<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x
...'
- code is contributed under BSD for core and main components (tm, sl, auth,
tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the
checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING
guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on
sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils,
...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook
files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [x] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the
checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
The created ssl context in the `db_redis` and `ndb_redis` modules does not use
client certificates [1], [2] which is against the default in current Redis
configurations [3]. The used Redis server therefore needs to be configured to
not use tls-auth-clients [3]. Without setting this configuration in Redis, no
TLS connection to the Redis server can be established, since Redis will not
accept unsigned/not-validated client certificates.
There is also a small typo in "ac_path" in both docs which was fixed
to "ca_path", added with some more specification to _which_
certificate is validated.
[1]:
https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892ac0eea3a/src/modules/db_redis/redis_connection.c#L168
[2]:
https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892ac0eea3a/src/modules/db_redis/redis_connection.c#L212
[3]:
https://redis.io/docs/management/security/encryption/#client-certificate-authentication
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/3804
-- Commit Summary --
* db_redis: docs - refine docs regarding client certificates [skip ci]
* ndb_redis: docs - refine docs regarding client certificates [skip ci]
-- File Changes --
M src/modules/db_redis/doc/db_redis_admin.xml (10)
M src/modules/ndb_redis/doc/ndb_redis_admin.xml (10)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/3804.patch
https://github.com/kamailio/kamailio/pull/3804.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3804
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/3...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
