Module: kamailio Branch: master Commit: 40a50243f0bae782b7acd97cf0a9b1138185068b URL: https://github.com/kamailio/kamailio/commit/40a50243f0bae782b7acd97cf0a9b1138185068b
Author: Jannik Volkland <volkl...@sipgate.de> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2024-04-04T12:55:38+02:00 db_redis: docs - refine docs regarding client certificates [skip ci] The created ssl context does not use client certificates [1,2] which is against the default in current Redis configurations [3]. The used Redis server therefore needs to be configured to not use tls-auth-clients [3]. There is also a small typo in "ac_path" which was fixed to "ca_path". [1]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892ac0eea3a/src/modules/db_redis/redis_connection.c#L168 [2]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892ac0eea3a/src/modules/db_redis/redis_connection.c#L212 [3]: https://redis.io/docs/management/security/encryption/#client-certificate-authentication --- Modified: src/modules/db_redis/doc/db_redis_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/40a50243f0bae782b7acd97cf0a9b1138185068b.diff Patch: https://github.com/kamailio/kamailio/commit/40a50243f0bae782b7acd97cf0a9b1138185068b.patch --- diff --git a/src/modules/db_redis/doc/db_redis_admin.xml b/src/modules/db_redis/doc/db_redis_admin.xml index a7e7c3bb3a9..15ed0ca61e2 100644 --- a/src/modules/db_redis/doc/db_redis_admin.xml +++ b/src/modules/db_redis/doc/db_redis_admin.xml @@ -224,6 +224,12 @@ modparam("db_redis", "verbosity", 0) Controls TLS usage while connecting to a remote DB. If set to 1, TLS is used to connect to the DB. </para> + <para> + If TLS is enabled, the module will validate the Redis server certificate against the + ca_path. There is currently no way to connect with a specified client certificate, the + <ulink url="https://redis.io/docs/management/security/encryption/#client-certificate-authentication";>corresponding configuration</ulink> + to check client certificates in the Redis server must therefore be turned off. + </para> <para> Default value: 0. </para> @@ -256,9 +262,9 @@ modparam("db_redis", "db_pass", "r3d1sPass") </section> <section id="db_redis.p.ca_path"> - <title><varname>ac_path</varname> (string)</title> + <title><varname>ca_path</varname> (string)</title> <para> - Sets the path where Certificates Authorities certs are stored. + Sets the path where Certificates Authorities certs for the Redis server certificate are stored. </para> <para> Default value: "" (empty). _______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
