From 47e9a74bbe48025d238b85eac9ba5ed183f70667 Mon Sep 17 00:00:00 2001 From: Kamailio Dev Date: Wed, 31 Mar 2021 16:01:16 +0200 Subject: [PATCH] modules: readme files regenerated - tls ... [skip ci] --- src/modules/tls/README | 26 ++++++++++++++++++++++++-- src/modules/topos/README | 36 +++++++++++++++++++++++++++++------- 2 files changed, 53 insertions(+), 9 deletions(-) diff --git a/src/modules/tls/README b/src/modules/tls/README index 9b758b5da9f..734dc7435dc 100644 --- a/src/modules/tls/README +++ b/src/modules/tls/README @@ -75,6 +75,7 @@ Olle E. Johansson 11. Functions 11.1. is_peer_verified() + 11.2. tls_set_connect_server_id(srvid) 12. RPC Commands @@ -145,7 +146,8 @@ Olle E. Johansson 1.47. Set verify_client modparam parameter 1.48. Set verify_client tls.cfg parameter 1.49. is_peer_verified usage - 1.50. Use of event_route[tls:connection-out] + 1.50. tls_set_connect_server_id usage + 1.51. Use of event_route[tls:connection-out] Chapter 1. Admin Guide @@ -205,6 +207,7 @@ Chapter 1. Admin Guide 11. Functions 11.1. is_peer_verified() + 11.2. tls_set_connect_server_id(srvid) 12. RPC Commands @@ -1575,6 +1578,7 @@ verify_client = optional_no_ca 11. Functions 11.1. is_peer_verified() + 11.2. tls_set_connect_server_id(srvid) 11.1. is_peer_verified() @@ -1585,10 +1589,28 @@ verify_client = optional_no_ca It can be used only in a request route. Example 1.49. is_peer_verified usage +... if (proto==TLS && !is_peer_verified()) { sl_send_reply("400", "No certificate or verification failed"); exit; } +... + +11.2. tls_set_connect_server_id(srvid) + + Set the server id of the tls profile to be used by next client connect, + being reset after use. It is an alternative to the use of xavp to + specify server id of a client profile for the cases when xavps are no + longer available (e.g., after event_route[tm:local-request]). + + If the parameter is an empty string, then the value is reset. + + It can be used only in ANY_ROUTE. + + Example 1.50. tls_set_connect_server_id usage +... + tls_set_connect_server_id("clientone"); +... 12. RPC Commands @@ -1661,7 +1683,7 @@ verify_client = optional_no_ca If drop() is executed in the event route, then the data is no longer sent over the connection. - Example 1.50. Use of event_route[tls:connection-out] + Example 1.51. Use of event_route[tls:connection-out] ... event_route[tls:connection-out] { if($sndto(ip)=="1.2.3.4") { diff --git a/src/modules/topos/README b/src/modules/topos/README index 39a113ce368..ee13bf73d67 100644 --- a/src/modules/topos/README +++ b/src/modules/topos/README @@ -46,6 +46,7 @@ Frederic Gaisnon 3.13. a_contact_avp (str) 3.14. b_contact_avp (str) 3.15. rr_update (int) + 3.16. contact_host_avp (str) 4. Event Routes @@ -69,8 +70,9 @@ Frederic Gaisnon 1.13. Set a_contact_avp parameter 1.14. Set b_contact_avp parameter 1.15. Set rr_update parameter - 1.16. Usage of event_route[topos:msg-outgoing] - 1.17. Usage of event_route[topos:msg-sending] + 1.16. Set contact_host_avp parameter + 1.17. Usage of event_route[topos:msg-outgoing] + 1.18. Usage of event_route[topos:msg-sending] Chapter 1. Admin Guide @@ -99,6 +101,7 @@ Chapter 1. Admin Guide 3.13. a_contact_avp (str) 3.14. b_contact_avp (str) 3.15. rr_update (int) + 3.16. contact_host_avp (str) 4. Event Routes @@ -160,6 +163,7 @@ Chapter 1. Admin Guide 3.13. a_contact_avp (str) 3.14. b_contact_avp (str) 3.15. rr_update (int) + 3.16. contact_host_avp (str) 3.1. storage (str) @@ -291,9 +295,10 @@ modparam("topos", "event_mode", 2) 3.10. contact_host (str) You may need to control the host part of the Contact header added by - topos. For example when using TLS with TOPOS the remote UAS must be - able to open a new TLS socket to the contact header. In this case, the - contact header must contain a domain name with a trusted CA signed + topos. If the contact_host_avp parameter is set, this value is ignored. + For example when using TLS with TOPOS the remote UAS must be able to + open a new TLS socket to the contact header. In this case, the contact + header must contain a domain name with a trusted CA signed certitificate. Default value is taken from the Record-Route URI. @@ -381,6 +386,23 @@ modparam("topos", "b_contact_avp", "$avp(tps-bct)") modparam("topos", "rr_update", 1) ... +3.16. contact_host_avp (str) + + You may need to control the host part of the Contact header added by + topos. This parameter allows to take the value from an AVP during + run-time. If this parameter is set, the contact_host parameter is + ignored. For example when using TLS with TOPOS the remote UAS must be + able to open a new TLS socket to the contact header. In this case, the + contact header must contain a domain name with a trusted CA signed + certitificate. + + Default value is empty, not set. + + Example 1.16. Set contact_host_avp parameter +... +modparam("topos", "contact_host_avp", "$avp(contact_host)") +... + 4. Event Routes 4.1. event_route[topos:msg-outgoing] @@ -398,7 +420,7 @@ modparam("topos", "rr_update", 1) reparsing the outgoing SIP message for the cases when topology hiding is not wanted. - Example 1.16. Usage of event_route[topos:msg-outgoing] + Example 1.17. Usage of event_route[topos:msg-outgoing] ... event_route[topos:msg-outgoing] { if($sndto(ip)=="10.1.1.10") { @@ -417,7 +439,7 @@ event_route[topos:msg-outgoing] { $sndto(proto) point to the destination. The SIP message is the one to be sent out. - Example 1.17. Usage of event_route[topos:msg-sending] + Example 1.18. Usage of event_route[topos:msg-sending] ... event_route[topos:msg-sending] { if(is_request() and $fU=="alice") {