[sr-dev] git:master:a0b6b3ab: tls: small updates to tls config
Daniel-Constantin Mierla
miconda at gmail.com
Tue Feb 13 08:41:58 CET 2018
Module: kamailio
Branch: master
Commit: a0b6b3abe1beab33e11a52ff601c9cc50f7e2d56
URL: https://github.com/kamailio/kamailio/commit/a0b6b3abe1beab33e11a52ff601c9cc50f7e2d56
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2018-02-13T08:41:13+01:00
tls: small updates to tls config
---
Modified: src/modules/tls/tls.cfg
---
Diff: https://github.com/kamailio/kamailio/commit/a0b6b3abe1beab33e11a52ff601c9cc50f7e2d56.diff
Patch: https://github.com/kamailio/kamailio/commit/a0b6b3abe1beab33e11a52ff601c9cc50f7e2d56.patch
---
diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg
index 102990b421..c1a08f6759 100644
--- a/src/modules/tls/tls.cfg
+++ b/src/modules/tls/tls.cfg
@@ -17,8 +17,8 @@ verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
-#ca_list = ./modules/tls/cacert.pem
-#crl = ./modules/tls/crl.pem
+#ca_list = /usr/local/etc/kamailio/tls/cacert.pem
+#crl = /usr/local/etc/kamailio/tls/crl.pem
# This is the default client domain, settings
# in this domain will be used for all outgoing
@@ -27,6 +27,7 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
# We require that servers present valid certificate.
#
[client:default]
+#method = TLSv1
verify_certificate = yes
require_certificate = yes
@@ -39,25 +40,25 @@ require_certificate = yes
# interface.
#
#[server:127.0.0.1:5061]
-#method = SSLv23
+#method = TLSv1
#verify_certificate = yes
#require_certificate = no
-#private_key = ./modules/tls/local_key.pem
-#certificate = ./modules/tls/local_cert.pem
+#private_key = /usr/local/etc/kamailio/tls/local_key.pem
+#certificate = /usr/local/etc/kamailio/tls/local_cert.pem
#verify_depth = 3
#ca_list = local_ca.pem
#crl = local_crl.pem
-# Special settings for the iptel.org public SIP
+# Special settings for the example.sip (1.2.3.4) public SIP
# server. We do not verify the certificate of the
# server because it can be expired. The server
# implements authentication using SSL client
# certificates so configure the client certificate
# that was given to use by iptel.org staff here.
#
-#[client:195.37.77.101:5061]
+#[client:1.2.3.4:5061]
#verify_certificate = no
-#certificate = ./modules/tls/iptel_client.pem
-#private_key = ./modules/tls/iptel_key.pem
-#ca_list = ./modules/tls/iptel_ca.pem
-#crl = ./modules/tls/iptel_crl.pem
+#certificate = /usr/local/etc/kamailio/tls/example_client.pem
+#private_key = /usr/local/etc/kamailio/tls/example_key.pem
+#ca_list = /usr/local/etc/kamailio/tls/example_ca.pem
+#crl = /usr/local/etc/kamailio/tls/example_crl.pem
More information about the sr-dev
mailing list