[sr-dev] [kamailio] feature request: sample config for federation / peering with repro (#531)
Daniel Pocock
notifications at github.com
Sun Mar 6 17:14:38 CET 2016
Which example? In the modules/tls directory I saw these:
https://github.com/kamailio/kamailio/blob/master/modules/tls/sip-router-tls.cfg
https://github.com/kamailio/kamailio/blob/master/modules/tls/tls.cfg
and they are very brief. Is there a more complete example somewhere else showing how to verify the client certificate ```subjectAltName``` or ```CN``` matches the ```From``` header of an incoming request?
In the manual:
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.quick_start
- this quick start section is very brief
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.p.tls_method
- ```tls_method``` documentation isn't clear. ```SSLv23_method``` is actually a very good default and does not actually enable SSL 3.0 or below unless those are explicitly compiled into OpenSSL. This should really be emphasized.
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.p.require_certificate
http://kamailio.org/docs/modules/4.3.x/modules/tls.html#tls.f.is_peer_verfied
- ```require_certificate``` and ```is_peer_verified``` are explained very briefly. Should ```is_peer_verified``` take an argument perhaps, to verify that the peer is verified for a specific URI or domain?
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/531#issuecomment-192922193
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20160306/8c0333ac/attachment.html>
More information about the sr-dev
mailing list