Browse code

tls: regenerated the readme file

Daniel-Constantin Mierla authored on 17/02/2015 13:50:57
Showing 1 changed files
... ...
@@ -36,27 +36,29 @@ Carsten Bock
36 36
               9.7. verify_depth (integer)
37 37
               9.8. require_certificate (boolean)
38 38
               9.9. cipher_list (string)
39
-              9.10. send_timeout (int)
40
-              9.11. handshake_timeout (int)
41
-              9.12. connection_timeout (int)
42
-              9.13. tls_disable_compression (boolean)
43
-              9.14. ssl_release_buffers (integer)
44
-              9.15. ssl_free_list_max_len (integer)
45
-              9.16. ssl_max_send_fragment (integer)
46
-              9.17. ssl_read_ahead (boolean)
47
-              9.18. send_close_notify (boolean)
48
-              9.19. con_ct_wq_max (integer)
49
-              9.20. ct_wq_max (integer)
50
-              9.21. ct_wq_blk_size (integer)
51
-              9.22. tls_log (int)
52
-              9.23. tls_debug (int)
53
-              9.24. low_mem_threshold1 (integer)
54
-              9.25. low_mem_threshold2 (integer)
55
-              9.26. tls_force_run (boolean)
56
-              9.27. session_cache (boolean)
57
-              9.28. session_id (str)
58
-              9.29. renegotiation (boolean)
59
-              9.30. config (string)
39
+              9.10. server_name (string)
40
+              9.11. send_timeout (int)
41
+              9.12. handshake_timeout (int)
42
+              9.13. connection_timeout (int)
43
+              9.14. tls_disable_compression (boolean)
44
+              9.15. ssl_release_buffers (integer)
45
+              9.16. ssl_free_list_max_len (integer)
46
+              9.17. ssl_max_send_fragment (integer)
47
+              9.18. ssl_read_ahead (boolean)
48
+              9.19. send_close_notify (boolean)
49
+              9.20. con_ct_wq_max (integer)
50
+              9.21. ct_wq_max (integer)
51
+              9.22. ct_wq_blk_size (integer)
52
+              9.23. tls_log (int)
53
+              9.24. tls_debug (int)
54
+              9.25. low_mem_threshold1 (integer)
55
+              9.26. low_mem_threshold2 (integer)
56
+              9.27. tls_force_run (boolean)
57
+              9.28. session_cache (boolean)
58
+              9.29. session_id (str)
59
+              9.30. renegotiation (boolean)
60
+              9.31. config (string)
61
+              9.32. xavp_cfg (string)
60 62
 
61 63
         10. Functions
62 64
 
... ...
@@ -87,37 +89,39 @@ Carsten Bock
87 89
    1.9. Set verify_depth parameter
88 90
    1.10. Set require_certificate parameter
89 91
    1.11. Set cipher_list parameter
90
-   1.12. Set connection_timeout parameter
91
-   1.13. Set tls.connection_timeout at runtime
92
-   1.14. Set tls_disable_compression parameter
93
-   1.15. Set ssl_release_buffers parameter
94
-   1.16. Set ssl_freelist_max_len parameter
95
-   1.17. Set ssl_max_send_fragment parameter
96
-   1.18. Set ssl_read_ahead parameter
97
-   1.19. Set send_close_notify parameter
98
-   1.20. Set tls.send_close_notify at runtime
99
-   1.21. Set con_ct_wq_max parameter
100
-   1.22. Set tls.con_ct_wq_max at runtime
101
-   1.23. Set ct_wq_max parameter
102
-   1.24. Set tls.ct_wq_max at runtime
103
-   1.25. Set ct_wq_blk_size parameter
104
-   1.26. Set tls.ct_wq_max at runtime
105
-   1.27. Set tls_log parameter
106
-   1.28. Set tls.log at runtime
107
-   1.29. Set tls_debug parameter
108
-   1.30. Set tls.debug at runtime
109
-   1.31. Set low_mem_threshold1 parameter
110
-   1.32. Set tls.low_mem_threshold1 at runtime
111
-   1.33. Set low_mem_threshold2 parameter
112
-   1.34. Set tls.low_mem_threshold2 at runtime
113
-   1.35. Set tls_force_run parameter
114
-   1.36. Set session_cache parameter
115
-   1.37. Set session_id parameter
116
-   1.38. Set renegotiation parameter
117
-   1.39. Short config file
118
-   1.40. Set config parameter
119
-   1.41. Change and reload tls config at runtime
120
-   1.42. is_peer_verified usage
92
+   1.12. Set server_name parameter
93
+   1.13. Set connection_timeout parameter
94
+   1.14. Set tls.connection_timeout at runtime
95
+   1.15. Set tls_disable_compression parameter
96
+   1.16. Set ssl_release_buffers parameter
97
+   1.17. Set ssl_freelist_max_len parameter
98
+   1.18. Set ssl_max_send_fragment parameter
99
+   1.19. Set ssl_read_ahead parameter
100
+   1.20. Set send_close_notify parameter
101
+   1.21. Set tls.send_close_notify at runtime
102
+   1.22. Set con_ct_wq_max parameter
103
+   1.23. Set tls.con_ct_wq_max at runtime
104
+   1.24. Set ct_wq_max parameter
105
+   1.25. Set tls.ct_wq_max at runtime
106
+   1.26. Set ct_wq_blk_size parameter
107
+   1.27. Set tls.ct_wq_max at runtime
108
+   1.28. Set tls_log parameter
109
+   1.29. Set tls.log at runtime
110
+   1.30. Set tls_debug parameter
111
+   1.31. Set tls.debug at runtime
112
+   1.32. Set low_mem_threshold1 parameter
113
+   1.33. Set tls.low_mem_threshold1 at runtime
114
+   1.34. Set low_mem_threshold2 parameter
115
+   1.35. Set tls.low_mem_threshold2 at runtime
116
+   1.36. Set tls_force_run parameter
117
+   1.37. Set session_cache parameter
118
+   1.38. Set session_id parameter
119
+   1.39. Set renegotiation parameter
120
+   1.40. Short config file
121
+   1.41. Set config parameter
122
+   1.42. Change and reload tls config at runtime
123
+   1.43. Set xavp_cfg parameter
124
+   1.44. is_peer_verified usage
121 125
 
122 126
 Chapter 1. Admin Guide
123 127
 
... ...
@@ -142,27 +146,29 @@ Chapter 1. Admin Guide
142 146
         9.7. verify_depth (integer)
143 147
         9.8. require_certificate (boolean)
144 148
         9.9. cipher_list (string)
145
-        9.10. send_timeout (int)
146
-        9.11. handshake_timeout (int)
147
-        9.12. connection_timeout (int)
148
-        9.13. tls_disable_compression (boolean)
149
-        9.14. ssl_release_buffers (integer)
150
-        9.15. ssl_free_list_max_len (integer)
151
-        9.16. ssl_max_send_fragment (integer)
152
-        9.17. ssl_read_ahead (boolean)
153
-        9.18. send_close_notify (boolean)
154
-        9.19. con_ct_wq_max (integer)
155
-        9.20. ct_wq_max (integer)
156
-        9.21. ct_wq_blk_size (integer)
157
-        9.22. tls_log (int)
158
-        9.23. tls_debug (int)
159
-        9.24. low_mem_threshold1 (integer)
160
-        9.25. low_mem_threshold2 (integer)
161
-        9.26. tls_force_run (boolean)
162
-        9.27. session_cache (boolean)
163
-        9.28. session_id (str)
164
-        9.29. renegotiation (boolean)
165
-        9.30. config (string)
149
+        9.10. server_name (string)
150
+        9.11. send_timeout (int)
151
+        9.12. handshake_timeout (int)
152
+        9.13. connection_timeout (int)
153
+        9.14. tls_disable_compression (boolean)
154
+        9.15. ssl_release_buffers (integer)
155
+        9.16. ssl_free_list_max_len (integer)
156
+        9.17. ssl_max_send_fragment (integer)
157
+        9.18. ssl_read_ahead (boolean)
158
+        9.19. send_close_notify (boolean)
159
+        9.20. con_ct_wq_max (integer)
160
+        9.21. ct_wq_max (integer)
161
+        9.22. ct_wq_blk_size (integer)
162
+        9.23. tls_log (int)
163
+        9.24. tls_debug (int)
164
+        9.25. low_mem_threshold1 (integer)
165
+        9.26. low_mem_threshold2 (integer)
166
+        9.27. tls_force_run (boolean)
167
+        9.28. session_cache (boolean)
168
+        9.29. session_id (str)
169
+        9.30. renegotiation (boolean)
170
+        9.31. config (string)
171
+        9.32. xavp_cfg (string)
166 172
 
167 173
    10. Functions
168 174
 
... ...
@@ -477,27 +483,29 @@ Revoking a certificate and using a CRL
477 483
    9.7. verify_depth (integer)
478 484
    9.8. require_certificate (boolean)
479 485
    9.9. cipher_list (string)
480
-   9.10. send_timeout (int)
481
-   9.11. handshake_timeout (int)
482
-   9.12. connection_timeout (int)
483
-   9.13. tls_disable_compression (boolean)
484
-   9.14. ssl_release_buffers (integer)
485
-   9.15. ssl_free_list_max_len (integer)
486
-   9.16. ssl_max_send_fragment (integer)
487
-   9.17. ssl_read_ahead (boolean)
488
-   9.18. send_close_notify (boolean)
489
-   9.19. con_ct_wq_max (integer)
490
-   9.20. ct_wq_max (integer)
491
-   9.21. ct_wq_blk_size (integer)
492
-   9.22. tls_log (int)
493
-   9.23. tls_debug (int)
494
-   9.24. low_mem_threshold1 (integer)
495
-   9.25. low_mem_threshold2 (integer)
496
-   9.26. tls_force_run (boolean)
497
-   9.27. session_cache (boolean)
498
-   9.28. session_id (str)
499
-   9.29. renegotiation (boolean)
500
-   9.30. config (string)
486
+   9.10. server_name (string)
487
+   9.11. send_timeout (int)
488
+   9.12. handshake_timeout (int)
489
+   9.13. connection_timeout (int)
490
+   9.14. tls_disable_compression (boolean)
491
+   9.15. ssl_release_buffers (integer)
492
+   9.16. ssl_free_list_max_len (integer)
493
+   9.17. ssl_max_send_fragment (integer)
494
+   9.18. ssl_read_ahead (boolean)
495
+   9.19. send_close_notify (boolean)
496
+   9.20. con_ct_wq_max (integer)
497
+   9.21. ct_wq_max (integer)
498
+   9.22. ct_wq_blk_size (integer)
499
+   9.23. tls_log (int)
500
+   9.24. tls_debug (int)
501
+   9.25. low_mem_threshold1 (integer)
502
+   9.26. low_mem_threshold2 (integer)
503
+   9.27. tls_force_run (boolean)
504
+   9.28. session_cache (boolean)
505
+   9.29. session_id (str)
506
+   9.30. renegotiation (boolean)
507
+   9.31. config (string)
508
+   9.32. xavp_cfg (string)
501 509
 
502 510
 9.1. tls_method (string)
503 511
 
... ...
@@ -714,19 +722,33 @@ modparam("tls", "require_certificate", 1)
714 722
 modparam("tls", "cipher_list", "HIGH")
715 723
 ...
716 724
 
717
-9.10. send_timeout (int)
725
+9.10. server_name (string)
726
+
727
+   Sets the Server Name Indication (SNI) value.
728
+
729
+   This is a TLS extension and is not working for old and obsoleted SSL
730
+   versions.
731
+
732
+   The default value is empty (not set).
733
+
734
+   Example 1.12. Set server_name parameter
735
+...
736
+modparam("tls", "server_name", "kamailio.org")
737
+...
738
+
739
+9.11. send_timeout (int)
718 740
 
719 741
    This parameter is obsolete and cannot be used in newer TLS versions (>
720 742
    Kamailio 3.0). In these versions the send_timeout is replaced by
721 743
    tcp_send_timeout (common with all the tcp connections).
722 744
 
723
-9.11. handshake_timeout (int)
745
+9.12. handshake_timeout (int)
724 746
 
725 747
    This parameter is obsolete and cannot be used in newer TLS versions (>
726 748
    Kamailio 3.0). In these versions the handshake_timeout is replaced by
727 749
    tcp_connect_timeout (common with all the tcp connections).
728 750
 
729
-9.12. connection_timeout (int)
751
+9.13. connection_timeout (int)
730 752
 
731 753
    Sets the amount of time after which an idle TLS connection will be
732 754
    closed, if no I/O ever occured after the initial open. If an I/O event
... ...
@@ -740,15 +762,15 @@ modparam("tls", "cipher_list", "HIGH")
740 762
    It can be changed also at runtime, via the RPC interface and config
741 763
    framework. The config variable name is tls.connection_timeout.
742 764
 
743
-   Example 1.12. Set connection_timeout parameter
765
+   Example 1.13. Set connection_timeout parameter
744 766
 ...
745 767
 modparam("tls", "connection_timeout", 60)
746 768
 ...
747 769
 
748
-   Example 1.13. Set tls.connection_timeout at runtime
770
+   Example 1.14. Set tls.connection_timeout at runtime
749 771
  $ kamcmd cfg.set_now_int tls connection_timeout 180
750 772
 
751
-9.13. tls_disable_compression (boolean)
773
+9.14. tls_disable_compression (boolean)
752 774
 
753 775
    If set compression over SSL/TLS will be disabled. Note that compression
754 776
    uses a lot of memory (about 10x more then with the compression
... ...
@@ -757,12 +779,12 @@ modparam("tls", "connection_timeout", 60)
757 779
 
758 780
    By default compression is disabled.
759 781
 
760
-   Example 1.14. Set tls_disable_compression parameter
782
+   Example 1.15. Set tls_disable_compression parameter
761 783
 ...
762 784
 modparam("tls", "tls_disable_compression", 0) # enable
763 785
 ...
764 786
 
765
-9.14. ssl_release_buffers (integer)
787
+9.15. ssl_release_buffers (integer)
766 788
 
767 789
    Release internal OpenSSL read or write buffers as soon as they are no
768 790
    longer needed. Combined with ssl_free_list_max_len has the potential of
... ...
@@ -781,10 +803,10 @@ Note
781 803
    This option is supported only for OpenSSL versions >= 1.0.0. On all the
782 804
    other versions attempting to change the default will trigger an error.
783 805
 
784
-   Example 1.15. Set ssl_release_buffers parameter
806
+   Example 1.16. Set ssl_release_buffers parameter
785 807
 modparam("tls", "ssl_release_buffers", 1)
786 808
 
787
-9.15. ssl_free_list_max_len (integer)
809
+9.16. ssl_free_list_max_len (integer)
788 810
 
789 811
    Sets the maximum number of free memory chunks, that OpenSSL will keep
790 812
    per connection. Setting it to 0 would cause any unused memory chunk to
... ...
@@ -804,10 +826,10 @@ Note
804 826
    This option is supported only for OpenSSL versions >= 1.0.0. On all the
805 827
    other versions attempting to change the default will trigger an error.
806 828
 
807
-   Example 1.16. Set ssl_freelist_max_len parameter
829
+   Example 1.17. Set ssl_freelist_max_len parameter
808 830
 modparam("tls", "ssl_freelist_max_len", 0)
809 831
 
810
-9.16. ssl_max_send_fragment (integer)
832
+9.17. ssl_max_send_fragment (integer)
811 833
 
812 834
    Sets the maximum number of bytes (from the clear text) sent into one
813 835
    TLS or SSL record. Valid values are between 512 and 16384. Note however
... ...
@@ -839,10 +861,10 @@ Note
839 861
    This option is supported only for OpenSSL versions >= 0.9.9. On all the
840 862
    other versions attempting to change the default will trigger an error.
841 863
 
842
-   Example 1.17. Set ssl_max_send_fragment parameter
864
+   Example 1.18. Set ssl_max_send_fragment parameter
843 865
 modparam("tls", "ssl_max_send_fragment", 4096)
844 866
 
845
-9.17. ssl_read_ahead (boolean)
867
+9.18. ssl_read_ahead (boolean)
846 868
 
847 869
    Enables read ahead, reducing the number of internal OpenSSL BIO read()
848 870
    calls. This option has only debugging value, in normal circumstances it
... ...
@@ -861,10 +883,10 @@ modparam("tls", "ssl_max_send_fragment", 4096)
861 883
 
862 884
    By default the value is 0 (disabled).
863 885
 
864
-   Example 1.18. Set ssl_read_ahead parameter
886
+   Example 1.19. Set ssl_read_ahead parameter
865 887
 modparam("tls", "ssl_read_ahead", 1)
866 888
 
867
-9.18. send_close_notify (boolean)
889
+9.19. send_close_notify (boolean)
868 890
 
869 891
    Enables/disables sending close notify alerts prior to closing the
870 892
    corresponding TCP connection. Sending the close notify prior to tcp
... ...
@@ -877,15 +899,15 @@ modparam("tls", "ssl_read_ahead", 1)
877 899
    It can be changed also at runtime, via the RPC interface and config
878 900
    framework. The config variable name is tls.send_close_notify.
879 901
 
880
-   Example 1.19. Set send_close_notify parameter
902
+   Example 1.20. Set send_close_notify parameter
881 903
 ...
882 904
 modparam("tls", "send_close_notify", 1)
883 905
 ...
884 906
 
885
-   Example 1.20. Set tls.send_close_notify at runtime
907
+   Example 1.21. Set tls.send_close_notify at runtime
886 908
  $ kamcmd cfg.set_now_int tls send_close_notify 1
887 909
 
888
-9.19. con_ct_wq_max (integer)
910
+9.20. con_ct_wq_max (integer)
889 911
 
890 912
    Sets the maximum allowed per connection clear-text send queue size in
891 913
    bytes. This queue is used when data cannot be encrypted and sent
... ...
@@ -896,15 +918,15 @@ modparam("tls", "send_close_notify", 1)
896 918
    It can be changed also at runtime, via the RPC interface and config
897 919
    framework. The config variable name is tls.con_ct_wq_max.
898 920
 
899
-   Example 1.21. Set con_ct_wq_max parameter
921
+   Example 1.22. Set con_ct_wq_max parameter
900 922
 ...
901 923
 modparam("tls", "con_ct_wq_max", 1048576)
902 924
 ...
903 925
 
904
-   Example 1.22. Set tls.con_ct_wq_max at runtime
926
+   Example 1.23. Set tls.con_ct_wq_max at runtime
905 927
  $ kamcmd cfg.set_now_int tls con_ct_wq_max 1048576
906 928
 
907
-9.20. ct_wq_max (integer)
929
+9.21. ct_wq_max (integer)
908 930
 
909 931
    Sets the maximum total number of bytes queued in all the clear-text
910 932
    send queues. These queues are used when data cannot be encrypted and
... ...
@@ -915,15 +937,15 @@ modparam("tls", "con_ct_wq_max", 1048576)
915 937
    It can be changed also at runtime, via the RPC interface and config
916 938
    framework. The config variable name is tls.ct_wq_max.
917 939
 
918
-   Example 1.23. Set ct_wq_max parameter
940
+   Example 1.24. Set ct_wq_max parameter
919 941
 ...
920 942
 modparam("tls", "ct_wq_max", 4194304)
921 943
 ...
922 944
 
923
-   Example 1.24. Set tls.ct_wq_max at runtime
945
+   Example 1.25. Set tls.ct_wq_max at runtime
924 946
  $ kamcmd cfg.set_now_int tls ct_wq_max 4194304
925 947
 
926
-9.21. ct_wq_blk_size (integer)
948
+9.22. ct_wq_blk_size (integer)
927 949
 
928 950
    Minimum block size for the internal clear-text send queues (debugging /
929 951
    advanced tunning). Good values are multiple of typical datagram sizes.
... ...
@@ -933,15 +955,15 @@ modparam("tls", "ct_wq_max", 4194304)
933 955
    It can be changed also at runtime, via the RPC interface and config
934 956
    framework. The config variable name is tls.ct_wq_blk_size.
935 957
 
936
-   Example 1.25. Set ct_wq_blk_size parameter
958
+   Example 1.26. Set ct_wq_blk_size parameter
937 959
 ...
938 960
 modparam("tls", "ct_wq_blk_size", 2048)
939 961
 ...
940 962
 
941
-   Example 1.26. Set tls.ct_wq_max at runtime
963
+   Example 1.27. Set tls.ct_wq_max at runtime
942 964
  $ kamcmd cfg.set_now_int tls ct_wq_blk_size 2048
943 965
 
944
-9.22. tls_log (int)
966
+9.23. tls_log (int)
945 967
 
946 968
    Sets the log level at which TLS related messages will be logged.
947 969
 
... ...
@@ -950,16 +972,16 @@ modparam("tls", "ct_wq_blk_size", 2048)
950 972
    It can be changed also at runtime, via the RPC interface and config
951 973
    framework. The config variable name is tls.log.
952 974
 
953
-   Example 1.27. Set tls_log parameter
975
+   Example 1.28. Set tls_log parameter
954 976
 ...
955 977
 # ignore TLS messages if Kamailio is started with debug less than 10
956 978
 modparam("tls", "tls_log", 10)
957 979
 ...
958 980
 
959
-   Example 1.28. Set tls.log at runtime
981
+   Example 1.29. Set tls.log at runtime
960 982
  $ kamcmd cfg.set_now_int tls log 10
961 983
 
962
-9.23. tls_debug (int)
984
+9.24. tls_debug (int)
963 985
 
964 986
    Sets the log level at which TLS debug messages will be logged. Note
965 987
    that TLS debug messages are enabled only if the TLS module is compiled
... ...
@@ -971,16 +993,16 @@ modparam("tls", "tls_log", 10)
971 993
    It can be changed also at runtime, via the RPC interface and config
972 994
    framework. The config variable name is tls.debug.
973 995
 
974
-   Example 1.29. Set tls_debug parameter
996
+   Example 1.30. Set tls_debug parameter
975 997
 ...
976 998
 # ignore TLS debug messages if Kamailio is started with debug less than 10
977 999
 modparam("tls", "tls_debug", 10)
978 1000
 ...
979 1001
 
980
-   Example 1.30. Set tls.debug at runtime
1002
+   Example 1.31. Set tls.debug at runtime
981 1003
  $ kamcmd cfg.set_now_int tls debug 10
982 1004
 
983
-9.24. low_mem_threshold1 (integer)
1005
+9.25. low_mem_threshold1 (integer)
984 1006
 
985 1007
    Sets the minimal free memory from which attempts to open or accept new
986 1008
    TLS connections will start to fail. The value is expressed in KB.
... ...
@@ -1003,15 +1025,15 @@ modparam("tls", "tls_debug", 10)
1003 1025
 
1004 1026
    See also low_mem_threshold2.
1005 1027
 
1006
-   Example 1.31. Set low_mem_threshold1 parameter
1028
+   Example 1.32. Set low_mem_threshold1 parameter
1007 1029
 ...
1008 1030
 modparam("tls", "low_mem_threshold1", -1)
1009 1031
 ...
1010 1032
 
1011
-   Example 1.32. Set tls.low_mem_threshold1 at runtime
1033
+   Example 1.33. Set tls.low_mem_threshold1 at runtime
1012 1034
  $ kamcmd cfg.set_now_int tls low_mem_threshold1 2048
1013 1035
 
1014
-9.25. low_mem_threshold2 (integer)
1036
+9.26. low_mem_threshold2 (integer)
1015 1037
 
1016 1038
    Sets the minimal free memory from which TLS operations on already
1017 1039
    established TLS connections will start to fail preemptively. The value
... ...
@@ -1035,15 +1057,15 @@ modparam("tls", "low_mem_threshold1", -1)
1035 1057
 
1036 1058
    See also low_mem_threshold1.
1037 1059
 
1038
-   Example 1.33. Set low_mem_threshold2 parameter
1060
+   Example 1.34. Set low_mem_threshold2 parameter
1039 1061
 ...
1040 1062
 modparam("tls", "low_mem_threshold2", -1)
1041 1063
 ...
1042 1064
 
1043
-   Example 1.34. Set tls.low_mem_threshold2 at runtime
1065
+   Example 1.35. Set tls.low_mem_threshold2 at runtime
1044 1066
  $ kamcmd cfg.set_now_int tls low_mem_threshold2 1024
1045 1067
 
1046
-9.26. tls_force_run (boolean)
1068
+9.27. tls_force_run (boolean)
1047 1069
 
1048 1070
    If enabled Kamailio will start even if some of the openssl sanity
1049 1071
    checks fail (turn it on at your own risk).
... ...
@@ -1059,36 +1081,36 @@ modparam("tls", "low_mem_threshold2", -1)
1059 1081
 
1060 1082
    By default tls_force_run is disabled.
1061 1083
 
1062
-   Example 1.35. Set tls_force_run parameter
1084
+   Example 1.36. Set tls_force_run parameter
1063 1085
 ...
1064 1086
 modparam("tls", "tls_force_run", 11)
1065 1087
 ...
1066 1088
 
1067
-9.27. session_cache (boolean)
1089
+9.28. session_cache (boolean)
1068 1090
 
1069 1091
    If enabled Kamailio will do caching of the TLS sessions data,
1070 1092
    generation a session_id and sending it back to client.
1071 1093
 
1072 1094
    By default TLS session caching is disabled (0).
1073 1095
 
1074
-   Example 1.36. Set session_cache parameter
1096
+   Example 1.37. Set session_cache parameter
1075 1097
 ...
1076 1098
 modparam("tls", "session_cache", 1)
1077 1099
 ...
1078 1100
 
1079
-9.28. session_id (str)
1101
+9.29. session_id (str)
1080 1102
 
1081 1103
    The value for session ID context, making sense when session caching is
1082 1104
    enabled.
1083 1105
 
1084 1106
    By default TLS session_id is "sip-router-tls-3.1".
1085 1107
 
1086
-   Example 1.37. Set session_id parameter
1108
+   Example 1.38. Set session_id parameter
1087 1109
 ...
1088 1110
 modparam("tls", "session_id", "my-session-id-context")
1089 1111
 ...
1090 1112
 
1091
-9.29. renegotiation (boolean)
1113
+9.30. renegotiation (boolean)
1092 1114
 
1093 1115
    If enabled Kamailio will allow renegotiations of TLS connection
1094 1116
    initiated by the client. This may expose to a security risk if the
... ...
@@ -1097,12 +1119,12 @@ modparam("tls", "session_id", "my-session-id-context")
1097 1119
 
1098 1120
    By default TLS renegotiation is disabled (0).
1099 1121
 
1100
-   Example 1.38. Set renegotiation parameter
1122
+   Example 1.39. Set renegotiation parameter
1101 1123
 ...
1102 1124
 modparam("tls", "renegotiation", 1)
1103 1125
 ...
1104 1126
 
1105
-9.30. config (string)
1127
+9.31. config (string)
1106 1128
 
1107 1129
    Sets the name of the TLS specific config file or config directory.
1108 1130
 
... ...
@@ -1131,6 +1153,7 @@ modparam("tls", "renegotiation", 1)
1131 1153
      * ca_list
1132 1154
      * crl
1133 1155
      * cipher_list
1156
+     * server_name
1134 1157
 
1135 1158
    All the parameters that take filenames as values will be resolved using
1136 1159
    the same rules as for the tls config filename itself: starting with a
... ...
@@ -1142,7 +1165,7 @@ modparam("tls", "renegotiation", 1)
1142 1165
    when it initiates a new connection by itself (it connects to
1143 1166
    something).
1144 1167
 
1145
-   Example 1.39. Short config file
1168
+   Example 1.40. Short config file
1146 1169
 [server:default]
1147 1170
 method = TLSv1
1148 1171
 verify_certificate = yes
... ...
@@ -1165,11 +1188,12 @@ private_key = local_key.pem
1165 1188
 certificate = local_cert.pem
1166 1189
 verify_depth = 3
1167 1190
 ca_list = local_ca.pem
1191
+server_name = kamailio.org
1168 1192
 
1169 1193
    For a more complete example check the tls.cfg distributed with the
1170 1194
    Kamailio source (kamailio/modules/tls/tls.cfg).
1171 1195
 
1172
-   Example 1.40. Set config parameter
1196
+   Example 1.41. Set config parameter
1173 1197
 ...
1174 1198
 modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
1175 1199
 ...
... ...
@@ -1177,10 +1201,28 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
1177 1201
    It can be changed also at runtime. The new config will not be loaded
1178 1202
    immediately, but after the first tls.reload RPC call.
1179 1203
 
1180
-   Example 1.41. Change and reload tls config at runtime
1204
+   Example 1.42. Change and reload tls config at runtime
1181 1205
  $ kamcmd cfg.set_now_string tls config "/usr/local/etc/kamailio/new_tls.cfg"
1182 1206
  $ kamcmd tls.reload
1183 1207
 
1208
+9.32. xavp_cfg (string)
1209
+
1210
+   Sets the name of XAVP that stored attributes for TLS connections.
1211
+
1212
+   The following (inner) attributes can be set:
1213
+     * server_name - SNI to be used for outbound connections
1214
+
1215
+   The default value is empty (not set).
1216
+
1217
+   Example 1.43. Set xavp_cfg parameter
1218
+...
1219
+  modparam("tls", "xavp_cfg", "tls")
1220
+ ...
1221
+  $xavp(tls=>server_name) = "kamailio.org";
1222
+  $du = "sip:kamailio.org:5061;transport=tls";
1223
+  route(RELAY);
1224
+...
1225
+
1184 1226
 10. Functions
1185 1227
 
1186 1228
    10.1. is_peer_verified()
... ...
@@ -1191,7 +1233,7 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
1191 1233
    , the peer presented an X509 certificate and the certificate chain
1192 1234
    verified ok. It can be used only in a request route.
1193 1235
 
1194
-   Example 1.42. is_peer_verified usage
1236
+   Example 1.44. is_peer_verified usage
1195 1237
         if (proto==TLS && !is_peer_verified()){
1196 1238
                 sl_send_reply("400", "No certificate or verification failed");
1197 1239
                 drop;