[OpenSIPS/opensips] 1ff08c: tls_mgm: support SNI for tls server domains

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[OpenSIPS/opensips] 1ff08c: tls_mgm: support SNI for tls server domains

Vlad Patrascu
  Branch: refs/heads/master
  Home:   https://github.com/OpenSIPS/opensips
  Commit: 1ff08ca48c32dd88d44af9e056f4f7f08a0452b0
  Author: Vlad Patrascu <[hidden email]>
  Date:   2018-07-13 (Fri, 13 Jul 2018)

  Changed paths:
    M modules/tls_mgm/tls_domain.c
    M modules/tls_mgm/tls_domain.h
    M modules/tls_mgm/tls_mgm.c

  Log Message:
  tls_mgm: support SNI for tls server domains

Support TLS Server Name Indication in order to present the proper certificate
when hosting multiple domains on the same IP.
If the hostname that the client attempts to connect to is supplied, that
hostname is then matched against the name of the defined virtual TLS domains.
The certificate and settings of that domain are further used for the TLS
handshake with the client.

  Commit: a4d2b08f7cfdecc2de879b31ac49741a715bea13
  Author: Vlad Patrascu <[hidden email]>
  Date:   2018-07-13 (Fri, 13 Jul 2018)

  Changed paths:
    M db/schema/tls_mgm.xml
    M modules/db_mysql/README
    M modules/db_mysql/db_mysql.c
    M modules/db_mysql/doc/db_mysql_admin.xml
    M modules/proto_tls/proto_tls.c
    M modules/proto_wss/proto_wss.c
    M modules/rest_client/README
    M modules/rest_client/doc/rest_client_admin.xml
    M modules/rest_client/rest_methods.c
    M modules/tls_mgm/README
    M modules/tls_mgm/api.h
    M modules/tls_mgm/doc/tls_mgm_admin.xml
    M modules/tls_mgm/tls.h
    M modules/tls_mgm/tls_config.c
    M modules/tls_mgm/tls_config.h
    M modules/tls_mgm/tls_config_helper.h
    M modules/tls_mgm/tls_conn.h
    M modules/tls_mgm/tls_conn_ops.h
    M modules/tls_mgm/tls_conn_server.h
    M modules/tls_mgm/tls_domain.c
    M modules/tls_mgm/tls_domain.h
    M modules/tls_mgm/tls_helper.h
    M modules/tls_mgm/tls_mgm.c
    M modules/tls_mgm/tls_params.c
    M modules/tls_mgm/tls_params.h
    M scripts/db_berkeley/opensips/tls_mgm
    M scripts/db_berkeley/opensips/version
    M scripts/dbtext/opensips/tls_mgm
    M scripts/dbtext/opensips/version
    M scripts/mysql/tls_mgm-create.sql
    M scripts/oracle/tls_mgm-create.sql
    M scripts/pi_http/pi_framework.xml
    M scripts/pi_http/tls_mgm-mod
    M scripts/pi_http/tls_mgm-table
    M scripts/postgres/tls_mgm-create.sql
    M scripts/sqlite/tls_mgm-create.sql

  Log Message:
  tls_mgm: improve TLS domains matching

TLS domain matching is now described using 2 new modparams/DB fileds:
"match_ip_address" and "match_sip_domain". A new AVP is introduced that sets the
SIP domain to use as a maching filter for client domains. For server domains, the
hostname in the Servername extension is matched against the SIP domains defined
in match_sip_domain.
Also fix ref counting issues for DB-loaded TLS domains.

Compare: https://github.com/OpenSIPS/opensips/compare/c2a11864ebf7...a4d2b08f7cfd
      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

Devel mailing list
[hidden email]