c9557b130abd433b0f11fa523db261419de0b194
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Sat Feb 10 19:02:56 2007 +0000
>
> - tls-core.patch removed (no longer necessary)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6a8994c40bfba566177145e109f58c5ce6d396b5
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Sat Feb 10 19:02:04 2007 +0000
>
> - use the new tls hooks api (the core patch is no longer necessary)
> - renamed some of tls_.* functions to tls_h_.* to avoid name conflicts with
> the core
> - fixed shutdown tls before tcp bug (if ser was stopped while tls connections
> were still active, the tls module was destroyed before tcp => crash when
> tcp tried to close the tls connections). Now all the destroy operation
> are moved into the new destroy_tls hook and the module destroy function is
> empty.
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=dd750880feaff5d8741335d34449a06a65cb4fc1
> Author: Jan Janak <jan at iptel.org>
> Date: Mon Feb 5 10:20:54 2007 +0000
>
> - added missing header files to make tls module compile on FreeBSD
> reported by Atle Samuelsen
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c20ee398fe841bcc7cbe78c4dd89178cb9bcc362
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Fri Feb 2 15:17:52 2007 +0000
>
> - fixed missing warning quotes (problem with older compilers)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=fc660aae7db24b34ba98ddcaaef98db40840866e
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Thu Feb 1 04:24:06 2007 +0000
>
> - openssl compression bug detect/workaround enabled at runtime
> (if zlib compression is detected, we replace openssl version with ours).
> The previous version had this fix but it was enabled only at compile-time.
> - SSL_OP_TLS_BLOCK_PADDING_BUG option disabled if
> 0.9.8 <= openssl < 0.9.8c and compresion is used (check at runtime)
> - more start-up sanity checks:
> - check if openssl used library version is close enough to the
> library with which the tls module was compiled (header files)
> For now it checks for the same major, minor and fix level
> (e.g. 0.9.8a && 0.9.8c are ok, 0.9.7b and 0.9.8a are not)
> - try to auto-detect (using the compile flags) if the used library was
> compiled with kerberos support and if the tls module was compiled with the
> same setting (or else we won't be able to enable the kerberos bug
> workarround).
> - more verbose start-up messages and errors
> - warning fixes
> - 2 new module parameters:
> tls_disable_compression (default 0)
> tls_force_run (default 0) -- will ignore the start-up sanity checks and
> continue running even if the library version/options are different
> References: openssl bugs #1468, #1467 & #1204 (http://rt.openssl.org)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=36cb8fa734fdd4558af6bb9b7764ae5c9300a7da
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Fri Jan 26 23:11:21 2007 +0000
>
> - workarround for openssl kerberos malloc bug:
> openssl kerberos code in kssl.c uses libc malloc/free/calloc instead
> of the OPENSSL* versions (set using CRYPTO_set_mem_functions()). In ser
> ssl connections "move" between processes and so everything must be
> allocated in shared mem. If the wrong malloc function are called ser
> will eventually crash. This workarround tries to disable kerberos support
> each time a new SSL structure is created. For this fix to work is important
> to either use statically linked openssl or re-compile ser on the target
> machine (if openssl is linked dynamically then it must use the same
> compilation options as the machine on which ser is compiled).
> Bug reporterd by Atle Samuelsen <clona at cyberhouse.no>.
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7f8edfa7f46e9507f9519efbe5276f9402379277
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Fri Jan 26 19:56:49 2007 +0000
>
> - typo fix: don't attempt to apply the compression fix workarround if no
> zlib compression was found
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=a558c65ed7b66b3f5f15f985a4f87ec013f7dd75
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Jan 24 18:01:54 2007 +0000
>
> - tls fix: set openssl locking functions (should be stable even under high
> load, lost of connections, and multi-cpu machines)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b2aa9fd79cb25bec9ad0c2ed95156d4466894c91
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Jan 17 20:24:05 2007 +0000
>
> - timeouts fixed (all the tcp timeouts use now ticks and not seconds)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ba83663c64dd7b034198e44abf6b26a584668d13
> Author: Jan Janak <jan at iptel.org>
> Date: Wed Jan 17 10:39:09 2007 +0000
>
> - The config file parser did not always return proper
> variable value
> closes SER-206
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=2810f7a01ac3b32ad9ac032ea0abebd2c4472c24
> Author: Miklos Tirpak <miklos at iptel.org>
> Date: Mon Nov 27 13:55:51 2006 +0000
>
> @tls.peer.verified did not set the result buffer
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c69b8d9824b1b337ce23bd64a915e398bb0cb1e2
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Nov 24 07:37:28 2006 +0000
>
> - fixed wrong comparison values, reported by Klaus Darilion
> closes SER-108
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b5c9bd68c59b4161861ab47b58756fe584338e93
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Nov 15 19:55:13 2006 +0000
>
> - tls init updated to the new get_max_procs() use (not allowed from
> mod_init())
> - tls-core.patch updated to the latest tcp changes
> - lots of warnings and/or small errors fixed
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=14b8a300f2b5fbf453211ec1586260f7281569ef
> Author: Jan Halla <hallik at iptel.org>
> Date: Sat Nov 4 01:44:34 2006 +0000
>
> tls-core.patch updated to be useable with current SER CVS HEAD
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=079850e2baf520a7761393eef5de0e11463e1508
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Tue Sep 19 16:13:27 2006 +0000
>
> - applied patch from Dragos Vingarzan <vingarzan at fokus.fraunhofer.de> which
> moves all the forking part into 2 functions in pt.c (fork_process and
> fork_tcp_process).
> - added PROC_NOCHLDINIT rank value for Dragos's fork_process (if this
> value is used as child_id/rank_value the mod_child functions will not be
> called)
> - added register_procs(processes_no), used from mod_init when a module
> knows that it will fork some children (replaces the old process_count++
> / the patch's estimated_process_count++)
> - added get_max_procs(): returns the maximum (estimated) number of
> processes
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e618d0eac5cde5075a8ae45d4296d1b109e184ad
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Mar 3 18:23:47 2006 +0000
>
> - deallocate lock only if it was really allocated
> - implemented tls.init (lists all existing TLS connections)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=31c1662eabbf14d821b58a0dd69398e21edaad8b
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Mar 3 15:52:11 2006 +0000
>
> - fixed file comments
> - added missing defines in header files
> - added missing Id tags
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=742653f8b55e7d61d1ed285729e252ccb1576774
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Mar 3 12:35:41 2006 +0000
>
> - fixed get_ssl (TCP extra data contains pointer to a different structure)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5303a643873d3c84a40643d42689e28ca7efb5c6
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Mar 3 12:26:07 2006 +0000
>
> - make sure tls modparams do not overview defaults for the external
> configuration file
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c71c178e4f4d0986710ddc1d67ccea1a88fdc7c3
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Mar 3 12:23:44 2006 +0000
>
> - a couple of typos fixed
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=331ddcfa230b13440a637acbe08243179a200af1
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Mar 3 12:22:01 2006 +0000
>
> - minor beautification
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c4417073d3e7d5f2f9278e10d4981111b1189d45
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Mar 3 12:20:45 2006 +0000
>
> - Example configuration file for tls module
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=38a664796dcbb2a93988b62cadb3bea17b5fca0b
> Author: Jan Janak <jan at iptel.org>
> Date: Fri Mar 3 11:26:53 2006 +0000
>
> - Support for external TLS configuration file
> - support for relative path names (CFG_DIR will be added automaticaly)
> - Support for run-time configuration re-load
> - tls.reload management command implemented
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=88e8426ecd331c7800dec81ed7b083b67b79928a
> Author: Jan Janak <jan at iptel.org>
> Date: Wed Feb 22 23:41:17 2006 +0000
>
> - fixed wrong comment
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f1eadbe56eeb07297ca78c1e79706fdae699faff
> Author: Jan Janak <jan at iptel.org>
> Date: Wed Feb 22 23:37:19 2006 +0000
>
> - TLS configuration file parser (not yet integrated
> with rest of tls module)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ca552cbb63e2f6922d842ae4b71f6a14e1368fbf
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Feb 22 13:34:00 2006 +0000
>
> - by default don't require a certificate
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f875827d43d8949029e19e2623eca51576075204
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Feb 22 13:10:27 2006 +0000
>
> - by default don't verify any certs (server or client)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e6526a6476cca38d4f3117f4e83cd3a30e7e3d11
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Wed Feb 22 13:00:36 2006 +0000
>
> - applied Klaus Darilion patches (closes SER-98):
> - updated tls-core.patch
> - allow configuration of the default TLS-client-domain
> - more TLS logging during TLS initalisation and when TLS verification fails
> - use TLSv1 as default method
> - debian build: libradius-ng-dev as another alternative to the various
> libradius*
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ddfc8f351db3862baf52244603b62d6537d26221
> Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
> Date: Mon Feb 20 23:31:18 2006 +0000
>
> - log message fix for tls_connect (s/dst/src)
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b0eb2c7dd892c56c7ac467ae2be9a6cf3c63ce50
> Author: Jan Janak <jan at iptel.org>
> Date: Mon Jan 30 16:05:39 2006 +0000
>
> - fixed @tls.cipher.bits
> - noisy error turned into debugging message
>
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=dd0647fba0c40716f407a5618b584a5b2b768231
> Author: Jan Janak <jan at iptel.org>
> Date: Sat Jan 28 12:34:31 2006 +0000
>
> Preliminary TLS module (requires core patch which is attached),
> the module contains:
> - Many bugfixes and better implementation of tls_write and tls_read
> by Andrei
> - openssl compression fix by Andrei
> - extended tls multi-domain support (most parameters can be configured
> to different values in different domains)
> - support for outgoing domains (not complete)
> - support for certificate based authentication through selects
> ( if @tls.peer == "Bob") ...
> - the tls code is merge of experimental/tls and Andrei's tls to get
> best of both
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
More information about the sr-dev
mailing list