Merge etc/ of kamailio svn into sip-router/etc

* '/etc' of kamailio svn: (42 commits)
  - 2 fixes in commented examples
  - call nat detection route (reported by Mark Sidell)
  - Improved RR section in default config file: record_route() just for INVITE and SUBSCRIBE (credits to Jon Bonilla)
  - small spelling fix
  - updated with more examples
  - the example of arming other event routes for INVITE commentted
  - uri module has been merged in siputils
  - default config also need pv
  - renaming
  - rename openser.cfg -> kamailio.cfg
  - renaming scripts part 1
  - revert commit as this don't work for installation where radius is
  - disable radius support in the default config for the acc module, as
  - spelling fix, accouting -> accounting
  - examples set to default values
  - update default config after db name change
  - turn debugging off
  - fix ACK handling
  - fix in-dialog SUBSCRIBE routing
  - fix error in default config that prevents the server start
  ...

etc/dictionary.radius

@@ -0,0 +1,49 @@
+#
+# $Id$
+#
+# SIP RADIUS attributes
+#
+# Proprietary indicates an attribute that hasn't
+# been standardized
+#
+#
+# NOTE: All standard (IANA registered) attributes are 
+#       defined in the default dictionary of the 
+#       radiusclient-ng library.
+#
+
+
+#### Attributes ###
+ATTRIBUTE Sip-Uri-User         208  string     # Proprietary, auth_radius
+ATTRIBUTE Sip-Group            211  string     # Proprietary, group_radius
+ATTRIBUTE Sip-Rpid             213  string     # Proprietary, auth_radius
+ATTRIBUTE SIP-AVP              225  string     # Proprietary, avp_radius
+
+### Acct-Status-Type Values ###
+#VALUE Acct-Status-Type   Failed           15   # RFC2866, acc
+
+### Service-Type Values ###
+#VALUE Service-Type       Call-Check       10   # RFC2865, uri_radius
+VALUE Service-Type       Group-Check      12   # Proprietary, group_radius
+##VALUE Service-Type       Sip-Session      15   # Schulzrinne, acc, auth_radius
+VALUE Service-Type       SIP-Caller-AVPs  30   # Proprietary, avp_radius
+VALUE Service-Type       SIP-Callee-AVPs  31   # Proprietary, avp_radius
+
+### Sip-Method Values ###
+VALUE Sip-Method         Undefined      0
+VALUE Sip-Method         Invite         1
+VALUE Sip-Method         Cancel         2
+VALUE Sip-Method         Ack            4
+VALUE Sip-Method         Bye            8
+VALUE Sip-Method         Info           16
+VALUE Sip-Method         Options        32
+VALUE Sip-Method         Update         64
+VALUE Sip-Method         Register       128
+VALUE Sip-Method         Message        256
+VALUE Sip-Method         Subscribe      512
+VALUE Sip-Method         Notify         1024
+VALUE Sip-Method         Prack          2048
+VALUE Sip-Method         Refer          4096
+VALUE Sip-Method         Other          8192
+
+

etc/kamailio.cfg

@@ -0,0 +1,545 @@
+#
+# $Id$
+#
+# Kamailio (OpenSER) SIP Server - basic configuration script
+#     - web: http://www.kamailio.org
+#     - svn: http://openser.svn.sourceforge.net/viewvc/openser/
+#
+# Direct your questions about this file to: <[email protected]>
+#
+# Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
+# for an explanation of possible statements, functions and parameters.
+#
+# There are comments showing how to enable different features in th econfig
+# file. Such commented code starts with #X# where X is a letter to identify
+# a feature. Delete entire #X# if you want to enable that feature. Next are
+# sed commands that help you enable such features.
+#
+# *** To enamble mysql execute:
+#     sed -i 's/#m#//g' kamailio.cfg
+#
+# *** To enamble authentication execute:
+#     - enable mysql
+#     sed -i 's/#a#//g' kamailio.cfg
+#     - add users using 'kamctl'
+#
+# *** To enamble persistent user location execute:
+#     - enable mysql
+#     sed -i 's/#u#//g' kamailio.cfg
+#
+# *** To enamble presence server execute:
+#     - enable mysql
+#     sed -i 's/#p#//g' kamailio.cfg
+#
+# *** To enamble nat traversal execute:
+#     sed -i 's/#n#//g' kamailio.cfg
+#     - install RTPProxy: http://www.rtpproxy.org
+#     - start RTPProxy:
+#        rtpproxy -l _your_public_ip_ -s udp:localhost:7722
+#
+# *** To enhance accounting execute:
+#     - enable mysql
+#     sed -i 's/#c#//g' kamailio.cfg
+#     - add following columns to database
+# ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
+# ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
+# ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
+# ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE missed_call ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
+# ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
+#
+
+
+####### Global Parameters #########
+
+debug=3
+log_stderror=no
+log_facility=LOG_LOCAL0
+
+fork=yes
+children=4
+
+/* uncomment the following lines to enable debugging */
+#debug=6
+#fork=no
+#log_stderror=yes
+
+/* uncomment the next line to disable TCP (default on) */
+#disable_tcp=yes
+
+/* uncomment the next line to enable the auto temporary blacklisting of 
+   not available destinations (default disabled) */
+#disable_dns_blacklist=no
+
+/* uncomment the next line to enable IPv6 lookup after IPv4 dns 
+   lookup failures (default disabled) */
+#dns_try_ipv6=yes
+
+/* uncomment the next line to disable the auto discovery of local aliases
+   based on revers DNS on IPs (default on) */
+#auto_aliases=no
+
+/* uncomment the following lines to enable TLS support  (default off) */
+#disable_tls = no
+#listen = tls:your_IP:5061
+#tls_verify_server = 1
+#tls_verify_client = 1
+#tls_require_client_certificate = 0
+#tls_method = TLSv1
+#tls_certificate = "/usr/local/etc/kamailio/tls/user/user-cert.pem"
+#tls_private_key = "/usr/local/etc/kamailio/tls/user/user-privkey.pem"
+#tls_ca_list     = "/usr/local/etc/kamailio/tls/user/user-calist.pem"
+
+
+port=5060
+
+/* uncomment and configure the following line if you want Kamailio to 
+   bind on a specific interface/port/proto (default bind on all available) */
+#listen=udp:192.168.1.2:5060
+
+
+####### Modules Section ########
+
+#set module path
+mpath="/usr/local/lib/kamailio/modules/"
+
+/* uncomment next line for MySQL DB support */
+#m#loadmodule "db_mysql.so"
+loadmodule "mi_fifo.so"
+loadmodule "sl.so"
+loadmodule "tm.so"
+loadmodule "rr.so"
+loadmodule "pv.so"
+loadmodule "maxfwd.so"
+loadmodule "usrloc.so"
+loadmodule "registrar.so"
+loadmodule "textops.so"
+loadmodule "uri_db.so"
+loadmodule "siputils.so"
+loadmodule "xlog.so"
+loadmodule "acc.so"
+/* uncomment next lines for MySQL based authentication support 
+   NOTE: a DB (like db_mysql) module must be also loaded */
+#a#loadmodule "auth.so"
+#a#loadmodule "auth_db.so"
+/* uncomment next line for aliases support
+   NOTE: a DB (like db_mysql) module must be also loaded */
+#loadmodule "alias_db.so"
+/* uncomment next line for multi-domain support
+   NOTE: a DB (like db_mysql) module must be also loaded
+   NOTE: be sure and enable multi-domain support in all used modules
+         (see "multi-module params" section ) */
+#loadmodule "domain.so"
+/* uncomment the next two lines for presence server support
+   NOTE: a DB (like db_mysql) module must be also loaded */
+#p#loadmodule "presence.so"
+#p#loadmodule "presence_xml.so"
+
+#n#loadmodule "nathelper.so"
+
+# ----------------- setting module-specific parameters ---------------
+
+
+# ----- mi_fifo params -----
+modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
+
+
+# ----- rr params -----
+# add value to ;lr param to cope with most of the UAs
+modparam("rr", "enable_full_lr", 1)
+# do not append from tag to the RR (no need for this script)
+modparam("rr", "append_fromtag", 0)
+
+
+# ----- rr params -----
+modparam("registrar", "method_filtering", 1)
+/* uncomment the next line to disable parallel forking via location */
+# modparam("registrar", "append_branches", 0)
+/* uncomment the next line not to allow more than 10 contacts per AOR */
+#modparam("registrar", "max_contacts", 10)
+
+
+# ----- uri_db params -----
+/* by default we disable the DB support in the module as we do not need it
+   in this configuration */
+modparam("uri_db", "use_uri_table", 0)
+modparam("uri_db", "db_url", "")
+
+
+# ----- acc params -----
+/* what sepcial events should be accounted ? */
+modparam("acc", "early_media", 1)
+modparam("acc", "report_ack", 1)
+modparam("acc", "report_cancels", 1)
+/* by default ww do not adjust the direct of the sequential requests.
+   if you enable this parameter, be sure the enable "append_fromtag"
+   in "rr" module */
+modparam("acc", "detect_direction", 0)
+/* account triggers (flags) */
+modparam("acc", "failed_transaction_flag", 3)
+modparam("acc", "log_flag", 1)
+modparam("acc", "log_missed_flag", 2)
+modparam("acc", "log_extra", 
+	"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
+/* uncomment the following lines to enable DB accounting also */
+#c#modparam("acc", "db_flag", 1)
+#c#modparam("acc", "db_missed_flag", 2)
+#c#modparam("acc", "db_url",
+#c#	"mysql://openser:openserrw@localhost/openser")
+#c#modparam("acc", "db_extra",
+#c#	"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
+
+
+# ----- usrloc params -----
+/* uncomment the following lines if you want to enable DB persistency
+   for location entries */
+#u#modparam("usrloc", "db_mode",   2)
+#u#modparam("usrloc", "db_url",
+#u#	"mysql://openser:openserrw@localhost/openser")
+
+# ----- auth_db params -----
+/* uncomment the following lines if you want to enable the DB based
+   authentication */
+#a#modparam("auth_db", "calculate_ha1", yes)
+#a#modparam("auth_db", "password_column", "password")
+#a#modparam("auth_db", "db_url",
+#a#	"mysql://openser:openserrw@localhost/openser")
+#a#modparam("auth_db", "load_credentials", "")
+
+
+# ----- alias_db params -----
+/* uncomment the following lines if you want to enable the DB based
+   aliases */
+#modparam("alias_db", "db_url",
+#	"mysql://openser:openserrw@localhost/openser")
+
+
+# ----- domain params -----
+/* uncomment the following lines to enable multi-domain detection
+   support */
+#modparam("domain", "db_url",
+#	"mysql://openser:openserrw@localhost/openser")
+#modparam("domain", "db_mode", 1)   # Use caching
+
+
+# ----- multi-module params -----
+/* uncomment the following line if you want to enable multi-domain support
+   in the modules (dafault off) */
+#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
+
+
+# ----- presence params -----
+/* uncomment the following lines if you want to enable presence */
+#p#modparam("presence|presence_xml", "db_url",
+#p#	"mysql://openser:openserrw@localhost/openser")
+#p#modparam("presence_xml", "force_active", 1)
+#p#modparam("presence", "server_address", "sip:192.168.1.2:5060")
+
+# -- nathelper
+#n#modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7722")
+#n#modparam("nathelper", "natping_interval", 30)
+#n#modparam("nathelper", "ping_nated_only", 1)
+#n#modparam("nathelper", "sipping_bflag", 7)
+#n#modparam("nathelper", "sipping_from", "sip:[email protected]")
+#n#modparam("registrar|nathelper", "received_avp", "$avp(i:80)")
+#n#modparam("usrloc", "nat_bflag", 6)
+
+####### Routing Logic ########
+
+
+# main request routing logic
+
+route{
+
+	if (!mf_process_maxfwd_header("10")) {
+		sl_send_reply("483","Too Many Hops");
+		exit;
+	}
+
+	# NAT detection
+	route(4);
+
+	if (has_totag()) {
+		# sequential request withing a dialog should
+		# take the path determined by record-routing
+		if (loose_route()) {
+			if (is_method("BYE")) {
+				setflag(1); # do accounting ...
+				setflag(3); # ... even if the transaction fails
+			}
+			route(1);
+		} else {
+			if (is_method("SUBSCRIBE") && uri == myself) {
+				# in-dialog subscribe requests
+				route(2);
+				exit;
+			}
+			if ( is_method("ACK") ) {
+				if ( t_check_trans() ) {
+					# non loose-route, but stateful ACK; must be an ACK after a 487 or e.g. 404 from upstream server
+					t_relay();
+					exit;
+				} else {
+					# ACK without matching transaction ... ignore and discard.\n");
+					exit;
+				}
+			}
+			sl_send_reply("404","Not here");
+		}
+		exit;
+	}
+
+	#initial requests
+
+	# CANCEL processing
+	if (is_method("CANCEL"))
+	{
+		if (t_check_trans())
+			t_relay();
+		exit;
+	}
+
+	t_check_trans();
+
+	# authentication
+	route(3);
+
+	# record routing for dialog forming requests (in case they are routed)
+	if (is_method("INVITE|SUBSCRIBE"))
+		record_route();
+
+	# account only INVITEs
+	if (is_method("INVITE")) {
+		setflag(1); # do accounting
+	}
+	if (!uri==myself)
+	/* replace with following line if multi-domain support is used */
+	##if (!is_uri_host_local())
+	{
+		append_hf("P-hint: outbound\r\n"); 
+		# if you have some interdomain connections via TLS
+		##if($rd=="tls_domain1.net") {
+		##	t_relay("tls:domain1.net");
+		##	exit;
+		##} else if($rd=="tls_domain2.net") {
+		##	t_relay("tls:domain2.net");
+		##	exit;
+		##}
+		route(1);
+	}
+
+	# requests for my domain
+
+	if( is_method("PUBLISH|SUBSCRIBE"))
+		route(2);
+
+	if (is_method("REGISTER"))
+	{
+		if (!save("location"))
+			sl_reply_error();
+
+		exit;
+	}
+
+	if ($rU==NULL) {
+		# request with no Username in RURI
+		sl_send_reply("484","Address Incomplete");
+		exit;
+	}
+
+	# apply DB based aliases (uncomment to enable)
+	##alias_db_lookup("dbaliases");
+
+	if (!lookup("location")) {
+		switch ($retcode) {
+			case -1:
+			case -3:
+				t_newtran();
+				t_reply("404", "Not Found");
+				exit;
+			case -2:
+				sl_send_reply("405", "Method Not Allowed");
+				exit;
+		}
+	}
+
+	# when routing via usrloc, log the missed calls also
+	setflag(2);
+
+	route(1);
+}
+
+
+route[1] {
+#n#	if (check_route_param("nat=yes")) {
+#n#		setbflag(6);
+#n#	}
+#n#	if (isflagset(5) || isbflagset(6)) {
+#n#		route(5);
+#n#	}
+
+	/* example how to enable some additional event routes */
+	if (is_method("INVITE")) {
+		#t_on_branch("1");
+		t_on_reply("1");
+		t_on_failure("1");
+	}
+
+	if (!t_relay()) {
+		sl_reply_error();
+	}
+	exit;
+}
+
+
+# Presence route
+/* uncomment the whole following route for enabling presence server */
+route[2]
+{
+#p#	if (!t_newtran())
+#p#	{
+#p#		sl_reply_error();
+#p#		exit;
+#p#	};
+#p#
+#p#	if(is_method("PUBLISH"))
+#p#	{
+#p#		handle_publish();
+#p#		t_release();
+#p#	}
+#p#	else
+#p#	if( is_method("SUBSCRIBE"))
+#p#	{
+#p#		handle_subscribe();
+#p#		t_release();
+#p#	}
+#p#	exit;
+	
+	# if presence enabled, this part will not be executed
+	if (is_method("PUBLISH") || $rU==null)
+	{
+		sl_send_reply("404", "Not here");
+		exit;
+	}
+	return;
+}
+
+# Authentication route
+/* uncomment the whole following route for enabling authentication */
+route[3] {
+#a#	if (is_method("REGISTER"))
+#a#	{
+#a#		# authenticate the REGISTER requests (uncomment to enable auth)
+#a#		if (!www_authorize("", "subscriber"))
+#a#		{
+#a#			www_challenge("", "0");
+#a#			exit;
+#a#		}
+#a#
+#a#		if ($au!=$tU) 
+#a#		{
+#a#			sl_send_reply("403","Forbidden auth ID");
+#a#			exit;
+#a#		}
+#a#	} else {
+#a#		# authenticate if from local subscriber (uncomment to enable auth)
+#a#		if (from_uri==myself)
+#a#		{
+#a#			if (!proxy_authorize("", "subscriber")) {
+#a#				proxy_challenge("", "0");
+#a#				exit;
+#a#			}
+#a#			if (is_method("PUBLISH"))
+#a#			{
+#a#				if ($au!=$tU) {
+#a#					sl_send_reply("403","Forbidden auth ID");
+#a#					exit;
+#a#				}
+#a#			} else {
+#a#				if ($au!=$fU) {
+#a#					sl_send_reply("403","Forbidden auth ID");
+#a#					exit;
+#a#				}
+#a#			}
+#a#
+#a#			consume_credentials();
+#a#			# caller authenticated
+#a#		}
+#a#	}
+	return;
+}
+
+# Caller NAT detection route
+/* uncomment the whole following route for enabling Caller NAT Detection */
+route[4]{
+#n#	force_rport();
+#n#	if (nat_uac_test("19")) {
+#n#		if (method=="REGISTER") {
+#n#			fix_nated_register();
+#n#		} else {
+#n#			fix_nated_contact();
+#n#		}
+#n#		setflag(5);
+#n#	}
+	return;
+}
+
+# RTPProxy control
+/* uncomment the whole following route for enabling RTPProxy Control */
+route[5] {
+#n#	if (is_method("BYE")) {
+#n#		unforce_rtp_proxy();
+#n#	} else if (is_method("INVITE")){
+#n#		force_rtp_proxy();
+#n#	}
+#n#	if (!has_totag()) add_rr_param(";nat=yes");
+	return;
+}
+
+branch_route[1] {
+	xdbg("new branch at $ru\n");
+}
+
+
+onreply_route[1] {
+	xdbg("incoming reply\n");
+
+#n#	if ((isflagset(5) || isbflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
+#n#		force_rtp_proxy();
+#n#	}
+#n#	if (isbflagset(6)) {
+#n#		fix_nated_contact();
+#n#	}
+}
+
+
+failure_route[1] {
+#n#	if (is_method("INVITE")
+#n#			&& (isbflagset(6) || isflagset(5))) {
+#n#		unforce_rtp_proxy();
+#n#	}
+
+	if (t_was_cancelled()) {
+		exit;
+	}
+
+	# uncomment the following lines if you want to block client 
+	# redirect based on 3xx replies.
+	##if (t_check_status("3[0-9][0-9]")) {
+	##t_reply("404","Not found");
+	##	exit;
+	##}
+
+	# uncomment the following lines if you want to redirect the failed 
+	# calls to a different new destination
+	##if (t_check_status("486|408")) {
+	##	sethostport("192.168.2.100:5060");
+	##	append_branch();
+	##	# do not set the missed call flag again
+	##	t_relay();
+	##}
+}

etc/tls/README

@@ -0,0 +1,22 @@
+
+
+This directory contains an already generated TLS certificate that can be
+used in your OpenSER configuration. It's a generic certificate with the 
+main purpose of serving as example and for testings.
+
+IMPORTANT: it's not a trustable certificate - the CA is also an example.
+
+All TLS configuration file may be found in "user" directory. If you want to
+generate your own certificate, you may find in the "rootCA" directory the 
+root CA to sign your request with. Use "kamctl tls userCERT" command to
+create a new certificate; the rootCA password is "openser".
+
+What is the purpose of these default CA and certificate? First to make an 
+out-of-the box TLS configuration for users not so familiar with SSL/TLS.
+Second, to give access to the same CA root to a large community in order to
+encourage testings and interconnections via TLS with minimum of troubles.
+
+For any questions, please address to :
+	[email protected] (if you want to keep your question private)
+	[email protected] (public mailing list)
+

etc/tls/ca.conf

@@ -0,0 +1,88 @@
+#
+# Default configuration to use  when one
+# is not provided on the command line.
+#
+[ ca ]
+default_ca = local_ca
+
+
+#
+# Default location  of  directories  and
+# files needed to generate certificates.
+#
+[ local_ca ]
+dir              = ./rootCA
+certificate      = $dir/cacert.pem
+database         = $dir/index.txt
+new_certs_dir    = $dir/certs
+private_key      = $dir/private/cakey.pem
+serial           = $dir/serial
+
+
+#
+# Default   expiration   and  encryption
+# policies for certificates.
+#
+default_crl_days = 365
+default_days     = 1825
+default_md       = sha1
+
+policy = local_ca_policy
+x509_extensions = local_ca_extensions
+
+
+#
+# Default policy to use  when generating
+# server   certificates.  The  following
+# fields  must  be defined in the server
+# certificate.
+#
+[ local_ca_policy ]
+commonName             = supplied
+stateOrProvinceName    = supplied
+countryName            = supplied
+emailAddress           = supplied
+organizationName       = supplied
+organizationalUnitName = supplied
+
+
+#
+# x509 extensions to use when generating
+# server certificates.
+#
+[ local_ca_extensions ]
+#subjectAltName      = DNS:altname.somewhere.com
+basicConstraints    = CA:false
+nsCertType          = server
+
+
+#
+# The   default   policy   to  use  when
+# generating the root certificate.
+#
+[ req ]
+default_bits        = 2048
+default_keyfile     = ./private/cakey.pem
+default_md          = sha1
+
+prompt              = no
+distinguished_name  = root_ca_distinguished_name
+x509_extensions     = root_ca_extensions
+
+
+#
+# Root  Certificate  Authority   distin-
+# guished name.  Changes these fields to
+# your local environment.
+#
+[ root_ca_distinguished_name ]
+commonName          = Your_NAME          # please update
+stateOrProvinceName = Your_STATE         # please update
+countryName         = CO                 # please update
+emailAddress        = YOUR_EMAIL         # please update
+organizationName    = YOUR_ORG_NAME      # please update
+
+[ root_ca_extensions ]
+basicConstraints    = CA:true
+subjectAltName      = email:copy
+issuerAltName       = issuer:copy

etc/tls/request.conf

@@ -0,0 +1,58 @@
+#
+# Default configuration to use  when one
+# is not provided on the command line.
+#
+[ ca ]
+default_ca     = CA_request
+
+
+#
+# Default location  of  directories  and
+# files needed to generate certificates.
+#
+[ CA_request ]
+dir            = ./rootCA
+database       = $dir/index.txt
+new_certs_dir  = $dir/certs
+
+certificate    = $dir/cacert.pem
+serial         = $dir/serial
+private_key    = $dir/private/cakey.pem
+
+
+#
+# Default   expiration   and  encryption
+# policies for certificates.
+#
+default_days     = 365
+default_crl_days = 1825
+default_md       = sha1
+
+policy           = req_policy
+
+
+#
+# Information to be moved from 
+# request to the certificate
+#
+nameopt          = ca_default
+certopt          = ca_default
+copy_extensions  = copy
+x509_extensions     = cert_extensions
+
+
+#
+# The   default   policy   to  use  when
+# generating the certificate.
+#
+[ req_policy ]
+countryName            = supplied
+stateOrProvinceName    = optional
+organizationName       = supplied
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = supplied
+
+[ cert_extensions ]
+basicConstraints    = CA:false
+

etc/tls/rootCA/cacert.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIJAIajPSGooWsRMA0GCSqGSIb3DQEBBQUAMGQxEDAOBgNV
+BAMTB09wZW5TRVIxDDAKBgNVBAgTA1NJUDELMAkGA1UEBhMCSVAxHzAdBgkqhkiG
+9w0BCQEWEHRlYW1Ab3BlbnNlci5vcmcxFDASBgNVBAoTC29wZW5zZXIub3JnMB4X
+DTA1MTAyODE5MDk0NFoXDTA2MTAyODE5MDk0NFowZDEQMA4GA1UEAxMHT3BlblNF
+UjEMMAoGA1UECBMDU0lQMQswCQYDVQQGEwJJUDEfMB0GCSqGSIb3DQEJARYQdGVh
+bUBvcGVuc2VyLm9yZzEUMBIGA1UEChMLb3BlbnNlci5vcmcwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCtOHaQSReSuBpet7hGSJtAtqoKzPYpYdoIijiw
+9tlB/ODBFWjz583MKJuUxIWt7cqnUheBNgBGvrtZYVB6bUxjyTS4m3g8NrrIcWuw
+ASTYqYWRmdWbiyLraC6MeoNd8fUG50kbfZa6fh/pkBzZDQb/4Z1cfqIEJ4VpVTLO
+CRDreGNfTmG1BREtX+DnzGiKKpGCJVUs/ffX+pTViVC9Y9TDwinJyV9fdtwtI42U
+pAxJA+iiG1oOTuk5yjxKOkxKlHju4DIKND3XnPriU3cjdh/93XhMQDxb/jNZhL6R
+Y/XhcEsS567ZL3VMUw2VxaDiA+exjAaS/wA8b/rHR8af8+svAgMBAAGjSjBIMAwG
+A1UdEwQFMAMBAf8wGwYDVR0RBBQwEoEQdGVhbUBvcGVuc2VyLm9yZzAbBgNVHRIE
+FDASgRB0ZWFtQG9wZW5zZXIub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAabH/C3EiJ
+1Dc3uq9KlF7hp2OODAI4928Yy6+pzcbppGoOhAzmDaEoXmlhIMomgeoD031rsESg
++WNavXs2IFCD0U4ocpCa7L0AKDYr8U+5lUtEi7DzXYkqNW17TB+HxkaQVdzvhGrh
++R3WasX0AIc+inxvgkXgzjm5M6IyRUE0FK3wDcACNfnjrDzzXVvdccrM0ZpCFr5T
+NWJjQYpGcqDB1HDXVBMPFxQ7XyqKOTOgDCMh4J9g9Ye8eL8uukKJx1eEjHoG4RbM
+uQmCYQcCWO0Z/oqiI0FObzsZigf8Xoi9GjK2RjdPEukG3QOflnAm7IjPOLMGzFBn
+peqgBkp+jZv5
+-----END CERTIFICATE-----

etc/tls/rootCA/certs/01.pem

@@ -0,0 +1,56 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: CN=OpenSER, ST=SIP, C=IP/[email protected], O=openser.org
+        Validity
+            Not Before: Oct 28 19:16:29 2005 GMT
+            Not After : Oct 28 19:16:29 2006 GMT
+        Subject: C=IP, ST=SIP, O=OpenSER project, OU=OpenSER TLS tester, CN=OpenSER/[email protected]
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:b6:13:f8:54:99:2a:c3:39:2d:fa:b0:5a:cc:4d:
+                    ca:8b:d0:53:9d:c9:59:ce:17:1e:ba:0a:8e:82:eb:
+                    9b:c2:69:33:93:3a:b1:68:aa:da:40:bd:de:b5:6f:
+                    c2:5e:99:72:59:f4:68:75:4c:01:05:94:1b:ba:1d:
+                    f2:bb:10:67:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha1WithRSAEncryption
+        3d:41:b5:28:a4:10:c7:c8:de:29:6f:2e:ed:a8:30:28:2f:9e:
+        3c:a9:95:c4:df:73:7b:2e:1c:51:84:a2:bd:ff:56:94:6f:5b:
+        ac:e2:8f:77:31:74:82:29:8d:e7:a8:c7:da:14:7d:6c:62:dc:
+        2f:2e:70:0c:eb:53:67:fa:1b:0a:e5:e8:58:41:5e:dd:84:3d:
+        3d:22:c2:c3:b5:69:e5:11:86:2a:a6:4c:f3:07:98:00:f5:cf:
+        c8:f1:ea:a3:62:f6:40:ef:08:74:93:de:5b:f2:dc:01:dc:0f:
+        2a:81:e3:03:56:d1:ef:ca:22:fc:18:29:4f:b0:45:b1:d0:30:
+        6b:63:1b:72:ef:9d:ae:bf:ef:b3:0d:fa:39:49:25:48:46:6d:
+        68:a1:12:7a:23:1e:ba:53:8e:a5:a2:38:8e:3b:0f:df:b1:b6:
+        1e:61:69:80:57:c1:f1:8d:62:69:e0:85:e9:6b:e0:10:4d:37:
+        b0:3e:98:cc:b5:b5:ea:db:2f:a2:02:51:85:27:1d:65:74:2e:
+        e3:f4:1f:0c:52:3e:f8:86:6b:50:f1:38:1d:23:97:53:3c:84:
+        03:4e:25:a0:66:3a:16:aa:94:77:f2:c8:65:db:ce:c7:0d:c2:
+        44:7a:8e:af:ee:c5:bc:4e:aa:2f:29:c5:02:33:ea:c7:78:76:
+        02:d4:b4:ca
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMRAwDgYDVQQDEwdPcGVu
+U0VSMQwwCgYDVQQIEwNTSVAxCzAJBgNVBAYTAklQMR8wHQYJKoZIhvcNAQkBFhB0
+ZWFtQG9wZW5zZXIub3JnMRQwEgYDVQQKEwtvcGVuc2VyLm9yZzAeFw0wNTEwMjgx
+OTE2MjlaFw0wNjEwMjgxOTE2MjlaMIGFMQswCQYDVQQGEwJJUDEMMAoGA1UECBMD
+U0lQMRgwFgYDVQQKEw9PcGVuU0VSIHByb2plY3QxGzAZBgNVBAsTEk9wZW5TRVIg
+VExTIHRlc3RlcjEQMA4GA1UEAxMHT3BlblNFUjEfMB0GCSqGSIb3DQEJARYQdGVh
+bUBvcGVuc2VyLm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC2E/hUmSrDOS36
+sFrMTcqL0FOdyVnOFx66Co6C65vCaTOTOrFoqtpAvd61b8JemXJZ9Gh1TAEFlBu6
+HfK7EGfXAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD1B
+tSikEMfI3ilvLu2oMCgvnjyplcTfc3suHFGEor3/VpRvW6zij3cxdIIpjeeox9oU
+fWxi3C8ucAzrU2f6Gwrl6FhBXt2EPT0iwsO1aeURhiqmTPMHmAD1z8jx6qNi9kDv
+CHST3lvy3AHcDyqB4wNW0e/KIvwYKU+wRbHQMGtjG3Lvna6/77MN+jlJJUhGbWih
+EnojHrpTjqWiOI47D9+xth5haYBXwfGNYmnghelr4BBNN7A+mMy1terbL6ICUYUn
+HWV0LuP0HwxSPviGa1DxOB0jl1M8hANOJaBmOhaqlHfyyGXbzscNwkR6jq/uxbxO
+qi8pxQIz6sd4dgLUtMo=
+-----END CERTIFICATE-----

etc/tls/rootCA/index.txt

@@ -0,0 +1 @@
+V	061028191629Z		01	unknown	/C=IP/ST=SIP/O=OpenSER project/OU=OpenSER TLS tester/CN=OpenSER/[email protected]

etc/tls/rootCA/private/cakey.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4FF5A11F3774B0A0
+
+55A4nhjLcx9PgAAnxRoYwkzCtM1D/2Rb3cLtUo6GTG8E+RzsKgo9PIZDDSDJAy9k
+39UXsC69C7jxmqP7oBQgU8M15yAKQwX9zIsi82tRb/oh58f331fK3vtCzvZrJCwQ
+5ZWUcmLCrtxVoDj2N9pItB3OizHcUYGmPVxhwWzLyA0Wnq5/EScVaIVEEUQUHZtU
+3iJCTUkgc8tFDsFAXEyfO9Y5MabQ3AKSYBgUklGJs0+4facYyCgfYWDwuoanxveQ
+2XIVtv2dcV0WOklGA/G+2tfwtRa0G0GBl4Jf49/bv2fONrhGX4KE4aJb7jp8LTZA
+nFokO8L/OPHQQDatZ4r9gqIJMzY8uMtzRdkccZvV+xecDieZ6PN4MW36s/AzMp3q
+oS72x413GSlDOLlrmDyy7NWo81yD5aYUCgoW6QOOtDCMwFGIJ+lEbt7vPasVp0GJ
+Qpsni2Kz7knpjZJHoAyARfm7rPX9Dsk60A16Up9/4LHyy2vsNfD8uXwRcYSTx3nF
+d5ClZYtwQp88cfe2qK2L5pegN+YoghXukE191OruZ3cU/ialPqGHefHTd46JyWsZ
+k1k0IxXwyAyLbWcFRJ0IKogYK/p/Jz2vAggGS/4utH6OWPkDObo6mclKO3nQk/AK
+YGtcAvbN+MOB9US6v/gqHSbh3FvjKtdeSdzkgOqJD0v9sYoshk9XlAcMKljPAqxt
+QuFlsNC221z9jpIPVWDoHiufVtuX2/qif0cYhy0T3ey1crgZ1Wf5Xt2VxRk8xCGs
+FN5bOmpQcFHhEAmeBS0/cRTM+P0RZ0qLoJUWgedxF9UHweNgpu/JgE8ReF7xIfbV
+OHi2ZEziydYuqAQaLi5rDditDJVz+8lnH9k8qWk9WKbFE+Oz/7i5/f10t+062aC2
+0pTg6dptI/X49p0TWuxrI/UTqQjreauTaNaR32pOZlKuCWngtcxLTg/XGfTahsLN
+EUKEdQk4T/2OzCICwStkwlayjs+O2osNEE2n79e9IxPG/L7KzWA4RF6dwuJ2Zh5J
+8xF/dAiL9C7EBIOQsPxLpjqQUUipedophsndkR5ADP4R3a97d2ZVsk6N0gGMfXHH
+6UghbSAcDQ3xj1eSBXYmb2cq36A0g6j3B9Clkh0yO07H7C6jlHeUbGw/5uaa69pX
+H9kyPDpPP/sJ26jIBDCC1hzWX2v3/wl7CZRBgf9OQ6lY3x1Mk6eQbxW+G0itI5T2
+MNWV0ae8Nr+vAi9OVmVUo3s0D2kUGtMRXC0ECwJUhXq68GDfLUy9y0ixeVrLnkix
+P1OHIu7VLawDvhWx+qQJRI6i0apAEWPTw+A9DiiwtrmILDTQJJWDHky+lja3zkt1
+heVVfeSuyPeS/EgzQgN2kkpr+3ZgNcLSRuKpFdpN2olSyxXt+fRcTj0kluZqJkBn
+7UpojLvzl6ODLZvIYFhHPrlZGVPer+YyuEQGt8Ni4NgFooJmOhzNlUOMQtEvo3kO
+lsll1jPUGO/5TIxoteHepTT/2nLhlbd2g6xsMNEMqqzmH/Q7OnLknI8IVE7AjkEv
+u138yr3yQfdZ+Q9/KDL9RICy/swCZct/dyIhZ6u6NGun2v6Kzzb3lw==
+-----END RSA PRIVATE KEY-----

etc/tls/rootCA/serial

@@ -0,0 +1 @@
+02

etc/tls/user.conf

@@ -0,0 +1,16 @@
+#
+# LocalServer.conf
+#
+
+[ req ]
+prompt = no
+distinguished_name = server_distinguished_name
+
+[ server_distinguished_name ]
+commonName             = somename.somewhere.com               # please update
+stateOrProvinceName    = Some State                           # please update
+countryName            = XY                                   # please update
+emailAddress           = [email protected]          # please update
+organizationName       = My Large Organization Name           # please update
+organizationalUnitName = My Subunit of Large Organization     # please update
+

etc/tls/user/user-calist.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIJAIajPSGooWsRMA0GCSqGSIb3DQEBBQUAMGQxEDAOBgNV
+BAMTB09wZW5TRVIxDDAKBgNVBAgTA1NJUDELMAkGA1UEBhMCSVAxHzAdBgkqhkiG
+9w0BCQEWEHRlYW1Ab3BlbnNlci5vcmcxFDASBgNVBAoTC29wZW5zZXIub3JnMB4X
+DTA1MTAyODE5MDk0NFoXDTA2MTAyODE5MDk0NFowZDEQMA4GA1UEAxMHT3BlblNF
+UjEMMAoGA1UECBMDU0lQMQswCQYDVQQGEwJJUDEfMB0GCSqGSIb3DQEJARYQdGVh
+bUBvcGVuc2VyLm9yZzEUMBIGA1UEChMLb3BlbnNlci5vcmcwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCtOHaQSReSuBpet7hGSJtAtqoKzPYpYdoIijiw
+9tlB/ODBFWjz583MKJuUxIWt7cqnUheBNgBGvrtZYVB6bUxjyTS4m3g8NrrIcWuw
+ASTYqYWRmdWbiyLraC6MeoNd8fUG50kbfZa6fh/pkBzZDQb/4Z1cfqIEJ4VpVTLO
+CRDreGNfTmG1BREtX+DnzGiKKpGCJVUs/ffX+pTViVC9Y9TDwinJyV9fdtwtI42U
+pAxJA+iiG1oOTuk5yjxKOkxKlHju4DIKND3XnPriU3cjdh/93XhMQDxb/jNZhL6R
+Y/XhcEsS567ZL3VMUw2VxaDiA+exjAaS/wA8b/rHR8af8+svAgMBAAGjSjBIMAwG
+A1UdEwQFMAMBAf8wGwYDVR0RBBQwEoEQdGVhbUBvcGVuc2VyLm9yZzAbBgNVHRIE
+FDASgRB0ZWFtQG9wZW5zZXIub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAabH/C3EiJ
+1Dc3uq9KlF7hp2OODAI4928Yy6+pzcbppGoOhAzmDaEoXmlhIMomgeoD031rsESg
++WNavXs2IFCD0U4ocpCa7L0AKDYr8U+5lUtEi7DzXYkqNW17TB+HxkaQVdzvhGrh
++R3WasX0AIc+inxvgkXgzjm5M6IyRUE0FK3wDcACNfnjrDzzXVvdccrM0ZpCFr5T
+NWJjQYpGcqDB1HDXVBMPFxQ7XyqKOTOgDCMh4J9g9Ye8eL8uukKJx1eEjHoG4RbM
+uQmCYQcCWO0Z/oqiI0FObzsZigf8Xoi9GjK2RjdPEukG3QOflnAm7IjPOLMGzFBn
+peqgBkp+jZv5
+-----END CERTIFICATE-----

etc/tls/user/user-cert.pem

@@ -0,0 +1,56 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: CN=OpenSER, ST=SIP, C=IP/[email protected], O=openser.org
+        Validity
+            Not Before: Oct 28 19:16:29 2005 GMT
+            Not After : Oct 28 19:16:29 2006 GMT
+        Subject: C=IP, ST=SIP, O=OpenSER project, OU=OpenSER TLS tester, CN=OpenSER/[email protected]
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:b6:13:f8:54:99:2a:c3:39:2d:fa:b0:5a:cc:4d:
+                    ca:8b:d0:53:9d:c9:59:ce:17:1e:ba:0a:8e:82:eb:
+                    9b:c2:69:33:93:3a:b1:68:aa:da:40:bd:de:b5:6f:
+                    c2:5e:99:72:59:f4:68:75:4c:01:05:94:1b:ba:1d:
+                    f2:bb:10:67:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha1WithRSAEncryption
+        3d:41:b5:28:a4:10:c7:c8:de:29:6f:2e:ed:a8:30:28:2f:9e:
+        3c:a9:95:c4:df:73:7b:2e:1c:51:84:a2:bd:ff:56:94:6f:5b:
+        ac:e2:8f:77:31:74:82:29:8d:e7:a8:c7:da:14:7d:6c:62:dc:
+        2f:2e:70:0c:eb:53:67:fa:1b:0a:e5:e8:58:41:5e:dd:84:3d:
+        3d:22:c2:c3:b5:69:e5:11:86:2a:a6:4c:f3:07:98:00:f5:cf:
+        c8:f1:ea:a3:62:f6:40:ef:08:74:93:de:5b:f2:dc:01:dc:0f:
+        2a:81:e3:03:56:d1:ef:ca:22:fc:18:29:4f:b0:45:b1:d0:30:
+        6b:63:1b:72:ef:9d:ae:bf:ef:b3:0d:fa:39:49:25:48:46:6d:
+        68:a1:12:7a:23:1e:ba:53:8e:a5:a2:38:8e:3b:0f:df:b1:b6:
+        1e:61:69:80:57:c1:f1:8d:62:69:e0:85:e9:6b:e0:10:4d:37:
+        b0:3e:98:cc:b5:b5:ea:db:2f:a2:02:51:85:27:1d:65:74:2e:
+        e3:f4:1f:0c:52:3e:f8:86:6b:50:f1:38:1d:23:97:53:3c:84:
+        03:4e:25:a0:66:3a:16:aa:94:77:f2:c8:65:db:ce:c7:0d:c2:
+        44:7a:8e:af:ee:c5:bc:4e:aa:2f:29:c5:02:33:ea:c7:78:76:
+        02:d4:b4:ca
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMRAwDgYDVQQDEwdPcGVu
+U0VSMQwwCgYDVQQIEwNTSVAxCzAJBgNVBAYTAklQMR8wHQYJKoZIhvcNAQkBFhB0
+ZWFtQG9wZW5zZXIub3JnMRQwEgYDVQQKEwtvcGVuc2VyLm9yZzAeFw0wNTEwMjgx
+OTE2MjlaFw0wNjEwMjgxOTE2MjlaMIGFMQswCQYDVQQGEwJJUDEMMAoGA1UECBMD
+U0lQMRgwFgYDVQQKEw9PcGVuU0VSIHByb2plY3QxGzAZBgNVBAsTEk9wZW5TRVIg
+VExTIHRlc3RlcjEQMA4GA1UEAxMHT3BlblNFUjEfMB0GCSqGSIb3DQEJARYQdGVh
+bUBvcGVuc2VyLm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC2E/hUmSrDOS36
+sFrMTcqL0FOdyVnOFx66Co6C65vCaTOTOrFoqtpAvd61b8JemXJZ9Gh1TAEFlBu6
+HfK7EGfXAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD1B
+tSikEMfI3ilvLu2oMCgvnjyplcTfc3suHFGEor3/VpRvW6zij3cxdIIpjeeox9oU
+fWxi3C8ucAzrU2f6Gwrl6FhBXt2EPT0iwsO1aeURhiqmTPMHmAD1z8jx6qNi9kDv
+CHST3lvy3AHcDyqB4wNW0e/KIvwYKU+wRbHQMGtjG3Lvna6/77MN+jlJJUhGbWih
+EnojHrpTjqWiOI47D9+xth5haYBXwfGNYmnghelr4BBNN7A+mMy1terbL6ICUYUn
+HWV0LuP0HwxSPviGa1DxOB0jl1M8hANOJaBmOhaqlHfyyGXbzscNwkR6jq/uxbxO
+qi8pxQIz6sd4dgLUtMo=
+-----END CERTIFICATE-----

etc/tls/user/user-cert_req.pem

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBQDCB6wIBADCBhTEQMA4GA1UEAxMHT3BlblNFUjEMMAoGA1UECBMDU0lQMQsw
+CQYDVQQGEwJJUDEfMB0GCSqGSIb3DQEJARYQdGVhbUBvcGVuc2VyLm9yZzEYMBYG
+A1UEChMPT3BlblNFUiBwcm9qZWN0MRswGQYDVQQLExJPcGVuU0VSIFRMUyB0ZXN0
+ZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAthP4VJkqwzkt+rBazE3Ki9BTnclZ
+zhceugqOguubwmkzkzqxaKraQL3etW/CXplyWfRodUwBBZQbuh3yuxBn1wIDAQAB
+oAAwDQYJKoZIhvcNAQEFBQADQQA0mFBhg/bbxznLbLcc2nQo0022x0HeT3Qxl0lm
+SlIvfG2YphvBYuc54HFjqHfRNrmckAVoSrVpEpcVXSO/g+L6
+-----END CERTIFICATE REQUEST-----

etc/tls/user/user-privkey.pem

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALYT+FSZKsM5LfqwWsxNyovQU53JWc4XHroKjoLrm8JpM5M6sWiq
+2kC93rVvwl6Zcln0aHVMAQWUG7od8rsQZ9cCAwEAAQJBALCEy8u4cmyxkpHnRx+q
+iyLg5S+jdR0H7RIQCfmC0Y63LFIAsXasHQorV83r2br4eRRaeU87CsVLXdBUjvbe
+ywECIQDaq7ojtDBTGhNKILZ9CBOTk18jDdHgTJAC7ZpGvdGt+QIhANUpE9j5JWqA
+kIcR55eSJXmjoKB1IGnTz0kaMB/8B3hPAiEAw0351IXNW4vAisao9wdNpNNNd5uS
+RklbnqHk1yYWrtECIEXqi1AHqHYeZUloXgYhMZmMSgtXX6JWjw7zQAW9rNWRAiBe
+Xmwo0k9fY/KawVSsnY4rgYqk6PDWK98jl5/x/veDZA==
+-----END RSA PRIVATE KEY-----