[sr-dev] TLS docs

Jan Janak jan at ryngle.com
Sat Oct 10 14:31:52 CEST 2009 

On Sat, Oct 10, 2009 at 2:05 PM, Olle E. Johansson <oej at edvina.net> wrote:
>
> 10 okt 2009 kl. 14.04 skrev Jan Janak:
>
>> On Sat, Oct 10, 2009 at 1:58 PM, Olle E. Johansson <oej at edvina.net> wrote:
>>>
>>>  <title><varname>config</varname> (string)</title>
>>>       <para>
>>>               Sets the name of the TLS specific config file.
>>>       </para> ;
>>>       <para>
>>>               If set the TLS module will load a special config file, in
>>> which different TLS parameters can be specified on a per role (server or
>>> client) and domain basis (for now only IPs). The corresponding module
>>> parameters will be ignored.
>>>       </para>
>>>
>>>
>>> Is this still valid - that we only configure tls on IP?
>>
>> Currently yes. It is on my todo list to extend the configuration file
>> syntax to also support server names, but I am not there yet.
>
> And we're in code freeze...
>
>
> <para>
>                        This documentation is incomplete. The select
> framework and rpc sections are completely missing.
>                </para>
>
>
> Is this also on someone's list? Documentation is still open although code is
> frozen... ;-)

It is not on mine, so probably not :-). Documenting selects and RPCs
for TLS module would be very helpful if you have the time.

We have to RPC commands, tls.reload and tls.list. The command
tls.reload can be used to reload the TLS configuration file at
runtime. The command tls.list lists all active TLS connections, the
output of tls.list contains the following fields: id, timeout, src_ip,
src_port, dst_ip, dst_port, and tls (extra TLS information, such as
ciphers used).

The module supports both Kamailio TLS PVs and SER selects. They are
both implemented in file tls_select.c. That's where you can get the
list of currently implemented PVs.

The list of implemented TLS selects is here:

http://sip-router.org/wiki/cookbooks/selects/devel

look for selects starting with @tls. Note that there are aliases, so
@tls.peer.cn, @tls.peer.commonName, @tls.peer.common_name, and
@tls.peer.name all implement the same thing. I think we should
document just one variant, for example all names that use _ as
delimiter.

  Jan.

More information about the sr-dev mailing list