[sr-dev] git:master:f37344dd: tls: added server_name to module parameters
Daniel-Constantin Mierla
miconda at gmail.com
Tue Feb 17 14:11:22 CET 2015
Module: kamailio
Branch: master
Commit: f37344dddf53514e35a3d8c0e2d47c0672a80825
URL: https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c0672a80825
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2015-02-17T14:11:07+01:00
tls: added server_name to module parameters
- not that useful in the case of defining a single set of tls
attributes, but has to be coherent with the config options
---
Modified: modules/tls/tls_cfg.c
Modified: modules/tls/tls_cfg.h
Modified: modules/tls/tls_mod.c
---
Diff: https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c0672a80825.diff
Patch: https://github.com/kamailio/kamailio/commit/f37344dddf53514e35a3d8c0e2d47c0672a80825.patch
---
diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c
index d6e1048..fd3b950 100644
--- a/modules/tls/tls_cfg.c
+++ b/modules/tls/tls_cfg.c
@@ -35,6 +35,7 @@
struct cfg_group_tls default_tls_cfg = {
0, /* tls_force_run */
STR_STATIC_INIT("TLSv1"), /* method */
+ STR_NULL, /* server name (sni) */
0, /* verify_certificate */
9, /* verify_depth */
0, /* require_certificate */
@@ -138,7 +139,9 @@ cfg_def_t tls_cfg_def[] = {
{"force_run", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
"force loading the tls module even when initial sanity checks fail"},
{"method", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
- "TLS method used (TLSv1, SSLv3, SSLv2, SSLv23)"},
+ "TLS method used (TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23)"},
+ {"server_name", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+ "Server name (SNI)"},
{"verify_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
"if enabled the certificates will be verified" },
{"verify_depth", CFG_VAR_INT | CFG_READONLY, 0, 100, 0, 0,
diff --git a/modules/tls/tls_cfg.h b/modules/tls/tls_cfg.h
index 2768f0b..36cb662 100644
--- a/modules/tls/tls_cfg.h
+++ b/modules/tls/tls_cfg.h
@@ -41,6 +41,7 @@
struct cfg_group_tls {
int force_run;
str method;
+ str server_name;
int verify_cert;
int verify_depth;
int require_cert;
diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c
index b02e1a1..ed8ac01 100644
--- a/modules/tls/tls_mod.c
+++ b/modules/tls/tls_mod.c
@@ -99,6 +99,7 @@ static tls_domain_t mod_params = {
{0, }, /* Cipher list */
TLS_USE_TLSv1, /* TLS method */
STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */
+ {0, 0}, /* Server name (SNI) */
0 /* next */
};
@@ -120,6 +121,7 @@ tls_domain_t srv_defaults = {
{0, 0}, /* Cipher list */
TLS_USE_TLSv1, /* TLS method */
STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */
+ {0, 0}, /* Server name (SNI) */
0 /* next */
};
@@ -141,6 +143,7 @@ tls_domain_t cli_defaults = {
{0, 0}, /* Cipher list */
TLS_USE_TLSv1, /* TLS method */
{0, 0}, /* Certificate revocation list */
+ {0, 0}, /* Server name (SNI) */
0 /* next */
};
@@ -170,6 +173,7 @@ static cmd_export_t cmds[] = {
*/
static param_export_t params[] = {
{"tls_method", PARAM_STR, &default_tls_cfg.method },
+ {"server_name", PARAM_STR, &default_tls_cfg.server_name },
{"verify_certificate", PARAM_INT, &default_tls_cfg.verify_cert },
{"verify_depth", PARAM_INT, &default_tls_cfg.verify_depth },
{"require_certificate", PARAM_INT, &default_tls_cfg.require_cert },
@@ -307,6 +311,7 @@ static int mod_init(void)
mod_params.crl_file = cfg_get(tls, tls_cfg, crl);
mod_params.cert_file = cfg_get(tls, tls_cfg, certificate);
mod_params.cipher_list = cfg_get(tls, tls_cfg, cipher_list);
+ mod_params.server_name = cfg_get(tls, tls_cfg, server_name);
tls_domains_cfg =
(tls_domains_cfg_t**)shm_malloc(sizeof(tls_domains_cfg_t*));
More information about the sr-dev
mailing list