[sr-dev] TLS docs

[Olle E. Johansson]

10 okt 2009 kl. 20.17 skrev Jan Janak:

> On Sat, Oct 10, 2009 at 3:39 PM, Olle E. Johansson <oej at edvina.net>  
> wrote:
>>>>> Currently yes. It is on my todo list to extend the configuration  
>>>>> file
>>>>> syntax to also support server names, but I am not there yet.
>>>>
>>>> I think this is something that can wait. The server name  
>>>> extension is
>>>> quite new in openssl (on by default since 1.0). I doubt there are  
>>>> many
>>>> clients supporting it and unless all or most your clients support  
>>>> it is
>>>
>>> It is also useful for server-to-server connections, there it allows
>>> you to select and present the correct certificate. Even if you  
>>> have no
>>> clients that support it, you might still want to use the server name
>>> extension for server-to-server connections.
>>
>> Well, to support the current proposal we should have a security  
>> association
>> on every TLS link between ourself and other servers, where we  
>> remember which
>> domain we verified for this link. We can't reuse this connection  
>> for other
>> links between ourself and the peer for other domains.
>
> Yes, exactly, there are issues like that with connection reuse. That's
> one of the reason why adding support for server name takes more than a
> trivial change of the TLS configuration file format.
Understood.
>
> Anyway, we have more issues in TLS related code to take care of, we
> won't be able to address them before the next release, but maybe we
> could make them priority for the over-next release.

Yes, right now we gotta focus on bug-fixing and getting ready for  
release,
which means fixing a LOT of documentation. There's tons of confusing old
files that need to be evaluated. We gotta look at our product with the  
eyes
of a new user as well as a current user that wants to upgrade, and fix  
documentation,
make it easy, cool and productive to select a sip-router distribution.

This propably means some changes to our web sites as well.

/O