Socket.ssl
From Yate Documentation
(Difference between revisions)
(Created page with " The socket.ssl message is sent by a module requesting to turn a regular TCP socket into a SSL/TLS encrypted one. Parameters ;server : Boolean value requesting to negotia...") |
|||
| (4 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | The socket.ssl message is sent by a module requesting to turn a regular TCP socket into a SSL/TLS encrypted one. | + | The '''socket.ssl''' message is sent by a module requesting to turn a regular TCP socket into a SSL/TLS encrypted one. |
| − | Parameters | + | ===Parameters=== |
;server | ;server | ||
| Line 9: | Line 9: | ||
: Keyword describing if and when the remote certificate is to be verified | : Keyword describing if and when the remote certificate is to be verified | ||
| − | :* | + | :* none - Don't ask for a certificate, don't stop if verification fails (default) |
| − | :* | + | :* peer - Certificate is verified only if provided (a server always provides one) |
| − | :* | + | :* only - Server only - verify client certificate only if provided and only once |
| − | :* | + | :* must - Server only - client must provide a certificate at every (re)negotiation |
| − | :* | + | :* once - Server only - client must provide a certificate only at first negotiation |
;context | ;context | ||
: Name of the SSL server context to use to secure the connection, if set overrides the domain parameter | : Name of the SSL server context to use to secure the connection, if set overrides the domain parameter | ||
;domain | ;domain | ||
| − | : The domain used ti identify the SSL server context, used only if context isn't set | + | : The domain used ti identify the SSL server context, used only if context isn't set explicitly |
;test | ;test | ||
: Boolean value requesting a test only (no socket replace). Defaults to false if missing | : Boolean value requesting a test only (no socket replace). Defaults to false if missing | ||
'''NOTE:''' The message's user data object must be able to return a "Socket*" object. This must point to a pointer to the Socket object to modify. On a successful return the original Socket object is destroyed and replaced with a derived object with SSL capabilities. The pointer to the new object is placed into the provided pointer. | '''NOTE:''' The message's user data object must be able to return a "Socket*" object. This must point to a pointer to the Socket object to modify. On a successful return the original Socket object is destroyed and replaced with a derived object with SSL capabilities. The pointer to the new object is placed into the provided pointer. | ||
| + | |||
| + | |||
| + | '''See also''' | ||
| + | |||
| + | *[[socket.sctp]] | ||
Latest revision as of 17:26, 21 January 2013
The socket.ssl message is sent by a module requesting to turn a regular TCP socket into a SSL/TLS encrypted one.
[edit] Parameters
- server
- Boolean value requesting to negotiate SSL as server. Defaults to false if missing (negotiate as client)
- verify
- Keyword describing if and when the remote certificate is to be verified
- none - Don't ask for a certificate, don't stop if verification fails (default)
- peer - Certificate is verified only if provided (a server always provides one)
- only - Server only - verify client certificate only if provided and only once
- must - Server only - client must provide a certificate at every (re)negotiation
- once - Server only - client must provide a certificate only at first negotiation
- context
- Name of the SSL server context to use to secure the connection, if set overrides the domain parameter
- domain
- The domain used ti identify the SSL server context, used only if context isn't set explicitly
- test
- Boolean value requesting a test only (no socket replace). Defaults to false if missing
NOTE: The message's user data object must be able to return a "Socket*" object. This must point to a pointer to the Socket object to modify. On a successful return the original Socket object is destroyed and replaced with a derived object with SSL capabilities. The pointer to the new object is placed into the provided pointer.
See also
