Module: kamailio Branch: master Commit: 6faa180661e799187eff3a498f8b13e96719fa92 URL: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e96719fa92
Author: Jannik Volkland <volkl...@sipgate.de> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2024-04-04T12:55:38+02:00 ndb_redis: docs - refine docs regarding client certificates [skip ci] The created ssl context does not use client certificates [1,2] which is against the default in current Redis configurations [3]. The used Redis server therefore needs to be configured to not use tls-auth-clients [3]. There is also a small typo in "ac_path" which was fixed to "ca_path". [1]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892ac0eea3a/src/modules/db_redis/redis_connection.c#L168 [2]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892ac0eea3a/src/modules/db_redis/redis_connection.c#L212 [3]: https://redis.io/docs/management/security/encryption/#client-certificate-authentication --- Modified: src/modules/ndb_redis/doc/ndb_redis_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e96719fa92.diff Patch: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e96719fa92.patch --- diff --git a/src/modules/ndb_redis/doc/ndb_redis_admin.xml b/src/modules/ndb_redis/doc/ndb_redis_admin.xml index 74d35c75cc9..024b01315ac 100644 --- a/src/modules/ndb_redis/doc/ndb_redis_admin.xml +++ b/src/modules/ndb_redis/doc/ndb_redis_admin.xml @@ -75,6 +75,12 @@ many REDIS servers, just give different attributes and use the specific server name when querying the REDIS instance. </para> + <para> + If tls is enabled, the module will validate the REDIS server certificate against the + ca_path. There is currently no way to connect with a specified client certificate, the + <ulink url="https://redis.io/docs/management/security/encryption/#client-certificate-authentication";>corresponding configuration</ulink> + to check client certificates in the REDIS server must therefore be turned off. + </para> <para> <emphasis> Default value is NULL. @@ -330,9 +336,9 @@ modparam("ndb_redis", "debug", 1) </example> </section> <section id="ndb_redis.p.ca_path"> - <title><varname>ac_path</varname> (string)</title> + <title><varname>ca_path</varname> (string)</title> <para> - Sets the path where Certificates Authorities certs are stored. + Sets the path where Certificates Authorities certs for the REDIS server certificate are stored. </para> <para> Default value: "" (empty). _______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
