Module: sip-router Branch: master Commit: 1e0ee74dae6da3a962f46f8d3305368c0754d56d URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1e0ee74dae6da3a962f46f8d3305368c0754d56d
Author: Olle E. Johansson <[email protected]> Committer: Olle E. Johansson <[email protected]> Date: Mon Dec 17 20:56:25 2012 +0100 auth_identity Moving to "book" --- modules/auth_identity/README | 121 +++++++++----------------- modules/auth_identity/doc/auth_identity.xml | 9 +- 2 files changed, 47 insertions(+), 83 deletions(-) diff --git a/modules/auth_identity/README b/modules/auth_identity/README index 6502427..154a40e 100644 --- a/modules/auth_identity/README +++ b/modules/auth_identity/README @@ -1,4 +1,4 @@ -1. SIP Authenticated Identity Module +The Auth_identity module Gergely Kovacs @@ -7,56 +7,19 @@ Gergely Kovacs Copyright � 2007 Iptel.org __________________________________________________________________ - 1.1. Overview - 1.2. Dependencies - 1.3. Compilation - 1.4. Installation And Running - 1.5. Parameters + List of Examples - 1.5.1. privatekey_path (string) - 1.5.2. certificate_path (string) - 1.5.3. certificate_url (string) - 1.5.4. msg_timeout (integer) - 1.5.5. auth_validity_time (integer) - 1.5.6. callid_cache_limit (integer) - 1.5.7. certificate_cache_limit (integer) - 1.5.8. cainfo_path (string) - 1.5.9. accept_pem_certs ([0|1]) + 1. Set privatekey_path parameter + 2. Set certificate_path parameter + 3. Set certificate_url parameter + 4. Set msg_timeout parameter + 5. Set auth_validity_time parameter + 6. Set auth_validity_time parameter + 7. Set certificate_cache_limit parameter + 8. Set cainfo_path parameter + 9. Set accept_pem_certs parameter - 1.6. Functions - - 1.6.1. auth_date_proc() - - 1.6.1.1. Dependencies - - 1.6.2. auth_add_identity() - - 1.6.2.1. Dependencies - - 1.6.3. vrfy_check_date() - - 1.6.3.1. Dependencies - - 1.6.4. vrfy_get_certificate() - - 1.6.4.1. Dependencies - - 1.6.5. vrfy_check_certificate() - - 1.6.5.1. Dependencies - - 1.6.6. vrfy_check_msgvalidity() - - 1.6.6.1. Dependencies - - 1.6.7. vrfy_check_callid() - - 1.6.7.1. Dependencies - - 1.7. Authorizer service examples - 1.8. Verifier service examples - -1.1. Overview +1. Overview Auth Identity module provides functionalities for securely identifying originators of SIP messages. This module has two basic service: @@ -70,11 +33,11 @@ Gergely Kovacs * verifier does not support the subjectAltName extension of certificates -1.2. Dependencies +2. Dependencies This module does not depend any other module. -1.3. Compilation +3. Compilation This module needs the following headers and libraries: * OpenSSL (version 0.9.8 or higher) for cryptographic functions @@ -83,7 +46,7 @@ Gergely Kovacs If you'd like to use TLS module too then use the corresponding LIB line in auth_identity's Makefile -1.4. Installation And Running +4. Installation And Running the Authorizer service needs to make the public key, which conveyed in a certificate, available over HTTPS or HTTP for verifiers. The domain @@ -91,9 +54,9 @@ Gergely Kovacs certificate must be the same. This service needs access to the private key too. -1.5. Parameters +5. Parameters -1.5.1. privatekey_path (string) +5.1. privatekey_path (string) Note: this parameter is for authorizer service. @@ -107,7 +70,7 @@ Gergely Kovacs modparam("auth_identity","privatekey_path","/etc/ssl/private/key.pem") ... -1.5.2. certificate_path (string) +5.2. certificate_path (string) Note: this parameter is for authorizer service. @@ -121,7 +84,7 @@ modparam("auth_identity","privatekey_path","/etc/ssl/private/key.pem") modparam("auth_identity","certificate_path","/var/www/ssl/mycert.pem") ... -1.5.3. certificate_url (string) +5.3. certificate_url (string) Note: this parameter is for authorizer service. @@ -136,7 +99,7 @@ modparam("auth_identity","certificate_path","/var/www/ssl/mycert.pem") modparam("auth_identity","certificate_url","https://foo.bar/mycert.der";) ... -1.5.4. msg_timeout (integer) +5.4. msg_timeout (integer) Note: this parameter is for authorizer service. @@ -151,7 +114,7 @@ modparam("auth_identity","certificate_url","https://foo.bar/mycert.der";) modparam("auth_identity","msg_timeout",600) ... -1.5.5. auth_validity_time (integer) +5.5. auth_validity_time (integer) Note: this parameter is for verifier service. @@ -166,7 +129,7 @@ modparam("auth_identity","msg_timeout",600) modparam("auth_identity","auth_validity_time",3600) ... -1.5.6. callid_cache_limit (integer) +5.6. callid_cache_limit (integer) Note: this parameter is for verifier service. @@ -183,7 +146,7 @@ modparam("auth_identity","auth_validity_time",3600) modparam("auth_identity","callid_cache_limit",32768) ... -1.5.7. certificate_cache_limit (integer) +5.7. certificate_cache_limit (integer) Note: this parameter is for verifier service. @@ -198,7 +161,7 @@ modparam("auth_identity","callid_cache_limit",32768) modparam("auth_identity","certificate_cache_limit",4096) ... -1.5.8. cainfo_path (string) +5.8. cainfo_path (string) Note: this parameter is for verifier service. @@ -213,7 +176,7 @@ modparam("auth_identity","certificate_cache_limit",4096) modparam("auth_identity","cainfo_path","/etc/ssl/certs/ca-certificates.crt") ... -1.5.9. accept_pem_certs ([0|1]) +5.9. accept_pem_certs ([0|1]) Note: this parameter is for verifier service. @@ -226,9 +189,9 @@ modparam("auth_identity","cainfo_path","/etc/ssl/certs/ca-certificates.crt") modparam("auth_identity","accept_pem_certs",1) ... -1.6. Functions +6. Functions -1.6.1. auth_date_proc() +6.1. auth_date_proc() Note: this function is for authorizer service. @@ -239,11 +202,11 @@ modparam("auth_identity","accept_pem_certs",1) authentication service (set by certificate_path parameter) has been expired. -1.6.1.1. Dependencies +6.1.1. Dependencies No dependencies -1.6.2. auth_add_identity() +6.2. auth_add_identity() Note: this function is for authorizer service. @@ -259,22 +222,22 @@ modparam("auth_identity","accept_pem_certs",1) Call-ID, CSeq, Date, Contact) and body after auth_add_identity()'s been called -1.6.2.1. Dependencies +6.2.1. Dependencies auth_date_proc() must be called before -1.6.3. vrfy_check_date() +6.3. vrfy_check_date() Note: this function is for verifier service. Checks Date header of the incoming message whether falls in validity time (set by auth_validity_time parameter) -1.6.3.1. Dependencies +6.3.1. Dependencies No dependencies -1.6.4. vrfy_get_certificate() +6.4. vrfy_get_certificate() Note: this function is for verifier service. @@ -283,11 +246,11 @@ modparam("auth_identity","accept_pem_certs",1) parameter). If the required certificate is not found there then this function downloads it. -1.6.4.1. Dependencies +6.4.1. Dependencies No dependencies -1.6.5. vrfy_check_certificate() +6.5. vrfy_check_certificate() Note: this function is for verifier service. @@ -295,23 +258,23 @@ modparam("auth_identity","accept_pem_certs",1) subject and the domain part of the URL are the same) and adds it to certificate table. -1.6.5.1. Dependencies +6.5.1. Dependencies vrfy_get_certificate() must be called before -1.6.6. vrfy_check_msgvalidity() +6.6. vrfy_check_msgvalidity() Note: this function is for verifier service. Assembles digest-string from the message, create SHA1 hash and compares it with the decrypted value of Identity header. -1.6.6.1. Dependencies +6.6.1. Dependencies vrfy_get_certificate() must be called before and vrfy_check_certificate() should be called before -1.6.7. vrfy_check_callid() +6.7. vrfy_check_callid() Note: this function is for verifier service. @@ -321,11 +284,11 @@ modparam("auth_identity","accept_pem_certs",1) has not been replayed then adds it to callid table (which size is set by callid_cache_limit parameter). -1.6.7.1. Dependencies +6.7.1. Dependencies This function should be called for the last time. -1.7. Authorizer service examples +7. Authorizer service examples ... route[INIT] @@ -368,7 +331,7 @@ route[OUTBOUND] } ... -1.8. Verifier service examples +8. Verifier service examples ... route[INIT] diff --git a/modules/auth_identity/doc/auth_identity.xml b/modules/auth_identity/doc/auth_identity.xml index b73b06b..e730afa 100644 --- a/modules/auth_identity/doc/auth_identity.xml +++ b/modules/auth_identity/doc/auth_identity.xml @@ -9,8 +9,9 @@ ] > -<section id="auth_identity" xmlns:xi="http://www.w3.org/2001/XInclude";> - <sectioninfo> +<book id="auth_identity" xmlns:xi="http://www.w3.org/2001/XInclude";> + <bookinfo> + <title>The Auth_identity module</title> <authorgroup> <author> <firstname>Gergely</firstname> @@ -25,7 +26,7 @@ <year>2007</year> <holder>Iptel.org</holder> </copyright> - </sectioninfo> + </bookinfo> <title>SIP Authenticated Identity Module</title> @@ -221,4 +222,4 @@ route[VERIFY] ... ]]></programlisting> </section> -</section> +</book>
_______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
