[sr-dev] git:master:b08df6d5: tls: updates to overview section

Thu Sep 27 12:21:00 CEST 2018

Module: kamailio
Branch: master
Commit: b08df6d531513ecf472f4642ddf180bffac46f58
URL: https://github.com/kamailio/kamailio/commit/b08df6d531513ecf472f4642ddf180bffac46f58

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2018-09-27T12:20:39+02:00

tls: updates to overview section

- GH #531

---

Modified: src/modules/tls/doc/functions.xml
Modified: src/modules/tls/doc/tls.xml

---

Diff:  https://github.com/kamailio/kamailio/commit/b08df6d531513ecf472f4642ddf180bffac46f58.diff
Patch: https://github.com/kamailio/kamailio/commit/b08df6d531513ecf472f4642ddf180bffac46f58.patch

---

diff --git a/src/modules/tls/doc/functions.xml b/src/modules/tls/doc/functions.xml
index 1f3116f26d..2a371de8f1 100644
--- a/src/modules/tls/doc/functions.xml
+++ b/src/modules/tls/doc/functions.xml
@@ -18,16 +18,18 @@
 		<title><function>is_peer_verified()</function></title>
 		<para>
 			Returns true if the connection on which the message was received
-			is TLS , the peer presented an X509 certificate and the
+			is TLS, the peer presented an X509 certificate and the
 			certificate chain verified ok.
+		</para>
+		<para>
 			It can be used only in a request route.
 		</para>
 		<example>
 			<title><function>is_peer_verified</function> usage</title>
 			<programlisting>
-	if (proto==TLS && !is_peer_verified()){
+	if (proto==TLS && !is_peer_verified()) {
 		sl_send_reply("400", "No certificate or verification failed");
-		drop;
+		exit;
 	}
 			</programlisting>
 		</example>
diff --git a/src/modules/tls/doc/tls.xml b/src/modules/tls/doc/tls.xml
index f5337baaf9..8147208f70 100644
--- a/src/modules/tls/doc/tls.xml
+++ b/src/modules/tls/doc/tls.xml
@@ -68,27 +68,41 @@
 	<section id="tls.quick_start">
 		<title>Quick Start</title>
 		<para>
-			Make sure you have a proper certificate and private key and either
-			use the <varname>certificate</varname> and <varname>private_key</varname>
-			module parameters, or make sure the certificate and key are in the same PEM file,
-			named <emphasis>cert.pem</emphasis> an placed in [your-cfg-install-prefix]/etc/kamailio/.
-			Don't forget to load the tls module and to enable TLS
-			(add <emphasis>enable_tls=yes</emphasis> to your config).
+		The default kamailio.cfg file has basic tls support included, it has to
+		be enabled with "#!define WITH_TLS" directive.
+		</para>
+		<para>
+		The most important parameters to set the path to the public certificate and private key
+		files. You can either have them in different file or in the same file in PEM format.
+		The parameters for them are <varname>certificate</varname> and <varname>private_key</varname>.
+		They can be given as modparam or or provided in the profiles of tls.cfg file.
+		</para>
+		<para>
+		When installing tls module of kamailio, a sample 'tls.cfg' file is deployed in the same
+		folder with 'kamailio.cfg', along with freshly generated self signed certificates.
+		</para>
+		<para>
+		HINT: be sure you have <emphasis>enable_tls=yes</emphasis> to your kamailio.cfg.
 		</para>
 		<example>
-		<title>Quick start config</title>
+		<title>Quick Start Basic Config</title>
 		<programlisting>
 #...
-loadmodule "modules/tls/tls.so"
+loadmodule "sl.so"
+loadmodule "tls.so"
 
-modparam("tls", "private_key", "./andrei-test.pem")
-modparam("tls", "certificate", "./andrei-test.pem")
+modparam("tls", "private_key", "./server-test.pem")
+modparam("tls", "certificate", "./server-test.pem")
 modparam("tls", "ca_list", "./calist.pem")
 
 enable_tls=yes
 
-route{
-	# ....
+request_route {
+	if(proto != TLS) {
+		sl_send_reply("403", "Accepting TLS Only");
+		exit;
+	}
+	...
 }
 		</programlisting>
 		</example>


