[asterisk-dev] TLS/SSL futures
Olle E Johansson
oej at edvina.net
Sat Nov 4 15:59:41 MST 2006
Friends,
We're in SSL/TLS hell and need a strategy to get to SSL/TLS heaven,
if it exists ;-)
Currently we have many different implementations:
* John Todd's SSL for manager API in the bug tracker (OpenSSL)
* The experimental SSL for Manager HTTP server that was committed to
svn trunk a bit too early (OpenSSL)
* Asterisk-netsec uses OpenSSL for midcom
* iksemel, used for jabber/gtalk, use GnuTLS
John Todd's code seems to take a more generic approach with the SSL
interface broken out
in separate files.
Personally I'm not aware on how best to code for SSL/TLS, but I think
we need one common strategy
here for svn trunk.
I would propose
* Standardizing on one external library
* Building an internal module that handles setup of the socket and
authentication with certs
* A common set of configuration options
* A common configuration file for SSL - to handle certificate store
We need SSL/TLS for many things - from SIP/TLS to manager, http,
fastagi, gtalk, jabber, midcom.
Any ideas, coders, other thoughts?
/O
More information about the asterisk-dev
mailing list