This latest commit implements some of the TODO's in the curl module. - default client_cert, client_key, cacert and verifyserver modparams implemented - added a cipher_suites modparam so the default list provided by libcurl can be overridden (e.g. enabling elliptic-curve ciphers) - added per-connection value for verifyserver
Here are some followup questions for @oej or anyone else who may use the curl module. Should the [verify_host](http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html) parameter be configurable as well as verify_peer? Is the intention to make the client cert/key configurable per-connection? If we add more parameters to the curlcon modparam, it will easily get unmanageable. I suggest two modparams, curlcon and curlcon_param. The first sets up the url and parameters (this is unchanged). The second will add parameters to a curlcon that is already defined. E.g. ``` modparam("curl", "curlcon", "apione=>https://myserver.example.com/url;timeout=12";) modparam("curl", "curlcon_param", "apione=>verifyserver=1") modparam("curl", "curlcon_param", "apione=>clientkey=/var/certs/myserver.example.com.pem") ``` Any thoughts? Have I missed anything else in this area? You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/481 -- Commit Summary -- * curl: Add client key/certificate to curl_connect -- File Changes -- M modules/curl/curl.c (2) M modules/curl/curl.h (6) M modules/curl/curlcon.c (24) M modules/curl/doc/curl_admin.xml (26) M modules/curl/functions.c (113) -- Patch Links -- https://github.com/kamailio/kamailio/pull/481.patch https://github.com/kamailio/kamailio/pull/481.diff --- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/481
_______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
