Browse code
modules: readme files regenerated - tls ... [skip ci]
Kamailio Dev authored on 31/03/2021 14:01:16
Showing 2 changed files
| ... | ... |
@@ -75,6 +75,7 @@ Olle E. Johansson |
| 75 | 75 |
11. Functions |
| 76 | 76 |
|
| 77 | 77 |
11.1. is_peer_verified() |
| 78 |
+ 11.2. tls_set_connect_server_id(srvid) |
|
| 78 | 79 |
|
| 79 | 80 |
12. RPC Commands |
| 80 | 81 |
|
| ... | ... |
@@ -145,7 +146,8 @@ Olle E. Johansson |
| 145 | 146 |
1.47. Set verify_client modparam parameter |
| 146 | 147 |
1.48. Set verify_client tls.cfg parameter |
| 147 | 148 |
1.49. is_peer_verified usage |
| 148 |
- 1.50. Use of event_route[tls:connection-out] |
|
| 149 |
+ 1.50. tls_set_connect_server_id usage |
|
| 150 |
+ 1.51. Use of event_route[tls:connection-out] |
|
| 149 | 151 |
|
| 150 | 152 |
Chapter 1. Admin Guide |
| 151 | 153 |
|
| ... | ... |
@@ -205,6 +207,7 @@ Chapter 1. Admin Guide |
| 205 | 207 |
11. Functions |
| 206 | 208 |
|
| 207 | 209 |
11.1. is_peer_verified() |
| 210 |
+ 11.2. tls_set_connect_server_id(srvid) |
|
| 208 | 211 |
|
| 209 | 212 |
12. RPC Commands |
| 210 | 213 |
|
| ... | ... |
@@ -1575,6 +1578,7 @@ verify_client = optional_no_ca |
| 1575 | 1578 |
11. Functions |
| 1576 | 1579 |
|
| 1577 | 1580 |
11.1. is_peer_verified() |
| 1581 |
+ 11.2. tls_set_connect_server_id(srvid) |
|
| 1578 | 1582 |
|
| 1579 | 1583 |
11.1. is_peer_verified() |
| 1580 | 1584 |
|
| ... | ... |
@@ -1585,10 +1589,28 @@ verify_client = optional_no_ca |
| 1585 | 1589 |
It can be used only in a request route. |
| 1586 | 1590 |
|
| 1587 | 1591 |
Example 1.49. is_peer_verified usage |
| 1592 |
+... |
|
| 1588 | 1593 |
if (proto==TLS && !is_peer_verified()) {
|
| 1589 | 1594 |
sl_send_reply("400", "No certificate or verification failed");
|
| 1590 | 1595 |
exit; |
| 1591 | 1596 |
} |
| 1597 |
+... |
|
| 1598 |
+ |
|
| 1599 |
+11.2. tls_set_connect_server_id(srvid) |
|
| 1600 |
+ |
|
| 1601 |
+ Set the server id of the tls profile to be used by next client connect, |
|
| 1602 |
+ being reset after use. It is an alternative to the use of xavp to |
|
| 1603 |
+ specify server id of a client profile for the cases when xavps are no |
|
| 1604 |
+ longer available (e.g., after event_route[tm:local-request]). |
|
| 1605 |
+ |
|
| 1606 |
+ If the parameter is an empty string, then the value is reset. |
|
| 1607 |
+ |
|
| 1608 |
+ It can be used only in ANY_ROUTE. |
|
| 1609 |
+ |
|
| 1610 |
+ Example 1.50. tls_set_connect_server_id usage |
|
| 1611 |
+... |
|
| 1612 |
+ tls_set_connect_server_id("clientone");
|
|
| 1613 |
+... |
|
| 1592 | 1614 |
|
| 1593 | 1615 |
12. RPC Commands |
| 1594 | 1616 |
|
| ... | ... |
@@ -1661,7 +1683,7 @@ verify_client = optional_no_ca |
| 1661 | 1683 |
If drop() is executed in the event route, then the data is no longer |
| 1662 | 1684 |
sent over the connection. |
| 1663 | 1685 |
|
| 1664 |
- Example 1.50. Use of event_route[tls:connection-out] |
|
| 1686 |
+ Example 1.51. Use of event_route[tls:connection-out] |
|
| 1665 | 1687 |
... |
| 1666 | 1688 |
event_route[tls:connection-out] {
|
| 1667 | 1689 |
if($sndto(ip)=="1.2.3.4") {
|
| ... | ... |
@@ -46,6 +46,7 @@ Frederic Gaisnon |
| 46 | 46 |
3.13. a_contact_avp (str) |
| 47 | 47 |
3.14. b_contact_avp (str) |
| 48 | 48 |
3.15. rr_update (int) |
| 49 |
+ 3.16. contact_host_avp (str) |
|
| 49 | 50 |
|
| 50 | 51 |
4. Event Routes |
| 51 | 52 |
|
| ... | ... |
@@ -69,8 +70,9 @@ Frederic Gaisnon |
| 69 | 70 |
1.13. Set a_contact_avp parameter |
| 70 | 71 |
1.14. Set b_contact_avp parameter |
| 71 | 72 |
1.15. Set rr_update parameter |
| 72 |
- 1.16. Usage of event_route[topos:msg-outgoing] |
|
| 73 |
- 1.17. Usage of event_route[topos:msg-sending] |
|
| 73 |
+ 1.16. Set contact_host_avp parameter |
|
| 74 |
+ 1.17. Usage of event_route[topos:msg-outgoing] |
|
| 75 |
+ 1.18. Usage of event_route[topos:msg-sending] |
|
| 74 | 76 |
|
| 75 | 77 |
Chapter 1. Admin Guide |
| 76 | 78 |
|
| ... | ... |
@@ -99,6 +101,7 @@ Chapter 1. Admin Guide |
| 99 | 101 |
3.13. a_contact_avp (str) |
| 100 | 102 |
3.14. b_contact_avp (str) |
| 101 | 103 |
3.15. rr_update (int) |
| 104 |
+ 3.16. contact_host_avp (str) |
|
| 102 | 105 |
|
| 103 | 106 |
4. Event Routes |
| 104 | 107 |
|
| ... | ... |
@@ -160,6 +163,7 @@ Chapter 1. Admin Guide |
| 160 | 163 |
3.13. a_contact_avp (str) |
| 161 | 164 |
3.14. b_contact_avp (str) |
| 162 | 165 |
3.15. rr_update (int) |
| 166 |
+ 3.16. contact_host_avp (str) |
|
| 163 | 167 |
|
| 164 | 168 |
3.1. storage (str) |
| 165 | 169 |
|
| ... | ... |
@@ -291,9 +295,10 @@ modparam("topos", "event_mode", 2)
|
| 291 | 295 |
3.10. contact_host (str) |
| 292 | 296 |
|
| 293 | 297 |
You may need to control the host part of the Contact header added by |
| 294 |
- topos. For example when using TLS with TOPOS the remote UAS must be |
|
| 295 |
- able to open a new TLS socket to the contact header. In this case, the |
|
| 296 |
- contact header must contain a domain name with a trusted CA signed |
|
| 298 |
+ topos. If the contact_host_avp parameter is set, this value is ignored. |
|
| 299 |
+ For example when using TLS with TOPOS the remote UAS must be able to |
|
| 300 |
+ open a new TLS socket to the contact header. In this case, the contact |
|
| 301 |
+ header must contain a domain name with a trusted CA signed |
|
| 297 | 302 |
certitificate. |
| 298 | 303 |
|
| 299 | 304 |
Default value is taken from the Record-Route URI. |
| ... | ... |
@@ -381,6 +386,23 @@ modparam("topos", "b_contact_avp", "$avp(tps-bct)")
|
| 381 | 386 |
modparam("topos", "rr_update", 1)
|
| 382 | 387 |
... |
| 383 | 388 |
|
| 389 |
+3.16. contact_host_avp (str) |
|
| 390 |
+ |
|
| 391 |
+ You may need to control the host part of the Contact header added by |
|
| 392 |
+ topos. This parameter allows to take the value from an AVP during |
|
| 393 |
+ run-time. If this parameter is set, the contact_host parameter is |
|
| 394 |
+ ignored. For example when using TLS with TOPOS the remote UAS must be |
|
| 395 |
+ able to open a new TLS socket to the contact header. In this case, the |
|
| 396 |
+ contact header must contain a domain name with a trusted CA signed |
|
| 397 |
+ certitificate. |
|
| 398 |
+ |
|
| 399 |
+ Default value is empty, not set. |
|
| 400 |
+ |
|
| 401 |
+ Example 1.16. Set contact_host_avp parameter |
|
| 402 |
+... |
|
| 403 |
+modparam("topos", "contact_host_avp", "$avp(contact_host)")
|
|
| 404 |
+... |
|
| 405 |
+ |
|
| 384 | 406 |
4. Event Routes |
| 385 | 407 |
|
| 386 | 408 |
4.1. event_route[topos:msg-outgoing] |
| ... | ... |
@@ -398,7 +420,7 @@ modparam("topos", "rr_update", 1)
|
| 398 | 420 |
reparsing the outgoing SIP message for the cases when topology hiding |
| 399 | 421 |
is not wanted. |
| 400 | 422 |
|
| 401 |
- Example 1.16. Usage of event_route[topos:msg-outgoing] |
|
| 423 |
+ Example 1.17. Usage of event_route[topos:msg-outgoing] |
|
| 402 | 424 |
... |
| 403 | 425 |
event_route[topos:msg-outgoing] {
|
| 404 | 426 |
if($sndto(ip)=="10.1.1.10") {
|
| ... | ... |
@@ -417,7 +439,7 @@ event_route[topos:msg-outgoing] {
|
| 417 | 439 |
$sndto(proto) point to the destination. The SIP message is the one to |
| 418 | 440 |
be sent out. |
| 419 | 441 |
|
| 420 |
- Example 1.17. Usage of event_route[topos:msg-sending] |
|
| 442 |
+ Example 1.18. Usage of event_route[topos:msg-sending] |
|
| 421 | 443 |
... |
| 422 | 444 |
event_route[topos:msg-sending] {
|
| 423 | 445 |
if(is_request() and $fU=="alice") {
|