[OpenSIPS-Users] tlt_mgm module - any way to pass cert/key as parameter for outgoing connection?

Yury Kirsanov y.kirsanov at gmail.com
Thu Mar 31 15:26:51 UTC 2022


Hi Bogdan,
Thanks, will do!

Best regards,
Yury.

On Fri, Apr 1, 2022 at 2:25 AM Bogdan-Andrei Iancu <bogdan at opensips.org>
wrote:

> Hi Yury,
>
> You can open a feature request on github, so we can take this into
> consideration for the future releases ;)
>
> Best regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS eBootcamp 23rd May - 3rd June 2022
>   https://opensips.org/training/OpenSIPS_eBootcamp_2022/
>
> On 3/31/22 6:23 PM, Yury Kirsanov wrote:
>
> Hi Bogdan,
> Thanks, that's a good idea! Hope one day we will have the ability to
> select certificates from AVPs in script!
>
> Best regards,
> Yury.
>
> On Fri, Apr 1, 2022 at 1:06 AM Bogdan-Andrei Iancu <bogdan at opensips.org>
> wrote:
>
>> Hi Yury,
>>
>> I'm afraid this is not possible (to fetch the cert from an external
>> source at runtime). A dirty hack may be to (1) do the rest and fetch the
>> cert + key,  (2) to insert into (from script) into the tls_mgm db table and
>> (3) fire an MI tls_reload cmd (from script) via the mi() script function [1]
>>
>> [1] https://opensips.org/html/docs/modules/3.2.x/mi_script.html#func_mi
>>
>> and yeah, I know, it is ugly :(
>>
>> Best regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>> OpenSIPS eBootcamp 23rd May - 3rd June 2022
>>   https://opensips.org/training/OpenSIPS_eBootcamp_2022/
>>
>> On 3/15/22 1:45 PM, Yury Kirsanov wrote:
>>
>> Hi,
>> I've got a question, is there any way to pass SSL certificate and key as
>> a parameter to the tls_mgm module during script execution? For example,
>> first I do a REST request to our REST API server which returns me all
>> required parameters including certificate and key. Then I'd like to use
>> this response as a client certificate for outgoing connection to some
>> TLS-enabled server. Is there any way to do that? I know I can use DB module
>> and select a client certificate using avp variable, but that's not
>> convenient as it requires tls_reload MI command each time the DB is updated.
>>
>> Thanks and best regards,
>> Yury.
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220401/f39f6e80/attachment.html>


More information about the Users mailing list