Patches item #1477147, was opened at 2006-04-26 21:35 Message generated for change (Settings changed) made by bogdan_iancu You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1477147&group_id=139143
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: core Group: ver devel >Status: Closed >Resolution: Accepted Priority: 5 Submitted By: Klaus Darilion (klaus_darilion) >Assigned to: Bogdan (bogdan_iancu) Summary: TLS client domains (name/socket based) and more config Initial Comment: Hi! I've extended the TLS stack. The changes does not actually change the TLS processing, but the TLS configuration and TLS initialization. This patch includes the features of the previous patch (http://sourceforge.net/tracker/index.php?func=detail&aid=1464264&group_id=139143&atid=743022) and allows more flexible configuration. Not extensive tested, but basic testing succeeded and as there are no "deep" TLS changes, it should be as stable as current version. Detailed changes: parameters: - parameter tls_require_certificate renamed to tls_require_client_certificate because it is more intuitive. - parameter tls_client_domain_avp added: allows activating of a certain TLS client domain via AVP. - TLS virtual domain configuration differs between server and clients domain internal: - also the default TLS client and server uses the tls_domain structure now. inside TLS code we have 4 domain lists: - tls_default_server_domain (this list has 1 entry) - tls_default_client_domain (this list has 1 entry) - tls_client_domains (this list has 0 or more entries) - tls_server_domains (this list has 0 or more entries) This allows configuring also the tls_cipher and tls_verify_* and tls_require_client_certificate on a per domain basis - 2-stage TLS initialization in main.c: before and after config file parsing - docs updated - default values for tls_handshake_timeout and tls_send_timeout changed from 120 seconds to 30 seconds as there is no reason for waiting 120 seconds - removed duplicate TLS initialization code - more logging and better error handling during initialization - added to tls_domain structure: + int type; + int verify_cert; + int require_client_cert; + char *ciphers_list; + str name; Allows TLS domains lookup via a string based identifier The type is "stolen" from ser's TLS code: enum tls_domain_type { TLS_DOMAIN_DEF = (1 << 0), /* Default domain */ TLS_DOMAIN_SRV = (1 << 1), /* Server domain */ TLS_DOMAIN_CLI = (1 << 2), /* Client domain */ TLS_DOMAIN_NAME= (1 << 3) /* Name based TLS domain */ }; - removed unused variables ---------------------------------------------------------------------- Comment By: Klaus Darilion (klaus_darilion) Date: 2006-05-10 16:26 Message: Logged In: YES user_id=1318360 - updatet TLS patch (support for TLS client domains) to work with AVP flags (see TLS README) - tlsops module exports pseudo variables with TLS cert parameters (see README of tlsops module) ---------------------------------------------------------------------- Comment By: Klaus Darilion (klaus_darilion) Date: 2006-05-04 12:56 Message: Logged In: YES user_id=1318360 delete patch as new patch coming soon. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1477147&group_id=139143 _______________________________________________ Devel mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/devel
