[OpenSIPS-Devel] [OpenSIPS/opensips] 1ff08c: tls_mgm: support SNI for tls server domains
Vlad Patrascu
vladp at opensips.org
Fri Jul 13 13:29:37 EDT 2018
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: 1ff08ca48c32dd88d44af9e056f4f7f08a0452b0
https://github.com/OpenSIPS/opensips/commit/1ff08ca48c32dd88d44af9e056f4f7f08a0452b0
Author: Vlad Patrascu <vladp at opensips.org>
Date: 2018-07-13 (Fri, 13 Jul 2018)
Changed paths:
M modules/tls_mgm/tls_domain.c
M modules/tls_mgm/tls_domain.h
M modules/tls_mgm/tls_mgm.c
Log Message:
-----------
tls_mgm: support SNI for tls server domains
Support TLS Server Name Indication in order to present the proper certificate
when hosting multiple domains on the same IP.
If the hostname that the client attempts to connect to is supplied, that
hostname is then matched against the name of the defined virtual TLS domains.
The certificate and settings of that domain are further used for the TLS
handshake with the client.
Commit: a4d2b08f7cfdecc2de879b31ac49741a715bea13
https://github.com/OpenSIPS/opensips/commit/a4d2b08f7cfdecc2de879b31ac49741a715bea13
Author: Vlad Patrascu <vladp at opensips.org>
Date: 2018-07-13 (Fri, 13 Jul 2018)
Changed paths:
M db/schema/tls_mgm.xml
M modules/db_mysql/README
M modules/db_mysql/db_mysql.c
M modules/db_mysql/doc/db_mysql_admin.xml
M modules/proto_tls/proto_tls.c
M modules/proto_wss/proto_wss.c
M modules/rest_client/README
M modules/rest_client/doc/rest_client_admin.xml
M modules/rest_client/rest_methods.c
M modules/tls_mgm/README
M modules/tls_mgm/api.h
M modules/tls_mgm/doc/tls_mgm_admin.xml
M modules/tls_mgm/tls.h
M modules/tls_mgm/tls_config.c
M modules/tls_mgm/tls_config.h
M modules/tls_mgm/tls_config_helper.h
M modules/tls_mgm/tls_conn.h
M modules/tls_mgm/tls_conn_ops.h
M modules/tls_mgm/tls_conn_server.h
M modules/tls_mgm/tls_domain.c
M modules/tls_mgm/tls_domain.h
M modules/tls_mgm/tls_helper.h
M modules/tls_mgm/tls_mgm.c
M modules/tls_mgm/tls_params.c
M modules/tls_mgm/tls_params.h
M scripts/db_berkeley/opensips/tls_mgm
M scripts/db_berkeley/opensips/version
M scripts/dbtext/opensips/tls_mgm
M scripts/dbtext/opensips/version
M scripts/mysql/tls_mgm-create.sql
M scripts/oracle/tls_mgm-create.sql
M scripts/pi_http/pi_framework.xml
M scripts/pi_http/tls_mgm-mod
M scripts/pi_http/tls_mgm-table
M scripts/postgres/tls_mgm-create.sql
M scripts/sqlite/tls_mgm-create.sql
Log Message:
-----------
tls_mgm: improve TLS domains matching
TLS domain matching is now described using 2 new modparams/DB fileds:
"match_ip_address" and "match_sip_domain". A new AVP is introduced that sets the
SIP domain to use as a maching filter for client domains. For server domains, the
hostname in the Servername extension is matched against the SIP domains defined
in match_sip_domain.
Also fix ref counting issues for DB-loaded TLS domains.
Compare: https://github.com/OpenSIPS/opensips/compare/c2a11864ebf7...a4d2b08f7cfd
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Devel
mailing list