15 年前 · 0efe88e297
--- a/modules/tls/Makefile
+++ b/modules/tls/Makefile
@@ -17,7 +17,9 @@ LIBS+=	-L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib \
 
				 # NOTE: depending on the way in which libssl was compiled you might
			
 
				 #       have to add -lz -lkrb5   (zlib and kerberos5).
			
 
				 #       E.g.: make TLS_HOOKS=1 TLS_EXTRA_LIBS="-lz -lkrb5"
			
 
				-MOD_INSTALL_CFGS=tls.cfg
			
 
				+
			
 
				+# dcm: tls.cfg installed via local 'install-cfg' to update paths
			
 
				+#MOD_INSTALL_CFGS=tls.cfg
			
 
				 
			
 
				 DEFS+=-DOPENSER_MOD_INTERFACE
			
 
				 
			
@@ -28,3 +30,13 @@ install-tls-cert: $(cfg_prefix)/$(cfg_dir)
 
				 	MAIN_NAME=$(MAIN_NAME) ./$(SCR_NAME)_cert.sh -d $(cfg_prefix)/$(cfg_dir)
			
 
				 
			
 
				 install-cfg:  install-tls-cert
			
 
				+	@$(call try_err, $(INSTALL_TOUCH) \
			
 
				+			"$(cfg_prefix)/$(cfg_dir)tls.cfg.sample" )
			
 
				+	@sed -e "s#/usr/local/etc/ser/#$(cfg_prefix)/$(cfg_dir)#g" \
			
 
				+			-e "s#ser-selfsigned#$(MAIN_NAME)-selfsigned#g" \
			
 
				+				< ./tls.cfg > "$(cfg_prefix)/$(cfg_dir)tls.cfg.sample"
			
 
				+	@if [ -z "${skip_cfg_install}" -a \
			
 
				+			! -f "$(cfg_prefix)/$(cfg_dir)tls.cfg" ]; then \
			
 
				+		mv -f "$(cfg_prefix)/$(cfg_dir)tls.cfg.sample" \
			
 
				+						"$(cfg_prefix)/$(cfg_dir)tls.cfg" ; \
			
 
				+	fi
			
--- a/modules/tls/tls.cfg
+++ b/modules/tls/tls.cfg
@@ -17,8 +17,8 @@
 
				 method = TLSv1
			
 
				 verify_certificate = no
			
 
				 require_certificate = no
			
 
				-private_key = ser-selfsigned.key
			
 
				-certificate = ser-selfsigned.pem
			
 
				+private_key = /usr/local/etc/ser/ser-selfsigned.key
			
 
				+certificate = /usr/local/etc/ser/ser-selfsigned.pem
			
 
				 
			
 
				 # This is the default client domain, settings
			
 
				 # in this domain will be used for all outgoing
			
@@ -42,8 +42,8 @@ require_certificate = yes
 
				 #method = SSLv23
			
 
				 #verify_certificate = yes
			
 
				 #require_certificate = no
			
 
				-#private_key = local_key.pem
			
 
				-#certificate = local_cert.pem
			
 
				+#private_key = /usr/local/etc/ser/local_key.pem
			
 
				+#certificate = /usr/local/etc/ser/local_cert.pem
			
 
				 #verify_depth = 3
			
 
				 #ca_list = local_ca.pem
			
 
				 
			
@@ -56,6 +56,6 @@ require_certificate = yes
 
				 #
			
 
				 #[client:195.37.77.101:5061]
			
 
				 #verify_certificate = no
			
 
				-#certificate = iptel_client.pem
			
 
				-#private_key = iptel_key.pem
			
 
				-#ca_list = iptel_ca.pem
			
 
				+#certificate = /usr/local/etc/ser/iptel_client.pem
			
 
				+#private_key = /usr/local/etc/ser/iptel_key.pem
			
 
				+#ca_list = /usr/local/etc/ser/iptel_ca.pem