Browse code

tls: updates to overview section

- GH #531

Daniel-Constantin Mierla authored on 27/09/2018 10:19:34
Showing 2 changed files
... ...
@@ -18,16 +18,18 @@
18 18
 		<title><function>is_peer_verified()</function></title>
19 19
 		<para>
20 20
 			Returns true if the connection on which the message was received
21
-			is TLS , the peer presented an X509 certificate and the
21
+			is TLS, the peer presented an X509 certificate and the
22 22
 			certificate chain verified ok.
23
+		</para>
24
+		<para>
23 25
 			It can be used only in a request route.
24 26
 		</para>
25 27
 		<example>
26 28
 			<title><function>is_peer_verified</function> usage</title>
27 29
 			<programlisting>
28
-	if (proto==TLS &amp;&amp; !is_peer_verified()){
30
+	if (proto==TLS &amp;&amp; !is_peer_verified()) {
29 31
 		sl_send_reply("400", "No certificate or verification failed");
30
-		drop;
32
+		exit;
31 33
 	}
32 34
 			</programlisting>
33 35
 		</example>
... ...
@@ -68,27 +68,41 @@
68 68
 	<section id="tls.quick_start">
69 69
 		<title>Quick Start</title>
70 70
 		<para>
71
-			Make sure you have a proper certificate and private key and either
72
-			use the <varname>certificate</varname> and <varname>private_key</varname>
73
-			module parameters, or make sure the certificate and key are in the same PEM file,
74
-			named <emphasis>cert.pem</emphasis> an placed in [your-cfg-install-prefix]/etc/kamailio/.
75
-			Don't forget to load the tls module and to enable TLS
76
-			(add <emphasis>enable_tls=yes</emphasis> to your config).
71
+		The default kamailio.cfg file has basic tls support included, it has to
72
+		be enabled with "#!define WITH_TLS" directive.
73
+		</para>
74
+		<para>
75
+		The most important parameters to set the path to the public certificate and private key
76
+		files. You can either have them in different file or in the same file in PEM format.
77
+		The parameters for them are <varname>certificate</varname> and <varname>private_key</varname>.
78
+		They can be given as modparam or or provided in the profiles of tls.cfg file.
79
+		</para>
80
+		<para>
81
+		When installing tls module of kamailio, a sample 'tls.cfg' file is deployed in the same
82
+		folder with 'kamailio.cfg', along with freshly generated self signed certificates.
83
+		</para>
84
+		<para>
85
+		HINT: be sure you have <emphasis>enable_tls=yes</emphasis> to your kamailio.cfg.
77 86
 		</para>
78 87
 		<example>
79
-		<title>Quick start config</title>
88
+		<title>Quick Start Basic Config</title>
80 89
 		<programlisting>
81 90
 #...
82
-loadmodule "modules/tls/tls.so"
91
+loadmodule "sl.so"
92
+loadmodule "tls.so"
83 93
 
84
-modparam("tls", "private_key", "./andrei-test.pem")
85
-modparam("tls", "certificate", "./andrei-test.pem")
94
+modparam("tls", "private_key", "./server-test.pem")
95
+modparam("tls", "certificate", "./server-test.pem")
86 96
 modparam("tls", "ca_list", "./calist.pem")
87 97
 
88 98
 enable_tls=yes
89 99
 
90
-route{
91
-	# ....
100
+request_route {
101
+	if(proto != TLS) {
102
+		sl_send_reply("403", "Accepting TLS Only");
103
+		exit;
104
+	}
105
+	...
92 106
 }
93 107
 		</programlisting>
94 108
 		</example>