[OpenSIPS-Devel] [OpenSIPS/opensips] 1ff08c: tls_mgm: support SNI for tls server domains

Vlad Patrascu vladp at opensips.org
Fri Jul 13 13:29:37 EDT 2018


  Branch: refs/heads/master
  Home:   https://github.com/OpenSIPS/opensips
  Commit: 1ff08ca48c32dd88d44af9e056f4f7f08a0452b0
      https://github.com/OpenSIPS/opensips/commit/1ff08ca48c32dd88d44af9e056f4f7f08a0452b0
  Author: Vlad Patrascu <vladp at opensips.org>
  Date:   2018-07-13 (Fri, 13 Jul 2018)

  Changed paths:
    M modules/tls_mgm/tls_domain.c
    M modules/tls_mgm/tls_domain.h
    M modules/tls_mgm/tls_mgm.c

  Log Message:
  -----------
  tls_mgm: support SNI for tls server domains

Support TLS Server Name Indication in order to present the proper certificate
when hosting multiple domains on the same IP.
If the hostname that the client attempts to connect to is supplied, that
hostname is then matched against the name of the defined virtual TLS domains.
The certificate and settings of that domain are further used for the TLS
handshake with the client.


  Commit: a4d2b08f7cfdecc2de879b31ac49741a715bea13
      https://github.com/OpenSIPS/opensips/commit/a4d2b08f7cfdecc2de879b31ac49741a715bea13
  Author: Vlad Patrascu <vladp at opensips.org>
  Date:   2018-07-13 (Fri, 13 Jul 2018)

  Changed paths:
    M db/schema/tls_mgm.xml
    M modules/db_mysql/README
    M modules/db_mysql/db_mysql.c
    M modules/db_mysql/doc/db_mysql_admin.xml
    M modules/proto_tls/proto_tls.c
    M modules/proto_wss/proto_wss.c
    M modules/rest_client/README
    M modules/rest_client/doc/rest_client_admin.xml
    M modules/rest_client/rest_methods.c
    M modules/tls_mgm/README
    M modules/tls_mgm/api.h
    M modules/tls_mgm/doc/tls_mgm_admin.xml
    M modules/tls_mgm/tls.h
    M modules/tls_mgm/tls_config.c
    M modules/tls_mgm/tls_config.h
    M modules/tls_mgm/tls_config_helper.h
    M modules/tls_mgm/tls_conn.h
    M modules/tls_mgm/tls_conn_ops.h
    M modules/tls_mgm/tls_conn_server.h
    M modules/tls_mgm/tls_domain.c
    M modules/tls_mgm/tls_domain.h
    M modules/tls_mgm/tls_helper.h
    M modules/tls_mgm/tls_mgm.c
    M modules/tls_mgm/tls_params.c
    M modules/tls_mgm/tls_params.h
    M scripts/db_berkeley/opensips/tls_mgm
    M scripts/db_berkeley/opensips/version
    M scripts/dbtext/opensips/tls_mgm
    M scripts/dbtext/opensips/version
    M scripts/mysql/tls_mgm-create.sql
    M scripts/oracle/tls_mgm-create.sql
    M scripts/pi_http/pi_framework.xml
    M scripts/pi_http/tls_mgm-mod
    M scripts/pi_http/tls_mgm-table
    M scripts/postgres/tls_mgm-create.sql
    M scripts/sqlite/tls_mgm-create.sql

  Log Message:
  -----------
  tls_mgm: improve TLS domains matching

TLS domain matching is now described using 2 new modparams/DB fileds:
"match_ip_address" and "match_sip_domain". A new AVP is introduced that sets the
SIP domain to use as a maching filter for client domains. For server domains, the
hostname in the Servername extension is matched against the SIP domains defined
in match_sip_domain.
Also fix ref counting issues for DB-loaded TLS domains.


Compare: https://github.com/OpenSIPS/opensips/compare/c2a11864ebf7...a4d2b08f7cfd
      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the Devel mailing list