< Previous by Date	Date Index	Next by Date >
	Thread Index

[reSIProcate-users] improved TLS PEM file support

From: Daniel Pocock <daniel@xxxxxxxxxxxxx>
Date: Fri, 06 Dec 2013 14:40:28 +0100

A few weeks ago I made some improvements to TLS PEM file handling

I've now taken this further, this will be part of the next v1.9 beta and
may also be backported to the v1.8 branch

Specifically:

- the SIP stack (and consequently repro) can now load a PEM file
containing a chain of intermediate certificates when using the new
Transport*TlsCertificate option (this was already possible with the old
PEM loading mechanism)

- reTurn can now use a standalone PEM private key file (just like the
Transport*TlsPrivateKey option in repro) so the private key does not
need to be in the certificate PEM file

This means that the PEM files should work in a similar way for any of
the processes (either repro or reTurn) and this allows the usual layout
of certificates and keys in a UNIX system (e.g. putting keys in
/etc/ssl/private with restricted permissions)

The old PEM loading logic still works as before so nobody should have to
change anything if they don't want to.

I've tested the chain support with Thawte SSL123 certificates.

Prev by Date: Re: [reSIProcate-users] how to change destination IP?
Next by Date: [reSIProcate-users] plugin DSO support added to repro
Previous by thread: [reSIProcate-users] source address and source port for outgoing TCP
Next by thread: [reSIProcate-users] plugin DSO support added to repro
Index(es):
- Date
- Thread