|
@@ -63,6 +63,7 @@ Olle E. Johansson
|
|
|
9.30. renegotiation (boolean)
|
|
9.30. renegotiation (boolean)
|
|
|
9.31. config (string)
|
|
9.31. config (string)
|
|
|
9.32. xavp_cfg (string)
|
|
9.32. xavp_cfg (string)
|
|
|
|
|
+ 9.33. event_callback (str)
|
|
|
|
|
|
|
|
10. Functions
|
|
10. Functions
|
|
|
|
|
|
|
@@ -80,6 +81,10 @@ Olle E. Johansson
|
|
|
12.1. License
|
|
12.1. License
|
|
|
12.2. History
|
|
12.2. History
|
|
|
|
|
|
|
|
|
|
+ 13. Event Routes
|
|
|
|
|
+
|
|
|
|
|
+ 13.1. event_route[tls:connection-out]
|
|
|
|
|
+
|
|
|
List of Examples
|
|
List of Examples
|
|
|
|
|
|
|
|
1.1. Quick start config
|
|
1.1. Quick start config
|
|
@@ -125,7 +130,9 @@ Olle E. Johansson
|
|
|
1.41. Set config parameter
|
|
1.41. Set config parameter
|
|
|
1.42. Change and reload the TLS configuration at runtime
|
|
1.42. Change and reload the TLS configuration at runtime
|
|
|
1.43. Set xavp_cfg parameter
|
|
1.43. Set xavp_cfg parameter
|
|
|
- 1.44. is_peer_verified usage
|
|
|
|
|
|
|
+ 1.44. Set event_callback parameter
|
|
|
|
|
+ 1.45. is_peer_verified usage
|
|
|
|
|
+ 1.46. Use of event_route[tls:connection-out]
|
|
|
|
|
|
|
|
Chapter 1. Admin Guide
|
|
Chapter 1. Admin Guide
|
|
|
|
|
|
|
@@ -173,6 +180,7 @@ Chapter 1. Admin Guide
|
|
|
9.30. renegotiation (boolean)
|
|
9.30. renegotiation (boolean)
|
|
|
9.31. config (string)
|
|
9.31. config (string)
|
|
|
9.32. xavp_cfg (string)
|
|
9.32. xavp_cfg (string)
|
|
|
|
|
+ 9.33. event_callback (str)
|
|
|
|
|
|
|
|
10. Functions
|
|
10. Functions
|
|
|
|
|
|
|
@@ -190,6 +198,10 @@ Chapter 1. Admin Guide
|
|
|
12.1. License
|
|
12.1. License
|
|
|
12.2. History
|
|
12.2. History
|
|
|
|
|
|
|
|
|
|
+ 13. Event Routes
|
|
|
|
|
+
|
|
|
|
|
+ 13.1. event_route[tls:connection-out]
|
|
|
|
|
+
|
|
|
1. Overview
|
|
1. Overview
|
|
|
|
|
|
|
|
This module implements the TLS transport for Kamailio using the OpenSSL
|
|
This module implements the TLS transport for Kamailio using the OpenSSL
|
|
@@ -520,6 +532,7 @@ Revoking a certificate and using a CRL
|
|
|
9.30. renegotiation (boolean)
|
|
9.30. renegotiation (boolean)
|
|
|
9.31. config (string)
|
|
9.31. config (string)
|
|
|
9.32. xavp_cfg (string)
|
|
9.32. xavp_cfg (string)
|
|
|
|
|
+ 9.33. event_callback (str)
|
|
|
|
|
|
|
|
9.1. tls_method (string)
|
|
9.1. tls_method (string)
|
|
|
|
|
|
|
@@ -1267,6 +1280,28 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
|
|
|
route(RELAY);
|
|
route(RELAY);
|
|
|
...
|
|
...
|
|
|
|
|
|
|
|
|
|
+9.33. event_callback (str)
|
|
|
|
|
+
|
|
|
|
|
+ The name of the function in the kemi configuration file (embedded
|
|
|
|
|
+ scripting language such as Lua, Python, ...) to be executed instead of
|
|
|
|
|
+ event_route[...] blocks specific for tls module.
|
|
|
|
|
+
|
|
|
|
|
+ The function has one string parameter, the value is the name of the
|
|
|
|
|
+ event_route block, respectively "tls:connection-out".
|
|
|
|
|
+
|
|
|
|
|
+ Default value is 'empty' (no function is executed for events).
|
|
|
|
|
+
|
|
|
|
|
+ Example 1.44. Set event_callback parameter
|
|
|
|
|
+...
|
|
|
|
|
+modparam("tls", "event_callback", "ksr_tls_event")
|
|
|
|
|
+...
|
|
|
|
|
+-- event callback function implemented in Lua
|
|
|
|
|
+function ksr_tls_event(evname)
|
|
|
|
|
+ KSR.info("===== tls module triggered event: " .. evname .. "\n");
|
|
|
|
|
+ return 1;
|
|
|
|
|
+end
|
|
|
|
|
+...
|
|
|
|
|
+
|
|
|
10. Functions
|
|
10. Functions
|
|
|
|
|
|
|
|
10.1. is_peer_verified()
|
|
10.1. is_peer_verified()
|
|
@@ -1277,7 +1312,7 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
|
|
|
, the peer presented an X509 certificate and the certificate chain
|
|
, the peer presented an X509 certificate and the certificate chain
|
|
|
verified ok. It can be used only in a request route.
|
|
verified ok. It can be used only in a request route.
|
|
|
|
|
|
|
|
- Example 1.44. is_peer_verified usage
|
|
|
|
|
|
|
+ Example 1.45. is_peer_verified usage
|
|
|
if (proto==TLS && !is_peer_verified()){
|
|
if (proto==TLS && !is_peer_verified()){
|
|
|
sl_send_reply("400", "No certificate or verification failed");
|
|
sl_send_reply("400", "No certificate or verification failed");
|
|
|
drop;
|
|
drop;
|
|
@@ -1343,3 +1378,22 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
|
|
|
|
|
|
|
|
Install does not generate self-signed certificates by default anymore.
|
|
Install does not generate self-signed certificates by default anymore.
|
|
|
In order to generate them now you should do "make install-tls-cert"
|
|
In order to generate them now you should do "make install-tls-cert"
|
|
|
|
|
+
|
|
|
|
|
+13. Event Routes
|
|
|
|
|
+
|
|
|
|
|
+ 13.1. event_route[tls:connection-out]
|
|
|
|
|
+
|
|
|
|
|
+13.1. event_route[tls:connection-out]
|
|
|
|
|
+
|
|
|
|
|
+ Event route to be executed when a TLS connection is opened by Kamailio.
|
|
|
|
|
+ If drop() is executed in the event route, then the data is no longer
|
|
|
|
|
+ sent over the connection.
|
|
|
|
|
+
|
|
|
|
|
+ Example 1.46. Use of event_route[tls:connection-out]
|
|
|
|
|
+...
|
|
|
|
|
+event_route[tls:connection-out] {
|
|
|
|
|
+ if($sndto(ip)=="1.2.3.4") {
|
|
|
|
|
+ drop;
|
|
|
|
|
+ }
|
|
|
|
|
+}
|
|
|
|
|
+...
|
Kamailio Dev