#### core, lib, modules: restructured source code tree

- new folder src/ to hold the source code for main project applications
- main.c is in src/
- all core files are subfolder are in src/core/
- modules are in src/modules/
- libs are in src/lib/
- application Makefiles are in src/
- application binary is built in src/ (src/kamailio)

Daniel-Constantin Mierla authored on 07/12/2016 11:03:51
Showing 1 changed files
 1 1 deleted file mode 100644 ... ... @@ -1,45 +0,0 @@ 1 -/*  2 - * TLS module - module interface 3 - * 4 - * Copyright (C) 2005 iptelorg GmbH 5 - * 6 - * Permission to use, copy, modify, and distribute this software for any 7 - * purpose with or without fee is hereby granted, provided that the above 8 - * copyright notice and this permission notice appear in all copies. 9 - * 10 - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 - */ 18 -/** Kamailio TLS support :: module interface. 19 - * @file 20 - * @ingroup tls 21 - * Module: @ref tls 22 - */ 23 - 24 - 25 - 26 -#ifndef _TLS_MOD_H 27 -#define _TLS_MOD_H 28 - 29 -#include "../../str.h" 30 -#include "../../locking.h" 31 -#include "tls_domain.h" 32 - 33 - 34 -/* Current TLS configuration */ 35 -extern tls_domains_cfg_t** tls_domains_cfg; 36 -extern gen_lock_t* tls_domains_cfg_lock; 37 - 38 -extern tls_domain_t cli_defaults; 39 -extern tls_domain_t srv_defaults; 40 - 41 -extern str tls_domains_cfg_file; 42 - 43 -extern int sr_tls_renegotiation; 44 - 45 -#endif /* _TLS_MOD_H */

#### tls Remove history, change "SIP-router" to "Kamailio"

Olle E. Johansson authored on 10/01/2015 16:33:42
Showing 1 changed files
 ... ... @@ -15,7 +15,7 @@ 15 15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 17  */ 18 -/** SIP-router TLS support :: module interface. 18 +/** Kamailio TLS support :: module interface. 19 19  * @file 20 20  * @ingroup tls 21 21  * Module: @ref tls

#### tls: clarified licensing based on development history

- some were c&p as they refered to files related to components that were
developed later than the (c) year (e.g., selects)
- added openssl exception to gpl parts based on agreement from the
developers of those components - most of the code was released long time
ago under BSD by iptelorg. Code was rewrote for 3.1 when asynchronous
support was developed.

Daniel-Constantin Mierla authored on 02/12/2013 17:17:34
Showing 1 changed files
 ... ... @@ -1,32 +1,19 @@ 1 -/* 2 - * $Id$ 3 - * 1 +/*  4 2  * TLS module - module interface 5 3  * 6 - * Copyright (C) 2001-2003 FhG FOKUS 7 - * Copyright (C) 2004,2005 Free Software Foundation, Inc. 8 4  * Copyright (C) 2005 iptelorg GmbH 9 5  * 10 - * This file is part of sip-router, a free SIP server. 11 - * 12 - * sip-router is free software; you can redistribute it and/or modify 13 - * it under the terms of the GNU General Public License as published by 14 - * the Free Software Foundation; either version 2 of the License, or 15 - * (at your option) any later version 16 - * 17 - * For a license to use the sip-router software under conditions 18 - * other than those described here, or to purchase support for this 19 - * software, please contact iptel.org by e-mail at the following addresses: 20 - * info@iptel.org 21 - * 22 - * sip-router is distributed in the hope that it will be useful, 23 - * but WITHOUT ANY WARRANTY; without even the implied warranty of 24 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 25 - * GNU General Public License for more details. 6 + * Permission to use, copy, modify, and distribute this software for any 7 + * purpose with or without fee is hereby granted, provided that the above 8 + * copyright notice and this permission notice appear in all copies. 26 9  * 27 - * You should have received a copy of the GNU General Public License  28 - * along with this program; if not, write to the Free Software  29 - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 10 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 30 17  */ 31 18  /** SIP-router TLS support :: module interface. 32 19  * @file

#### tls: new parameter 'renegotiation' to enable/disable client renegotiation

- default is 0 (renegotiation disabled), to protect against SSL
renegotiation attack
- can be enabled by setting it to 1

Daniel-Constantin Mierla authored on 17/12/2011 21:22:04
Showing 1 changed files
 ... ... @@ -53,4 +53,6 @@ extern tls_domain_t srv_defaults; 53 53   54 54  extern str tls_domains_cfg_file; 55 55   56 +extern int sr_tls_renegotiation; 57 + 56 58  #endif /* _TLS_MOD_H */

#### tls: migrated to the runtime cfg framework

- moved all the module params to runtime config. Most of the
variables are read-only (for now) with the following exceptions:
config - can be changed at runtime and if followed by a
tls.realod, the configuration from the new file will
log
connection_timeout
low_mem_threshold1
low_mem_threshold2
- renamed tls_fix_cfg() to tls_fix_domains_cfg() to avoid
confusion with the runtime cfg (named tls_cfg).

Andrei Pelinescu-Onciul authored on 28/05/2010 10:35:07
Showing 1 changed files
 ... ... @@ -43,14 +43,6 @@ 43 43  #include "../../locking.h" 44 44  #include "tls_domain.h" 45 45   46 -extern int tls_con_lifetime; 47 -extern int tls_log; 48 -extern int tls_session_cache; 49 -extern str tls_session_id; 50 -extern int ssl_mode_release_buffers; 51 -extern int ssl_freelist_max_len; 52 -extern int ssl_max_send_fragment; 53 -extern int ssl_read_ahead; 54 46   55 47  /* Current TLS configuration */ 56 48  extern tls_domains_cfg_t** tls_domains_cfg;

#### tls: removed handshake_timeout and send_timeout

Removed the handshake_timeout and send_timeout parameters.
The values from tcp are used instead (tcp_connect_timeout and
tcp_send_timeout).

Andrei Pelinescu-Onciul authored on 27/05/2010 17:48:02
Showing 1 changed files
 ... ... @@ -43,8 +43,6 @@ 43 43  #include "../../locking.h" 44 44  #include "tls_domain.h" 45 45   46 -extern int tls_handshake_timeout; 47 -extern int tls_send_timeout; 48 46  extern int tls_con_lifetime; 49 47  extern int tls_log; 50 48  extern int tls_session_cache;

#### tls: s/tls_cfg/tls_domains_cfg

Internal variable and type name change: replaces tls_cfg with
tls_domains_cfg. This frees up tls_cfg for use with the runtime
configuration framework (by convention a module runtime
configuration is named <module_name>_cfg and it would be very
confusing to have an exception for the tls module).

Andrei Pelinescu-Onciul authored on 27/05/2010 15:20:16
Showing 1 changed files
 ... ... @@ -55,12 +55,12 @@ extern int ssl_max_send_fragment; 55 55  extern int ssl_read_ahead; 56 56   57 57  /* Current TLS configuration */ 58 -extern tls_cfg_t** tls_cfg; 59 -extern gen_lock_t* tls_cfg_lock; 58 +extern tls_domains_cfg_t** tls_domains_cfg; 59 +extern gen_lock_t* tls_domains_cfg_lock; 60 60   61 61  extern tls_domain_t cli_defaults; 62 62  extern tls_domain_t srv_defaults; 63 63   64 -extern str tls_cfg_file; 64 +extern str tls_domains_cfg_file; 65 65   66 66  #endif /* _TLS_MOD_H */

#### tls: new parameters for advanced openssl options

- ssl_release_buffers: release internal openssl read or write
buffers when they are no longer used (complete read or write that
does not have to buffer anything).
Should be used together with tls_free_list_max_len. Might have
some performance impact (and extra *malloc pressure), but has
also the potential of saving a lot of memory (at least 32k/idle
connection in the default config, or ~16k+tls_max_send_fragment)).
Works only with openssl >= 1.0.0.

- ssl_freelist_max_len: maximum length of free/unused memory
buffers/chunks per connection. Setting it to 0 would cause any
unused buffers to be immediately freed and hence a lower memory
footprint (at the cost of a possible performance hit and more
*malloc pressure). Too large value would result in extra memory
consumption. The default is 32 in openssl.
For lowest memory usage set it to 0 and tls_mode_release_buffers
to 1.
Works / makes sense only for openssl >= 1.0.0.

- ssl_max_send_fragment: maximum number of bytes (clear text) sent
into one record. The default and maximum value are ~16k. Lower
values would lead to a lower memory footprint. Values lower then
the typical app. write size might decrease performance, so
it should be kept ~2k+ for normal SIP traffic.
Too low values (e.g. <1024) might cause the initial handshake
to fail, so use with care.
Works only for openssl >= 0.9.9.

(1 less syscall when enabled, else openssl makes 1 read() for
each record header and another or the content), but might
interact with SSL_pending() (not used right now).
Default: 1 (enabled).

Andrei Pelinescu-Onciul authored on 19/03/2010 14:11:49
Showing 1 changed files
 ... ... @@ -28,11 +28,10 @@ 28 28  * along with this program; if not, write to the Free Software  29 29  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 30 30  */ 31 -/*! 32 - * \file 33 - * \brief SIP-router TLS support :: module interface 34 - * \ingroup tls 35 - * Module: \ref tls 31 +/** SIP-router TLS support :: module interface. 32 + * @file 33 + * @ingroup tls 34 + * Module: @ref tls 36 35  */ 37 36   38 37   ... ... @@ -50,6 +49,10 @@ extern int tls_con_lifetime; 50 49  extern int tls_log; 51 50  extern int tls_session_cache; 52 51  extern str tls_session_id; 52 +extern int ssl_mode_release_buffers; 53 +extern int ssl_freelist_max_len; 54 +extern int ssl_max_send_fragment; 55 +extern int ssl_read_ahead; 53 56   54 57  /* Current TLS configuration */ 55 58  extern tls_cfg_t** tls_cfg;

#### tls(sr): fix define error introduced in 9accd256fdc80e6a6207cb7

Henning Westerholt authored on 14/10/2009 16:59:06
Showing 1 changed files
 ... ... @@ -38,7 +38,7 @@ 38 38   39 39   40 40  #ifndef _TLS_MOD_H 41 -#iefine _TLS_MOD_H 41 +#define _TLS_MOD_H 42 42   43 43  #include "../../str.h" 44 44  #include "../../locking.h"

oej authored on 10/10/2009 11:48:00
Showing 1 changed files
 ... ... @@ -7,19 +7,19 @@ 7 7  * Copyright (C) 2004,2005 Free Software Foundation, Inc. 8 8  * Copyright (C) 2005 iptelorg GmbH 9 9  * 10 - * This file is part of ser, a free SIP server. 10 + * This file is part of sip-router, a free SIP server. 11 11  * 12 - * ser is free software; you can redistribute it and/or modify 12 + * sip-router is free software; you can redistribute it and/or modify 13 13  * it under the terms of the GNU General Public License as published by 14 14  * the Free Software Foundation; either version 2 of the License, or 15 15  * (at your option) any later version 16 16  * 17 - * For a license to use the ser software under conditions 17 + * For a license to use the sip-router software under conditions 18 18  * other than those described here, or to purchase support for this 19 19  * software, please contact iptel.org by e-mail at the following addresses: 20 20  * info@iptel.org 21 21  * 22 - * ser is distributed in the hope that it will be useful, 22 + * sip-router is distributed in the hope that it will be useful, 23 23  * but WITHOUT ANY WARRANTY; without even the implied warranty of 24 24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 25 25  * GNU General Public License for more details. ... ... @@ -28,10 +28,17 @@ 28 28  * along with this program; if not, write to the Free Software  29 29  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 30 30  */ 31 +/*! 32 + * \file 33 + * \brief SIP-router TLS support :: module interface 34 + * \ingroup tls 35 + * Module: \ref tls 36 + */ 37 + 31 38   32 39   33 40  #ifndef _TLS_MOD_H 34 -#define _TLS_MOD_H 41 +#iefine _TLS_MOD_H 35 42   36 43  #include "../../str.h" 37 44  #include "../../locking.h"

#### - timeouts fixed (all the tcp timeouts use now ticks and not seconds)

Andrei Pelinescu-Onciul authored on 17/01/2007 20:24:05
Showing 1 changed files
 ... ... @@ -39,7 +39,7 @@ 39 39   40 40  extern int tls_handshake_timeout; 41 41  extern int tls_send_timeout; 42 -extern int tls_conn_timeout; 42 +extern int tls_con_lifetime; 43 43  extern int tls_log; 44 44  extern int tls_session_cache; 45 45  extern str tls_session_id;

Jan Janak authored on 03/03/2006 15:52:11
Showing 1 changed files
 ... ... @@ -1,7 +1,7 @@ 1 1  /* 2 2  * $Id$ 3 3  * 4 - * TLS module interface 4 + * TLS module - module interface 5 5  * 6 6  * Copyright (C) 2001-2003 FhG FOKUS 7 7  * Copyright (C) 2004,2005 Free Software Foundation, Inc.

#### - Support for external TLS configuration file - support for relative path names (CFG_DIR will be added automaticaly) - Support for run-time configuration re-load - tls.reload management command implemented

Jan Janak authored on 03/03/2006 11:26:53
Showing 1 changed files
 ... ... @@ -34,6 +34,8 @@ 34 34  #define _TLS_MOD_H 35 35   36 36  #include "../../str.h" 37 +#include "../../locking.h" 38 +#include "tls_domain.h" 37 39   38 40  extern int tls_handshake_timeout; 39 41  extern int tls_send_timeout; ... ... @@ -41,6 +43,14 @@ extern int tls_conn_timeout; 41 43  extern int tls_log; 42 44  extern int tls_session_cache; 43 45  extern str tls_session_id; 44 -extern char* tls_config; 46 + 47 +/* Current TLS configuration */ 48 +extern tls_cfg_t** tls_cfg; 49 +extern gen_lock_t* tls_cfg_lock; 50 + 51 +extern tls_domain_t cli_defaults; 52 +extern tls_domain_t srv_defaults; 53 + 54 +extern str tls_cfg_file; 45 55   46 56  #endif /* _TLS_MOD_H */

#### - TLS configuration file parser (not yet integrated with rest of tls module)

Jan Janak authored on 22/02/2006 23:37:19
Showing 1 changed files
 ... ... @@ -41,5 +41,6 @@ extern int tls_conn_timeout; 41 41  extern int tls_log; 42 42  extern int tls_session_cache; 43 43  extern str tls_session_id; 44 +extern char* tls_config; 44 45   45 46  #endif /* _TLS_MOD_H */

#### Preliminary TLS module (requires core patch which is attached), the module contains: - Many bugfixes and better implementation of tls_write and tls_read by Andrei - openssl compression fix by Andrei - extended tls multi-domain support (most parameters can be configured to different values in different domains) - support for outgoing domains (not complete) - support for certificate based authentication through selects ( if @tls.peer == "Bob") ... - the tls code is merge of experimental/tls and Andrei's tls to get best of both

Jan Janak authored on 28/01/2006 12:34:31
Showing 1 changed files
 1 1 new file mode 100644 ... ... @@ -0,0 +1,45 @@ 1 +/* 2 + * $Id$ 3 + * 4 + * TLS module interface 5 + * 6 + * Copyright (C) 2001-2003 FhG FOKUS 7 + * Copyright (C) 2004,2005 Free Software Foundation, Inc. 8 + * Copyright (C) 2005 iptelorg GmbH 9 + * 10 + * This file is part of ser, a free SIP server. 11 + * 12 + * ser is free software; you can redistribute it and/or modify 13 + * it under the terms of the GNU General Public License as published by 14 + * the Free Software Foundation; either version 2 of the License, or 15 + * (at your option) any later version 16 + * 17 + * For a license to use the ser software under conditions 18 + * other than those described here, or to purchase support for this 19 + * software, please contact iptel.org by e-mail at the following addresses: 20 + * info@iptel.org 21 + * 22 + * ser is distributed in the hope that it will be useful, 23 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 24 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 25 + * GNU General Public License for more details. 26 + * 27 + * You should have received a copy of the GNU General Public License  28 + * along with this program; if not, write to the Free Software  29 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 30 + */ 31 + 32 + 33 +#ifndef _TLS_MOD_H 34 +#define _TLS_MOD_H 35 + 36 +#include "../../str.h" 37 + 38 +extern int tls_handshake_timeout; 39 +extern int tls_send_timeout; 40 +extern int tls_conn_timeout; 41 +extern int tls_log; 42 +extern int tls_session_cache; 43 +extern str tls_session_id; 44 + 45 +#endif /* _TLS_MOD_H */