Re: [OpenSIPS-Users] tlt_mgm module - any way to pass cert/key as parameter for outgoing connection?

Thu, 31 Mar 2022 08:27:35 -0700 

Hi Yury,
You can open a feature request on github, so we can take this into consideration for the future releases ;) 

Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS eBootcamp 23rd May - 3rd June 2022
  https://opensips.org/training/OpenSIPS_eBootcamp_2022/

On 3/31/22 6:23 PM, Yury Kirsanov wrote:

Hi Bogdan,

Thanks, that's a good idea! Hope one day we will have the ability to 
select certificates from AVPs in script!


Best regards,
Yury.


On Fri, Apr 1, 2022 at 1:06 AM Bogdan-Andrei Iancu 
<bog...@opensips.org <mailto:bog...@opensips.org>> wrote:


    Hi Yury,

    I'm afraid this is not possible (to fetch the cert from an
    external source at runtime). A dirty hack may be to (1) do the
    rest and fetch the cert + key,  (2) to insert into (from script)
    into the tls_mgm db table and (3) fire an MI tls_reload cmd (from
    script) via the mi() script function [1]

    [1]
    https://opensips.org/html/docs/modules/3.2.x/mi_script.html#func_mi
    <https://opensips.org/html/docs/modules/3.2.x/mi_script.html#func_mi>

    and yeah, I know, it is ugly :(

    Best regards,

    Bogdan-Andrei Iancu

    OpenSIPS Founder and Developer
       https://www.opensips-solutions.com  <https://www.opensips-solutions.com>
    OpenSIPS eBootcamp 23rd May - 3rd June 2022
       https://opensips.org/training/OpenSIPS_eBootcamp_2022/  
<https://opensips.org/training/OpenSIPS_eBootcamp_2022/>

    On 3/15/22 1:45 PM, Yury Kirsanov wrote:

    Hi,
    I've got a question, is there any way to pass SSL certificate and
    key as a parameter to the tls_mgm module during script execution?
    For example, first I do a REST request to our REST API server
    which returns me all required parameters including certificate
    and key. Then I'd like to use this response as a client
    certificate for outgoing connection to some TLS-enabled server.
    Is there any way to do that? I know I can use DB module and
    select a client certificate using avp variable, but that's not
    convenient as it requires tls_reload MI command each time the DB
    is updated.

    Thanks and best regards,
    Yury.

    _______________________________________________
    Users mailing list
    Users@lists.opensips.org  <mailto:Users@lists.opensips.org>
    http://lists.opensips.org/cgi-bin/mailman/listinfo/users  
<http://lists.opensips.org/cgi-bin/mailman/listinfo/users>





_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to