http_client: Clean up connection parameter definitions

- Add TLSversion enums to config file
- Add boolean types to config file
- Make connection parameter names consistent across default modparam/httpcon/configfile
- Update documentation and README

modules/http_client/README

@@ -12,11 +12,11 @@ Carsten Bock
 
    ng-voice GmbH
 
-   Copyright © 2008-2009 Juha Heinanen
+   Copyright © 2008-2009 Juha Heinanen
 
-   Copyright © 2013 Carsten Bock, ng-voice GmbH
+   Copyright © 2013 Carsten Bock, ng-voice GmbH
 
-   Copyright © 2015 Olle E. Johansson, Edvina AB
+   Copyright © 2015 Olle E. Johansson, Edvina AB
      __________________________________________________________________
 
    Table of Contents
@@ -35,14 +35,15 @@ Carsten Bock
               3.2. useragent (string)
               3.3. maxdatasize (int)
               3.4. connection_timeout (int)
-              3.5. tlsclientcert (string)
-              3.6. tlsclientkey (string)
-              3.7. tlscacert (string)
-              3.8. tlscipherlist (string)
-              3.9. tlsverifypeer (int)
-              3.10. tlsverifyhost (int)
-              3.11. httpcon (string)
-              3.12. config_file (string)
+              3.5. client_cert (string)
+              3.6. client_key (string)
+              3.7. cacert (string)
+              3.8. cipher_suites (string)
+              3.9. verify_peer (int)
+              3.10. verify_host (int)
+              3.11. tlsversion (int)
+              3.12. httpcon (string)
+              3.13. config_file (string)
 
         4. Functions
 
@@ -77,17 +78,18 @@ Carsten Bock
    1.2. Set useragent parameter
    1.3. Set maxdatasize parameter
    1.4. Set connection_timeout parameter
-   1.5. Set tlsclientcert parameter
-   1.6. Set tlsclientkey parameter
-   1.7. Set tlscacert parameter
-   1.8. Set tlscipherlist parameter
-   1.9. Set tlsverifypeer parameter
-   1.10. Set tlsverifyhost parameter
-   1.11. Set httpcon parameter
-   1.12. Set config_file parameter
-   1.13. Short http_client config file
-   1.14. http_connect() usage
-   1.15. curl_http_query() usage
+   1.5. Set client_cert parameter
+   1.6. Set client_key parameter
+   1.7. Set cacert parameter
+   1.8. Set cipher_suites parameter
+   1.9. Set verify_peer parameter
+   1.10. Set verify_host parameter
+   1.11. Set tlsversion parameter
+   1.12. Set httpcon parameter
+   1.13. Set config_file parameter
+   1.14. Short http_client config file
+   1.15. http_connect() usage
+   1.16. curl_http_query() usage
 
 Chapter 1. Admin Guide
 
@@ -105,14 +107,15 @@ Chapter 1. Admin Guide
         3.2. useragent (string)
         3.3. maxdatasize (int)
         3.4. connection_timeout (int)
-        3.5. tlsclientcert (string)
-        3.6. tlsclientkey (string)
-        3.7. tlscacert (string)
-        3.8. tlscipherlist (string)
-        3.9. tlsverifypeer (int)
-        3.10. tlsverifyhost (int)
-        3.11. httpcon (string)
-        3.12. config_file (string)
+        3.5. client_cert (string)
+        3.6. client_key (string)
+        3.7. cacert (string)
+        3.8. cipher_suites (string)
+        3.9. verify_peer (int)
+        3.10. verify_host (int)
+        3.11. tlsversion (int)
+        3.12. httpcon (string)
+        3.13. config_file (string)
 
    4. Functions
 
@@ -181,14 +184,15 @@ Chapter 1. Admin Guide
    3.2. useragent (string)
    3.3. maxdatasize (int)
    3.4. connection_timeout (int)
-   3.5. tlsclientcert (string)
-   3.6. tlsclientkey (string)
-   3.7. tlscacert (string)
-   3.8. tlscipherlist (string)
-   3.9. tlsverifypeer (int)
-   3.10. tlsverifyhost (int)
-   3.11. httpcon (string)
-   3.12. config_file (string)
+   3.5. client_cert (string)
+   3.6. client_key (string)
+   3.7. cacert (string)
+   3.8. cipher_suites (string)
+   3.9. verify_peer (int)
+   3.10. verify_host (int)
+   3.11. tlsversion (int)
+   3.12. httpcon (string)
+   3.13. config_file (string)
 
 3.1. httpredirect (int)
 
@@ -237,36 +241,36 @@ modparam("http_client", "maxdatasize", 2000)
 modparam("http_client", "connection_timeout", 2)
 ...
 
-3.5. tlsclientcert (string)
+3.5. client_cert (string)
 
    File name for a TLS client certificate. The certificate needs to be
    encoded in PEM format.
 
    Default value is empty string, i.e. no client certificate used. Note
    that if you specify a client cert, you also need to specify the
-   tlsclientkey.
+   client_key.
 
-   Example 1.5. Set tlsclientcert parameter
+   Example 1.5. Set client_cert parameter
 ...
-modparam("http_client", "tlsclientcert", "/var/certs/sollentuna.example.com.cert
-")
+modparam("http_client", "client_cert", "/var/certs/sollentuna.example.com.cert"
+)
 ...
 
-3.6. tlsclientkey (string)
+3.6. client_key (string)
 
    File name for a TLS client key. The key needs to be encoded in PEM
    format.
 
    Default value is empty string, i.e. no client certificate or key is
    used. Note that if you specify a client key, you also need to specify
-   the tlsclientcert.
+   the client_cert.
 
-   Example 1.6. Set tlsclientkey parameter
+   Example 1.6. Set client_key parameter
 ...
-modparam("http_client", "tlsclientkey", "/var/certs/sollentuna.example.com.key")
+modparam("http_client", "client_key", "/var/certs/sollentuna.example.com.key")
 ...
 
-3.7. tlscacert (string)
+3.7. cacert (string)
 
    File name for the trusted TLS CA cert used to verify servers. The
    certificates need to be encoded in PEM format.
@@ -275,12 +279,12 @@ modparam("http_client", "tlsclientkey", "/var/certs/sollentuna.example.com.key")
    the host. If tlsverifyhost is on, all TLS connections will fail without
    any CA certificate to validate with.
 
-   Example 1.7. Set tlscacert parameter
+   Example 1.7. Set cacert parameter
 ...
-modparam("http_client", "tlscacert", "/var/certs/ca/edvina-sip-ca.pem")
+modparam("http_client", "cacert", "/var/certs/ca/edvina-sip-ca.pem")
 ...
 
-3.8. tlscipherlist (string)
+3.8. cipher_suites (string)
 
    List of allowed cipher suites. See
    http://curl.haxx.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html for details
@@ -289,13 +293,13 @@ modparam("http_client", "tlscacert", "/var/certs/ca/edvina-sip-ca.pem")
    Default value is empty string, i.e. the default list of ciphers in
    libcurl will be used.
 
-   Example 1.8. Set tlscipherlist parameter
+   Example 1.8. Set cipher_suites parameter
 ...
-modparam("http_client", "tlscipherlist", "ecdhe_ecdsa_aes_128_gcm_sha_256,rsa_ae
-s_128_gcm_sha_256")
+modparam("http_client", "cipher_suites", "ecdhe_ecdsa_aes_128_gcm_sha_256,rsa_a
+es_128_gcm_sha_256")
 ...
 
-3.9. tlsverifypeer (int)
+3.9. verify_peer (int)
 
    If set to 0, TLS verification of the server certificate is disabled.
    This means that the connection will get encrypted, but there's no
@@ -309,12 +313,12 @@ s_128_gcm_sha_256")
    See the curl documentation for more details.
    http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
 
-   Example 1.9. Set tlsverifypeer parameter
+   Example 1.9. Set verify_peer parameter
 ...
-modparam("http_client", "tlsverifypeer", 1)
+modparam("http_client", "verify_peer", 1)
 ...
 
-3.10. tlsverifyhost (int)
+3.10. verify_host (int)
 
    If set to 0, domain verification of the server certificate is disabled.
    This means that the connection will get encrypted but there is no check
@@ -328,12 +332,33 @@ modparam("http_client", "tlsverifypeer", 1)
    See the curl documentation for more details.
    http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
 
-   Example 1.10. Set tlsverifyhost parameter
+   Example 1.10. Set verify_host parameter
 ...
-modparam("http_client", "tlsverifyhost", 2)
+modparam("http_client", "verify_host", 2)
 ...
 
-3.11. httpcon (string)
+3.11. tlsversion (int)
+
+   Sets the preferred TLS/SSL version.
+
+   Valid values are:
+     * 0 - Use libcurl default
+     * 1 - "TLSv1"
+     * 2 - "SSLv2"
+     * 3 - "SSLv3"
+     * 4 - "TLSv1.0"
+     * 5 - "TLSv1.1"
+     * 6 - "TLSv1.2"
+
+   SSL versions are now disabled by default. See the curl documentation
+   for more details. http://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
+
+   Example 1.11. Set tlsversion parameter
+...
+modparam("http_client", "tlsversion", 6)
+...
+
+3.12. httpcon (string)
 
    Defines a connection and credentials for the connection for use in a
    connection-oriented function call in this module.
@@ -349,30 +374,38 @@ modparam("http_client", "tlsverifyhost", 2)
    By default, no connections are defined.
 
    Parameters
-     * httpredirect Set to 1 for following HTTP 302 redirect. 0 to
-       disable. Default is the setting for the httpredirect modparam.
-     * maxdatasize The maximum datasize for a response. Overrides the
-       maxdatasize modparam setting.
-     * timeout Timeout used for this connection. Overrides the default
-       timeout for the module.
      * useragent Useragent used for HTTP requests. Overrides useragent
        modparam.
-     * verifypeer Set to 1 to enable or 0 to disable server certificate
-       verification. Overrides tlsverifypeer modparam.
-     * verifyhost Set to 2 to enable or 0 to disable server hostname
-       verification. Overrides tlsverifyhost modparam.
+     * verify_peer Set to 1 to enable or 0 to disable server certificate
+       verification. Overrides verify_peer modparam.
+     * verify_host Set to 2 to enable or 0 to disable server hostname
+       verification. Overrides verify_host modparam.
+     * client_cert Client certificate used for this connection. Overrides
+       the default client_cert modparam.
+     * client_key Client key used for this connection. Overrides the
+       default client_key modparam.
+     * cipher_suites Client certificate used for this connection.
+       Overrides the default cipher_suite modparam.
+     * timeout Timeout used for this connection. Overrides the default
+       connection_timeout for the module.
+     * tlsversion TLS version used for this connection. Overrides the
+       default tlsversion for the module.
+     * maxdatasize The maximum datasize for a response. Overrides the
+       maxdatasize modparam setting.
+     * httpredirect Set to 1 for following HTTP 302 redirect. 0 to
+       disable. Overrides the default httpredirect modparam.
 
-   Example 1.11. Set httpcon parameter
+   Example 1.12. Set httpcon parameter
 ...
 modparam("http_client", "httpcon", "apione=>http://atlanta.example.com")
 modparam("http_client", "httpcon", "apitwo=>http://atlanta.example.com/api/12")
-modparam("http_client", "httpcon", "apithree=>http://annabella:mysecret@atlanta.
-example.com/api/12")
-modparam("http_client", "httpcon", "apifour=>http://stockholm.example.com/api/ge
-tstuff;timeout=12")
+modparam("http_client", "httpcon", "apithree=>http://annabella:mysecret@atlanta
+.example.com/api/12")
+modparam("http_client", "httpcon", "apifour=>http://stockholm.example.com/api/g
+etstuff;timeout=12")
 ...
 
-3.12. config_file (string)
+3.13. config_file (string)
 
    The file name of a configuration file containing definitions of http
    connections. This is an alternative to the "httpcon" module parameter -
@@ -386,7 +419,8 @@ tstuff;timeout=12")
    /etc/kamailio/).
 
    The following parameters can be set in the config file, for each
-   connection:
+   connection. If a parameter is not specified, the default values set by
+   the modparams will be used.
      * url
      * username
      * password
@@ -396,7 +430,15 @@ tstuff;timeout=12")
      * verify_host
      * client_cert
      * client_key
-     * tlsversion
+     * cipher_suites
+     * tlsversion - Valid values are:
+          + "DEFAULT"
+          + "TLSv1"
+          + "SSLv22
+          + "SSLv3"
+          + "TLSv1.0"
+          + "TLSv1.1"
+          + "TLSv1.2"
      * timeout
      * maxdatasize
      * http_follow_redirect
@@ -411,17 +453,17 @@ tstuff;timeout=12")
    path and anything else a path relative to the directory of the current
    Kamailio main config file.
 
-   Example 1.12. Set config_file parameter
+   Example 1.13. Set config_file parameter
 ...
 modparam("http_client", "config_file", "httpconnections.cfg)
 ...
 
-   Example 1.13. Short http_client config file
+   Example 1.14. Short http_client config file
 [authapiserver]
 url = https://api.runbo.example.com/v4.2/auth
 timeout = 1
 maxdatasize = 4
-tlsversion = TLSv2
+tlsversion = TLSv1.2
 verify_peer = yes
 client_key = default_key.pem
 client_cert = default_cert.pem
@@ -432,7 +474,7 @@ http_follow_redirect = no
    4.1. http_connect(connection, url, [content_type, data,] result)
    4.2. http_client_query(url, [post-data], result)
 
-4.1. http_connect(connection, url, [content_type, data,] result)
+4.1.  http_connect(connection, url, [content_type, data,] result)
 
    Sends HTTP GET or POST request to a given connection. For a POST
    request, content-type can be specified.
@@ -454,32 +496,32 @@ http_follow_redirect = no
    This function can be used from REQUEST_ROUTE, ONREPLY_ROUTE,
    FAILURE_ROUTE, and BRANCH_ROUTE.
 
-   Example 1.14. http_connect() usage
+   Example 1.15. http_connect() usage
 ...
 modparam("http_client", "httpcon", "apiserver=>http://kamailio.org/api/");
 ...
 # POST Request
-$var(res) = http_connect("apiserver", "/mailbox", "application/json", "{ ok, {20
-0, ok}}", "$avp(gurka)");
-xlog("L_INFO", "API-server HTTP connection: $avp(gurka) Result code $var(res)\n"
-);
-
-$var(res) = http_connect("apiserver", "/callroute", "application/json", "$var(js
-ondata)", "$avp(route)");
-xlog("L_INFO", "API-server HTTP connection: $avp(route) Result code $var(res)\n"
-);
+$var(res) = http_connect("apiserver", "/mailbox", "application/json", "{ ok, {2
+00, ok}}", "$avp(gurka)");
+xlog("L_INFO", "API-server HTTP connection: $avp(gurka) Result code $var(res)\n
+");
+
+$var(res) = http_connect("apiserver", "/callroute", "application/json", "$var(j
+sondata)", "$avp(route)");
+xlog("L_INFO", "API-server HTTP connection: $avp(route) Result code $var(res)\n
+");
 ...
 
-4.2. http_client_query(url, [post-data], result)
+4.2.  http_client_query(url, [post-data], result)
 
-   Sends HTTP GET or POST request according to URL given in "url"
+   Sends HTTP GET or POST request according to URL given in “url�
    parameter, which is a string that may contain pseudo variables.
 
-   If you want to make a POST-Request, you have to define the "post"-data,
+   If you want to make a POST-Request, you have to define the “post�-data,
    that should be submitted in that request as the second parameter.
 
    If HTTP server returns a class 2xx, 3xx or 4xx reply, the first line of
-   the reply's body (if any) is stored in "result" parameter, which must
+   the reply's body (if any) is stored in “result� parameter, which must
    be a writable pseudo variable.
 
    Function returns reply code of HTTP reply or -1 if something went
@@ -492,11 +534,11 @@ xlog("L_INFO", "API-server HTTP connection: $avp(route) Result code $var(res)\n"
    utils module. It is changed to use the same base library and settings
    as the rest of the functions in this module.
 
-   Example 1.15. curl_http_query() usage
+   Example 1.16. curl_http_query() usage
 ...
 # GET-Request
-http_client_query("http://tutpro.com/index.php?r_uri=$(ru{s.escape.param})&f_uri
-=$(fu{s.escape.param})",
+http_client_query("http://tutpro.com/index.php?r_uri=$(ru{s.escape.param})&f_ur
+i=$(fu{s.escape.param})",
            "$var(result)")
 switch ($retcode) {
        ...
@@ -504,8 +546,8 @@ switch ($retcode) {
 ...
 ...
 # POST-Request
-http_client_query("http://tutpro.com/index.php", "r_uri=$(ru{s.escape.param})&f_
-uri=$(fu{s.escape.param})",
+http_client_query("http://tutpro.com/index.php", "r_uri=$(ru{s.escape.param})&f
+_uri=$(fu{s.escape.param})",
            "$var(result)")
 switch ($retcode) {
        ...
@@ -516,7 +558,7 @@ switch ($retcode) {
 
    5.1. $curlerror(error)
 
-5.1. $curlerror(error)
+5.1.  $curlerror(error)
 
    The cURL library returns error codes from the protocol used. If an
    error happens, a cURL specific error code below 100 is returned. The
@@ -541,15 +583,15 @@ switch ($retcode) {
    7.2. httpclient.connok
    7.3. httpclient.connfail
 
-7.1. httpclient.connections
+7.1.  httpclient.connections
 
    The number of connection definitions that are in-memory.
 
-7.2. httpclient.connok
+7.2.  httpclient.connok
 
    The number of successful connections since Kamailio start
 
-7.3. httpclient.connfail
+7.3.  httpclient.connfail
 
    The number of failed connections since Kamailio start
 
@@ -565,7 +607,7 @@ Chapter 2. Developer Guide
 
    1.1. http_client(name)
 
-1.1. http_client(name)
+1.1.  http_client(name)
 
    Text here
 

modules/http_client/curlcon.c

@@ -60,7 +60,7 @@ typedef struct raw_http_client_conn
 	str ciphersuites;
 	int verify_peer;
 	int verify_host;
-	int sslversion;
+	int tlsversion;
 	int timeout;
 	int maxdatasize;
 	int http_follow_redirect;
@@ -70,21 +70,32 @@ typedef struct raw_http_client_conn
 
 static raw_http_client_conn_t *raw_conn_list = NULL;
 
+static cfg_option_t tls_versions[] = {
+	{"DEFAULT",  .val = CURL_SSLVERSION_DEFAULT},
+	{"SSLv2",    .val = CURL_SSLVERSION_SSLv2},
+	{"SSLv3",    .val = CURL_SSLVERSION_SSLv3},
+	{"TLSv1",    .val = CURL_SSLVERSION_TLSv1},
+	{"TLSv1.0",  .val = CURL_SSLVERSION_TLSv1_0},
+	{"TLSv1.1",  .val = CURL_SSLVERSION_TLSv1_1},
+	{"TLSv1.2",  .val = CURL_SSLVERSION_TLSv1_2},
+	{0}
+};
+
 static cfg_option_t http_client_options[] = {
 	{"url",                  .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
 	{"username",             .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
 	{"password",             .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
 	{"failover",             .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
 	{"useragent",            .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
-	{"verify_peer",          .f = cfg_parse_int_opt},
-	{"verify_host",          .f = cfg_parse_int_opt},
+	{"verify_peer",          .f = cfg_parse_bool_opt},
+	{"verify_host",          .f = cfg_parse_bool_opt},
 	{"client_cert",          .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
 	{"client_key",           .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
-	{"cipher_list",          .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
-	{"sslversion",           .f = cfg_parse_int_opt},
+	{"cipher_suites",        .f = cfg_parse_str_opt, .flags = CFG_STR_PKGMEM},
+	{"tlsversion",           .f = cfg_parse_enum_opt, .param = tls_versions},
 	{"timeout",              .f = cfg_parse_int_opt},
 	{"maxdatasize",          .f = cfg_parse_int_opt},
-	{"http_follow_redirect", .f = cfg_parse_int_opt},
+	{"httpredirect",         .f = cfg_parse_bool_opt},
 	{0}
 };
 
@@ -166,7 +177,7 @@ int curl_parse_param(char *val)
 	unsigned int http_follow_redirect = default_http_follow_redirect;
 	unsigned int verify_peer = default_tls_verify_peer;
 	unsigned int verify_host = default_tls_verify_host;
-	unsigned int sslversion = default_tls_version;
+	unsigned int tlsversion = default_tls_version;
 
 	str in;
 	char *p;
@@ -349,50 +360,50 @@ int curl_parse_param(char *val)
 			} else if(pit->name.len==11 && strncmp(pit->name.s, "maxdatasize", 11)==0) {
 				if(str2int(&tok, &maxdatasize)!=0) {
 					/* Bad timeout */
-					LM_DBG("curl connection [%.*s]: timeout bad value. Using default\n", name.len, name.s);
+					LM_DBG("curl connection [%.*s]: maxdatasize bad value. Using default\n", name.len, name.s);
 					maxdatasize = default_maxdatasize;
 				}
-				LM_DBG("curl [%.*s] - timeout [%d]\n", pit->name.len, pit->name.s, maxdatasize);
-			} else if(pit->name.len==10 && strncmp(pit->name.s, "verifypeer", 10)==0) {
+				LM_DBG("curl [%.*s] - maxdatasize [%d]\n", pit->name.len, pit->name.s, maxdatasize);
+			} else if(pit->name.len==11 && strncmp(pit->name.s, "verify_peer", 11)==0) {
 				if(str2int(&tok, &verify_peer)!=0) {
 					/* Bad integer */
-					LM_DBG("curl connection [%.*s]: verifypeer bad value. Using default\n", name.len, name.s);
+					LM_DBG("curl connection [%.*s]: verify_peer bad value. Using default\n", name.len, name.s);
 					verify_peer = default_tls_verify_peer;
 				}
 				if (verify_peer != 0 && verify_peer != 1) {
-					LM_DBG("curl connection [%.*s]: verifypeer bad value. Using default\n", name.len, name.s);
+					LM_DBG("curl connection [%.*s]: verify_peer bad value. Using default\n", name.len, name.s);
 					verify_peer = default_tls_verify_peer;
 				}
-				LM_DBG("curl [%.*s] - verifypeer [%d]\n", pit->name.len, pit->name.s, verify_peer);
-			} else if(pit->name.len==10 && strncmp(pit->name.s, "verifyhost", 10)==0) {
+				LM_DBG("curl [%.*s] - verify_peer [%d]\n", pit->name.len, pit->name.s, verify_peer);
+			} else if(pit->name.len==11 && strncmp(pit->name.s, "verify_host", 11)==0) {
 				if(str2int(&tok, &verify_host)!=0) {
 					/* Bad integer */
-					LM_DBG("curl connection [%.*s]: verifyhost bad value. Using default\n", name.len, name.s);
+					LM_DBG("curl connection [%.*s]: verify_host bad value. Using default\n", name.len, name.s);
 					verify_host = default_tls_verify_host;
 				}
-				LM_DBG("curl [%.*s] - verifyhost [%d]\n", pit->name.len, pit->name.s, verify_host);
-			} else if(pit->name.len==10 && strncmp(pit->name.s, "sslversion", 10)==0) {
-				if(str2int(&tok, &sslversion)!=0) {
+				LM_DBG("curl [%.*s] - verify_host [%d]\n", pit->name.len, pit->name.s, verify_host);
+			} else if(pit->name.len==10 && strncmp(pit->name.s, "tlsversion", 10)==0) {
+				if(str2int(&tok, &tlsversion)!=0) {
 					/* Bad integer */
-					LM_DBG("curl connection [%.*s]: sslversion bad value. Using default\n", name.len, name.s);
-					sslversion = default_tls_version;
+					LM_DBG("curl connection [%.*s]: tlsversion bad value. Using default\n", name.len, name.s);
+					tlsversion = default_tls_version;
 				}
-				if (sslversion >= CURL_SSLVERSION_LAST) {
-					LM_DBG("curl connection [%.*s]: sslversion bad value. Using default\n", name.len, name.s);
-					sslversion = default_tls_version;
+				if (tlsversion >= CURL_SSLVERSION_LAST) {
+					LM_DBG("curl connection [%.*s]: tlsversion bad value. Using default\n", name.len, name.s);
+					tlsversion = default_tls_version;
 				}
-				LM_DBG("curl [%.*s] - sslversion [%d]\n", pit->name.len, pit->name.s, sslversion);
-			} else if(pit->name.len==10 && strncmp(pit->name.s, "clientcert", 10)==0) {
+				LM_DBG("curl [%.*s] - tlsversion [%d]\n", pit->name.len, pit->name.s, tlsversion);
+			} else if(pit->name.len==11 && strncmp(pit->name.s, "client_cert", 11)==0) {
 				client_cert = tok;
-				LM_DBG("curl [%.*s] - clientcert [%.*s]\n", pit->name.len, pit->name.s,
+				LM_DBG("curl [%.*s] - client_cert [%.*s]\n", pit->name.len, pit->name.s,
 						client_cert.len, client_cert.s);
-			} else if(pit->name.len==9 && strncmp(pit->name.s, "clientkey", 9)==0) {
+			} else if(pit->name.len==10 && strncmp(pit->name.s, "client_key", 10)==0) {
 				client_key = tok;
-				LM_DBG("curl [%.*s] - clientkey [%.*s]\n", pit->name.len, pit->name.s,
+				LM_DBG("curl [%.*s] - client_key [%.*s]\n", pit->name.len, pit->name.s,
 						client_key.len, client_key.s);
-			} else if(pit->name.len==12 && strncmp(pit->name.s, "ciphersuites", 12)==0) {
+			} else if(pit->name.len==13 && strncmp(pit->name.s, "cipher_suites", 13)==0) {
 				ciphersuites = tok;
-				LM_DBG("curl [%.*s] - ciphersuites [%.*s]\n", pit->name.len, pit->name.s,
+				LM_DBG("curl [%.*s] - cipher_suites [%.*s]\n", pit->name.len, pit->name.s,
 						ciphersuites.len, ciphersuites.s);
 			} else {
 				LM_ERR("curl Unknown parameter [%.*s] \n", pit->name.len, pit->name.s);
@@ -420,7 +431,7 @@ int curl_parse_param(char *val)
 	cc->clientcert = client_cert.s ? as_asciiz(&client_cert) : NULL;
 	cc->clientkey = client_key.s ? as_asciiz(&client_key) : NULL;
 	cc->ciphersuites = ciphersuites.s ? as_asciiz(&ciphersuites) : NULL;
-	cc->sslversion = sslversion;
+	cc->tlsversion = tlsversion;
 	cc->verify_peer = verify_peer;
 	cc->verify_host = verify_host;
 	cc->timeout = timeout;
@@ -428,10 +439,10 @@ int curl_parse_param(char *val)
 	cc->http_follow_redirect = http_follow_redirect;
 
 	LM_DBG("cname: [%.*s] url: [%.*s] username [%s] password [%s] failover [%.*s] timeout [%d] useragent [%s] maxdatasize [%d]\n", 
-			name.len, name.s, cc->url.len, cc->url.s, cc->username ? cc->username : "", cc->password ? cc->password : "",
+			cc->name.len, cc->name.s, cc->url.len, cc->url.s, cc->username ? cc->username : "", cc->password ? cc->password : "",
 			cc->failover.len, cc->failover.s, cc->timeout, cc->useragent, cc->maxdatasize);
-	LM_DBG("cname: [%.*s] client_cert [%s] client_key [%s] ciphersuites [%s] sslversion [%d] verify_peer [%d] verify_host [%d]\n",
-			name.len, name.s, cc->clientcert, cc->clientkey, cc->ciphersuites, cc->sslversion, cc->verify_peer, cc->verify_host);
+	LM_DBG("cname: [%.*s] client_cert [%s] client_key [%s] ciphersuites [%s] tlsversion [%d] verify_peer [%d] verify_host [%d]\n",
+			cc->name.len, cc->name.s, cc->clientcert, cc->clientkey, cc->ciphersuites, cc->tlsversion, cc->verify_peer, cc->verify_host);
 
 	return 0;
 
@@ -449,7 +460,7 @@ int curl_parse_conn(void *param, cfg_parser_t *parser, unsigned int flags)
 	str name	= STR_NULL;
 
 	raw_http_client_conn_t *raw_cc = NULL;
-	int ret;
+	int i, ret;
 	cfg_token_t t;
 
 	/* Get the name from the section header */
@@ -492,8 +503,11 @@ int curl_parse_conn(void *param, cfg_parser_t *parser, unsigned int flags)
 	raw_cc->maxdatasize = default_maxdatasize;
 	raw_cc->timeout	= default_connection_timeout;
 	raw_cc->http_follow_redirect = default_http_follow_redirect;
-	raw_cc->sslversion = default_tls_version;
+	raw_cc->tlsversion = default_tls_version;
 
+	for(i = 0; tls_versions[i].name; i++) {
+		tls_versions[i].param = &raw_cc->tlsversion;
+	}
 	http_client_options[0].param = &raw_cc->url;
 	http_client_options[1].param = &raw_cc->username;
 	http_client_options[2].param = &raw_cc->password;
@@ -504,7 +518,7 @@ int curl_parse_conn(void *param, cfg_parser_t *parser, unsigned int flags)
 	http_client_options[7].param = &raw_cc->clientcert;
 	http_client_options[8].param = &raw_cc->clientkey;
 	http_client_options[9].param = &raw_cc->ciphersuites;
-	http_client_options[10].param = &raw_cc->sslversion;
+	/* tlsversion is set using enum types */
 	http_client_options[11].param = &raw_cc->timeout;
 	http_client_options[12].param = &raw_cc->maxdatasize;
 	http_client_options[13].param = &raw_cc->http_follow_redirect;
@@ -561,7 +575,7 @@ int fixup_raw_http_client_conn_list(void)
 		cc->clientcert = raw_cc->clientcert.s ? as_asciiz(&raw_cc->clientcert) : NULL;
 		cc->clientkey = raw_cc->clientkey.s ? as_asciiz(&raw_cc->clientkey) : NULL;
 		cc->ciphersuites = raw_cc->ciphersuites.s ? as_asciiz(&raw_cc->ciphersuites) : NULL;
-		cc->sslversion = raw_cc->sslversion;
+		cc->tlsversion = raw_cc->tlsversion;
 		cc->verify_peer = raw_cc->verify_peer;
 		cc->verify_host = raw_cc->verify_host;
 		cc->timeout = raw_cc->timeout;
@@ -571,8 +585,8 @@ int fixup_raw_http_client_conn_list(void)
 		LM_DBG("cname: [%.*s] url: [%.*s] username [%s] password [%s] failover [%.*s] timeout [%d] useragent [%s] maxdatasize [%d]\n", 
 			cc->name.len, cc->name.s, cc->url.len, cc->url.s, cc->username ? cc->username : "", cc->password ? cc->password : "",
 			cc->failover.len, cc->failover.s, cc->timeout, cc->useragent, cc->maxdatasize);
-		LM_DBG("cname: [%.*s] client_cert [%s] client_key [%s] ciphersuites [%s] sslversion [%d] verify_peer [%d] verify_host [%d]\n",
-			cc->name.len, cc->name.s, cc->clientcert, cc->clientkey, cc->ciphersuites, cc->sslversion, cc->verify_peer, cc->verify_host);
+		LM_DBG("cname: [%.*s] client_cert [%s] client_key [%s] ciphersuites [%s] tlsversion [%d] verify_peer [%d] verify_host [%d]\n",
+			cc->name.len, cc->name.s, cc->clientcert, cc->clientkey, cc->ciphersuites, cc->tlsversion, cc->verify_peer, cc->verify_host);
 
 	}
 done:

modules/http_client/doc/http_client_admin.xml

@@ -155,8 +155,8 @@ modparam("http_client", "connection_timeout", 2)
 				</programlisting>
 			</example>
 		</section>
-		<section id="http_client.p.tlsclientcert">
-			<title><varname>tlsclientcert</varname> (string)</title>
+		<section id="http_client.p.client_cert">
+			<title><varname>client_cert</varname> (string)</title>
 			<para>
 			File name for a TLS client certificate. The certificate needs to be encoded
 			in PEM format.
@@ -166,20 +166,20 @@ modparam("http_client", "connection_timeout", 2)
 				Default value is empty string, i.e.
 				no client certificate used. Note that if
 				you specify a client cert, you also need to specify
-				the <varname>tlsclientkey</varname>.
+				the <varname>client_key</varname>.
 			</emphasis>
 			</para>
 			<example>
-			<title>Set <varname>tlsclientcert</varname> parameter</title>
+			<title>Set <varname>client_cert</varname> parameter</title>
 				<programlisting format="linespecific">
 ...
-modparam("http_client", "tlsclientcert", "/var/certs/sollentuna.example.com.cert")
+modparam("http_client", "client_cert", "/var/certs/sollentuna.example.com.cert")
 ...
 				</programlisting>
 			</example>
 		</section>
-		<section id="http_client.p.tlsclientkey">
-			<title><varname>tlsclientkey</varname> (string)</title>
+		<section id="http_client.p.client_key">
+			<title><varname>client_key</varname> (string)</title>
 			<para>
 			File name for a TLS client key. The key needs to be encoded
 			in PEM format.
@@ -189,20 +189,20 @@ modparam("http_client", "tlsclientcert", "/var/certs/sollentuna.example.com.cert
 				Default value is empty string, i.e.
 				no client certificate or key is used. Note that if
 				you specify a client key, you also need to specify
-				the <varname>tlsclientcert</varname>.
+				the <varname>client_cert</varname>.
 			</emphasis>
 			</para>
 			<example>
-			<title>Set <varname>tlsclientkey</varname> parameter</title>
+			<title>Set <varname>client_key</varname> parameter</title>
 				<programlisting format="linespecific">
 ...
-modparam("http_client", "tlsclientkey", "/var/certs/sollentuna.example.com.key")
+modparam("http_client", "client_key", "/var/certs/sollentuna.example.com.key")
 ...
 				</programlisting>
 			</example>
 		</section>
-		<section id="http_client.p.tlscacert">
-			<title><varname>tlscacert</varname> (string)</title>
+		<section id="http_client.p.cacert">
+			<title><varname>cacert</varname> (string)</title>
 			<para>
 			File name for the trusted TLS CA cert used to verify servers.
 			The certificates need to be encoded in PEM format.
@@ -217,16 +217,16 @@ modparam("http_client", "tlsclientkey", "/var/certs/sollentuna.example.com.key")
 			</emphasis>
 			</para>
 			<example>
-			<title>Set <varname>tlscacert</varname> parameter</title>
+			<title>Set <varname>cacert</varname> parameter</title>
 				<programlisting format="linespecific">
 ...
-modparam("http_client", "tlscacert", "/var/certs/ca/edvina-sip-ca.pem")
+modparam("http_client", "cacert", "/var/certs/ca/edvina-sip-ca.pem")
 ...
 				</programlisting>
 			</example>
 		</section>
-		<section id="http_client.p.tlscipherlist">
-			<title><varname>tlscipherlist</varname> (string)</title>
+		<section id="http_client.p.cipher_suites">
+			<title><varname>cipher_suites</varname> (string)</title>
 			<para>
 			List of allowed cipher suites.
 			See http://curl.haxx.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html for details
@@ -239,16 +239,16 @@ modparam("http_client", "tlscacert", "/var/certs/ca/edvina-sip-ca.pem")
 			</emphasis>
 			</para>
 			<example>
-			<title>Set <varname>tlscipherlist</varname> parameter</title>
+			<title>Set <varname>cipher_suites</varname> parameter</title>
 				<programlisting format="linespecific">
 ...
-modparam("http_client", "tlscipherlist", "ecdhe_ecdsa_aes_128_gcm_sha_256,rsa_aes_128_gcm_sha_256")
+modparam("http_client", "cipher_suites", "ecdhe_ecdsa_aes_128_gcm_sha_256,rsa_aes_128_gcm_sha_256")
 ...
 				</programlisting>
 			</example>
 		</section>
-		<section id="http_client.p.tlsverifypeer">
-			<title><varname>tlsverifypeer</varname> (int)</title>
+		<section id="http_client.p.verify_peer">
+			<title><varname>verify_peer</varname> (int)</title>
 			<para>
 			If set to 0, TLS verification of the server certificate
 			is disabled. This means that the connection will get 
@@ -266,16 +266,16 @@ modparam("http_client", "tlscipherlist", "ecdhe_ecdsa_aes_128_gcm_sha_256,rsa_ae
 			http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
 			</para>
 			<example>
-			<title>Set <varname>tlsverifypeer</varname> parameter</title>
+			<title>Set <varname>verify_peer</varname> parameter</title>
 				<programlisting format="linespecific">
 ...
-modparam("http_client", "tlsverifypeer", 1)
+modparam("http_client", "verify_peer", 1)
 ...
 				</programlisting>
 			</example>
 		</section>
-		<section id="http_client.p.tlsverifyhost">
-			<title><varname>tlsverifyhost</varname> (int)</title>
+		<section id="http_client.p.verify_host">
+			<title><varname>verify_host</varname> (int)</title>
 			<para>
 			If set to 0, domain verification of the server certificate
 			is disabled. This means that the connection will get 
@@ -292,10 +292,41 @@ modparam("http_client", "tlsverifypeer", 1)
 			http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
 			</para>
 			<example>
-			<title>Set <varname>tlsverifyhost</varname> parameter</title>
+			<title>Set <varname>verify_host</varname> parameter</title>
 				<programlisting format="linespecific">
 ...
-modparam("http_client", "tlsverifyhost", 2)
+modparam("http_client", "verify_host", 2)
+...
+				</programlisting>
+			</example>
+		</section>
+		<section id="http_client.p.tlsversion">
+			<title><varname>tlsversion</varname> (int)</title>
+			<para>
+			Sets the preferred TLS/SSL version.
+			</para>
+			<para>
+			Valid values are:
+				<itemizedlist>
+				<listitem><para>0 - Use libcurl default</para></listitem>
+				<listitem><para>1 - "TLSv1"</para></listitem>
+				<listitem><para>2 - "SSLv2"</para></listitem>
+				<listitem><para>3 - "SSLv3"</para></listitem>
+				<listitem><para>4 - "TLSv1.0"</para></listitem>
+				<listitem><para>5 - "TLSv1.1"</para></listitem>
+				<listitem><para>6 - "TLSv1.2"</para></listitem>
+				</itemizedlist>
+			</para>
+			<para>
+			SSL versions are now disabled by default.
+			See the curl documentation for more details.
+			http://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
+			</para>
+			<example>
+			<title>Set <varname>tlsversion</varname> parameter</title>
+				<programlisting format="linespecific">
+...
+modparam("http_client", "tlsversion", 6)
 ...
 				</programlisting>
 			</example>
@@ -323,30 +354,46 @@ modparam("http_client", "tlsverifyhost", 2)
 			Parameters
 			<itemizedlist>
 				<listitem><para>
-				<emphasis>httpredirect</emphasis> Set to 1 for following HTTP 302
-				redirect. 0 to disable. Default is the setting for the httpredirect modparam.
+				<emphasis>useragent</emphasis> Useragent used for HTTP requests. Overrides
+				useragent modparam.
 				</para></listitem>
 				<listitem><para>
-				<emphasis>maxdatasize</emphasis> The maximum datasize for a response. Overrides
-				the maxdatasize modparam setting.
+				<emphasis>verify_peer</emphasis> Set to 1 to enable or 0 to disable server
+				certificate verification.
+				Overrides verify_peer modparam.
+				</para></listitem>
+				<listitem><para>
+				<emphasis>verify_host</emphasis> Set to 2 to enable or 0 to disable server
+				hostname verification.
+				Overrides verify_host modparam.
+				</para></listitem>
+				<listitem><para>
+				<emphasis>client_cert</emphasis> Client certificate used for this connection.
+				Overrides the default client_cert modparam.
+				</para></listitem>
+				<listitem><para>
+				<emphasis>client_key</emphasis> Client key used for this connection.
+				Overrides the default client_key modparam.
+				</para></listitem>
+				<listitem><para>
+				<emphasis>cipher_suites</emphasis> Client certificate used for this connection.
+				Overrides the default cipher_suite modparam.
 				</para></listitem>
 				<listitem><para>
 				<emphasis>timeout</emphasis> Timeout used for this connection. Overrides the 
-				default timeout for the module.
+				default connection_timeout for the module.
 				</para></listitem>
 				<listitem><para>
-				<emphasis>useragent</emphasis> Useragent used for HTTP requests. Overrides
-				useragent modparam.
+				<emphasis>tlsversion</emphasis> TLS version used for this connection. Overrides the 
+				default tlsversion for the module.
 				</para></listitem>
 				<listitem><para>
-				<emphasis>verifypeer</emphasis> Set to 1 to enable or 0 to disable server
-				certificate verification.
-				Overrides tlsverifypeer modparam.
+				<emphasis>maxdatasize</emphasis> The maximum datasize for a response. Overrides
+				the maxdatasize modparam setting.
 				</para></listitem>
 				<listitem><para>
-				<emphasis>verifyhost</emphasis> Set to 2 to enable or 0 to disable server
-				hostname verification.
-				Overrides tlsverifyhost modparam.
+				<emphasis>httpredirect</emphasis> Set to 1 for following HTTP 302
+				redirect. 0 to disable. Overrides the default httpredirect modparam.
 				</para></listitem>
 			</itemizedlist>
 			</para>
@@ -371,41 +418,53 @@ modparam("http_client", "httpcon", "apifour=>http://stockholm.example.com/api/ge
 			options per line gets too big.
 			</para>
 			<para>
-                	If the file or directory name starts with a '.' the path will be relative to the
-                	working directory (<emphasis>at runtime</emphasis>). If it starts
-                	with a '/' it will be an absolute path and if it starts with anything
-                	else the path will be relative to the main config file directory
-                	(e.g.: for kamailio -f /etc/kamailio/kamailio.cfg it will be relative to /etc/kamailio/).
-        		</para>
-			<para>
-                		The following parameters can be set in the config file, for each connection:
-        		</para>
-        		<itemizedlist>
-                        	<listitem><para>url</para></listitem>
-                        	<listitem><para>username</para></listitem>
-                        	<listitem><para>password</para></listitem>
-                        	<listitem><para>failover</para></listitem>
-                        	<listitem><para>useragent</para></listitem>
-                        	<listitem><para>verify_peer</para></listitem>
-                        	<listitem><para>verify_host</para></listitem>
-                        	<listitem><para>client_cert</para></listitem>
-                        	<listitem><para>client_key</para></listitem>
-                        	<listitem><para>tlsversion</para></listitem>
-                        	<listitem><para>timeout</para></listitem>
-                        	<listitem><para>maxdatasize</para></listitem>
-                        	<listitem><para>http_follow_redirect</para></listitem>
-        		</itemizedlist>
+			If the file or directory name starts with a '.' the path will be relative to the
+			working directory (<emphasis>at runtime</emphasis>). If it starts
+			with a '/' it will be an absolute path and if it starts with anything
+			else the path will be relative to the main config file directory
+			(e.g.: for kamailio -f /etc/kamailio/kamailio.cfg it will be relative to /etc/kamailio/).
+			</para>
+			<para>
+				The following parameters can be set in the config file, for each connection.
+				If a parameter is not specified, the default values set by the modparams will be used.
+			</para>
+			<itemizedlist>
+				<listitem><para>url</para></listitem>
+				<listitem><para>username</para></listitem>
+				<listitem><para>password</para></listitem>
+				<listitem><para>failover</para></listitem>
+				<listitem><para>useragent</para></listitem>
+				<listitem><para>verify_peer</para></listitem>
+				<listitem><para>verify_host</para></listitem>
+				<listitem><para>client_cert</para></listitem>
+				<listitem><para>client_key</para></listitem>
+				<listitem><para>cipher_suites</para></listitem>
+				<listitem><para>tlsversion - Valid values are:</para>
+				<itemizedlist>
+				<listitem><para>"DEFAULT"</para></listitem>
+				<listitem><para>"TLSv1"</para></listitem>
+				<listitem><para>"SSLv22</para></listitem>
+				<listitem><para>"SSLv3"</para></listitem>
+				<listitem><para>"TLSv1.0"</para></listitem>
+				<listitem><para>"TLSv1.1"</para></listitem>
+				<listitem><para>"TLSv1.2"</para></listitem>
+				</itemizedlist>
+				</listitem>
+				<listitem><para>timeout</para></listitem>
+				<listitem><para>maxdatasize</para></listitem>
+				<listitem><para>http_follow_redirect</para></listitem>
+			</itemizedlist>
 			See the "httpcon" module parameter for explanation of these settings.
-        		<para>
-                	By default no config file is specified.
-        		</para>
+			<para>
+			By default no config file is specified.
+			</para>
  			<para>
-                	All the parameters that take filenames as values will be resolved
-                	using the same rules as for the tls config filename itself: starting
-                	with a '.' means relative to the working directory, a '/' means an
-                	absolute path and  anything else a path relative to the directory of
-                	the current &kamailio; main config file.
-        		</para>
+			All the parameters that take filenames as values will be resolved
+			using the same rules as for the tls config filename itself: starting
+			with a '.' means relative to the working directory, a '/' means an
+			absolute path and  anything else a path relative to the directory of
+			the current &kamailio; main config file.
+			</para>
 			<example>
 			<title>Set <varname>config_file</varname> parameter</title>
 				<programlisting format="linespecific">
@@ -415,20 +474,20 @@ modparam("http_client", "config_file", "httpconnections.cfg)
 				</programlisting>
 			</example>
 			<example>
-                	<title>Short http_client config file</title>
-        <programlisting>
+			<title>Short http_client config file</title>
+	<programlisting>
 [authapiserver]
 url = https://api.runbo.example.com/v4.2/auth
 timeout = 1
 maxdatasize = 4 
-tlsversion = TLSv2
+tlsversion = TLSv1.2
 verify_peer = yes
 client_key = default_key.pem
 client_cert = default_cert.pem
 http_follow_redirect = no
 
-        </programlisting>
-        </example>
+	</programlisting>
+	</example>
 
 		</section>
 	</section>
@@ -444,31 +503,31 @@ http_follow_redirect = no
 			POST request, content-type can be specified.
 	    	        </para>
 			<itemizedlist>
-                		<listitem>
-                        		<para>
-                                		<emphasis>connection</emphasis> - the name of an existing
+				<listitem>
+					<para>
+						<emphasis>connection</emphasis> - the name of an existing
 						HTTP connection, definied by a httpcon modparam.
 					</para>
-                        		<para>
-                                		<emphasis>url</emphasis> - the part of the URL to add to the
+					<para>
+						<emphasis>url</emphasis> - the part of the URL to add to the
 						predefined URL in the connection definition.
 					</para>
-                        		<para>
-                                		<emphasis>content_type</emphasis> - Used only when posting
+					<para>
+						<emphasis>content_type</emphasis> - Used only when posting
 						data with HTTP POST. An Internet Media type, like
 						"application/json" or "text/plain". Will be added to the
 						HTTP request as a header.
 					</para>
-                        		<para>
-                                		<emphasis>data</emphasis> - Data or a pseudo variable holding
+					<para>
+						<emphasis>data</emphasis> - Data or a pseudo variable holding
 						data to be posted.
 					</para>
-                        		<para>
-                                		<emphasis>result</emphasis> - The name of a pseudo variable that
+					<para>
+						<emphasis>result</emphasis> - The name of a pseudo variable that
 						will have the data of the response from the HTTP server.
 					</para>
-                		</listitem>
-                	</itemizedlist>
+				</listitem>
+			</itemizedlist>
 			<para>
 			The return value is the HTTP return code (if >=100) or the
 			CURL error code if below 100. See the $curlerror pseudovariable
@@ -532,7 +591,7 @@ xlog("L_INFO", "API-server HTTP connection: $avp(route) Result code $var(res)\n"
 ...
 # GET-Request
 http_client_query("http://tutpro.com/index.php?r_uri=$(ru{s.escape.param})&amp;f_uri=$(fu{s.escape.param})",
-           "$var(result)")
+	   "$var(result)")
 switch ($retcode) {
        ...
 }
@@ -542,7 +601,7 @@ switch ($retcode) {
 ...
 # POST-Request
 http_client_query("http://tutpro.com/index.php", "r_uri=$(ru{s.escape.param})&amp;f_uri=$(fu{s.escape.param})",
-           "$var(result)")
+	   "$var(result)")
 switch ($retcode) {
        ...
 }
@@ -567,7 +626,7 @@ switch ($retcode) {
 		</section>
 	</section>
 	<section>
-        <title>RPC Commands</title>
+	<title>RPC Commands</title>
 		<section>
 			<title><function moreinfo="none">httpclient.listcon</function></title>
 			<para>

modules/http_client/functions.c

@@ -55,7 +55,7 @@ typedef struct {
     char *clientkey;
     char *cacert;
     char *ciphersuites;
-    unsigned int sslversion;
+    unsigned int tlsversion;
     unsigned int verify_peer;
     unsigned int verify_host;
     unsigned int timeout;
@@ -172,8 +172,8 @@ static int curL_query_url(struct sip_msg* _m, const char* _url, str* _dst, const
         res |= curl_easy_setopt(curl, CURLOPT_CAINFO, params->cacert);
     }
 
-    if (params->sslversion != CURL_SSLVERSION_DEFAULT) {
-        res |= curl_easy_setopt(curl, CURLOPT_SSLVERSION, (long) params->sslversion);
+    if (params->tlsversion != CURL_SSLVERSION_DEFAULT) {
+        res |= curl_easy_setopt(curl, CURLOPT_SSLVERSION, (long) params->tlsversion);
     }
 
     if (params->ciphersuites != NULL) {
@@ -359,7 +359,7 @@ int curl_con_query_url(struct sip_msg* _m, const str *connection, const str* url
 	query_params.clientkey = conn->clientkey;
 	query_params.cacert = default_tls_cacert;
 	query_params.ciphersuites = conn->ciphersuites;
-	query_params.sslversion = conn->sslversion;
+	query_params.tlsversion = conn->tlsversion;
 	query_params.verify_peer = conn->verify_peer;
 	query_params.verify_host = conn->verify_host;
 	query_params.timeout = conn->timeout;
@@ -400,7 +400,7 @@ int http_query(struct sip_msg* _m, char* _url, str* _dst, char* _post)
 	query_params.clientkey = NULL;
 	query_params.cacert = NULL;
 	query_params.ciphersuites = NULL;
-	query_params.sslversion = default_tls_version;
+	query_params.tlsversion = default_tls_version;
 	query_params.verify_peer = default_tls_verify_peer;
 	query_params.verify_host = default_tls_verify_host;
 	query_params.timeout = default_connection_timeout;

modules/http_client/http_client.c

@@ -141,13 +141,13 @@ static cmd_export_t cmds[] = {
 static param_export_t params[] = {
     	{"connection_timeout", PARAM_INT, &default_connection_timeout},
 	{"httpcon",  PARAM_STRING|USE_FUNC_PARAM, (void*)curl_con_param},
-	{"tlscacert", PARAM_STRING,  &default_tls_cacert },
-	{"tlsclientcert", PARAM_STR, &default_tls_clientcert },
-	{"tlsclientkey", PARAM_STR, &default_tls_clientkey },
-	{"tlscipherlist", PARAM_STR, &default_cipher_suite_list },
+	{"cacert", PARAM_STRING,  &default_tls_cacert },
+	{"client_cert", PARAM_STR, &default_tls_clientcert },
+	{"client_key", PARAM_STR, &default_tls_clientkey },
+	{"cipher_suites", PARAM_STR, &default_cipher_suite_list },
 	{"tlsversion", PARAM_INT, &default_tls_version },
-	{"tlsverifypeer", PARAM_INT, &default_tls_verify_peer },
-	{"tlsverifyhost", PARAM_INT, &default_tls_verify_host },
+	{"verify_peer", PARAM_INT, &default_tls_verify_peer },
+	{"verify_host", PARAM_INT, &default_tls_verify_host },
 	{"httpproxyport", PARAM_INT, &default_http_proxy_port },
 	{"httpproxy", PARAM_STRING, &default_http_proxy},
 	{"httpredirect", PARAM_INT, &default_http_follow_redirect },

modules/http_client/http_client.h

@@ -77,7 +77,7 @@ typedef struct _curl_con
 	char *clientcert;		/*!< File name of CA client cert */
 	char *clientkey;		/*!< File name of CA client key */
 	char *ciphersuites;		/*!< List of allowed cipher suites */
-	unsigned int sslversion;	/*!< SSL/TLS version to use */
+	unsigned int tlsversion;	/*!< SSL/TLS version to use */
 	unsigned int verify_peer;	/*!< TRUE if server cert to be verified */
 	unsigned int verify_host;	/*!< TRUE if server CN/SAN to be verified */
 	int http_follow_redirect;	/*!< TRUE if we should follow HTTP 302 redirects */