[sr-dev] [PATCH]Certificate revocation list support in TLS plugin

Daniel-Constantin Mierla miconda at gmail.com
Mon Sep 6 11:53:20 CEST 2010 

  please add it to the tracker, otherwise it may get lost in mailing list:
http://sip-router.org/tracker/

Thanks,
Daniel

On 9/3/10 1:16 PM, Klaus Darilion wrote:
>
>
> Am 03.09.2010 10:25, schrieb Couprie Geoffroy:
>> Hello,
>>
>> Here is a patch to use certificate revocation lists in the TLS plugin.
>> It applies cleanly to Kamailio 3.0.2 and 3.0.3 (I didn't test 3.1). The
>> paths in the patches are not right because I can't use Git here. Is
>> there a Git repository of Kamailio accessible from http somewhere?
>>
>> About the patch itself: the certification revocation list is loaded from
>> a file by the "crl" option, like the CA list. I didn't try to concatene
>> multiple revocation lists like the CA lists, but it should work.
>>
>> I'll soon send another patch to support reloading the list without
>> resarting the server. If i understood the code, I have to send the
>> command through a FIFO, like kamctl? Can I take inspiration in the
>> lcr_reload or dp_reload functions, or is there a better code somewhere?
>
> I usually use the ser_cmd tool. There is already support for RPC in 
> tls module, probably it would be best to reload the CRL when reloading 
> the whole tls config and separately.  See current TLS RPCs:
> http://sip-router.org/docbook/sip-router/branch/master/rpc_list/rpc_list.html#rpc_exports.tls 
>
>
> regards
> klaus
>
>>
>> Best regards,
>>
>> Geoffroy
>>
>>
>> ------------------------------------------------------------------------
>>
>> Ce message et les pièces jointes sont confidentiels et réservés à
>> l'usage exclusif de ses destinataires. Il peut également être protégé
>> par le secret professionnel. Si vous recevez ce message par erreur,
>> merci d'en avertir immédiatement l'expéditeur et de le détruire.
>> L'intégrité du message ne pouvant être assurée sur Internet, la
>> responsabilité du groupe Atos Origin ne pourra être recherchée quant au
>> contenu de ce message. Bien que les meilleurs efforts soient faits pour
>> maintenir cette transmission exempte de tout virus, l'expéditeur ne
>> donne aucune garantie à cet égard et sa responsabilité ne saurait être
>> recherchée pour tout dommage résultant d'un virus transmis.
>>
>> This e-mail and the documents attached are confidential and intended
>> solely for the addressee; it may also be privileged. If you receive this
>> e-mail in error, please notify the sender immediately and destroy it. As
>> its integrity cannot be secured on the Internet, the Atos Origin group
>> liability cannot be triggered for the message content. Although the
>> sender endeavours to maintain a computer virus-free network, the sender
>> does not warrant that this transmission is virus-free and will not be
>> liable for any damages resulting from any virus transmitted.
>>
>>
>>
>> _______________________________________________
>> sr-dev mailing list
>> sr-dev at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

-- 
Daniel-Constantin Mierla
http://www.asipto.com

More information about the sr-dev mailing list