[OpenSIPS-Users] tlt_mgm module - any way to pass cert/key as parameter for outgoing connection?

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Mar 31 15:25:15 UTC 2022 

Hi Yury,

You can open a feature request on github, so we can take this into 
consideration for the future releases ;)

Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS eBootcamp 23rd May - 3rd June 2022
   https://opensips.org/training/OpenSIPS_eBootcamp_2022/

On 3/31/22 6:23 PM, Yury Kirsanov wrote:
> Hi Bogdan,
> Thanks, that's a good idea! Hope one day we will have the ability to 
> select certificates from AVPs in script!
>
> Best regards,
> Yury.
>
> On Fri, Apr 1, 2022 at 1:06 AM Bogdan-Andrei Iancu 
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>     Hi Yury,
>
>     I'm afraid this is not possible (to fetch the cert from an
>     external source at runtime). A dirty hack may be to (1) do the
>     rest and fetch the cert + key,  (2) to insert into (from script)
>     into the tls_mgm db table and (3) fire an MI tls_reload cmd (from
>     script) via the mi() script function [1]
>
>     [1]
>     https://opensips.org/html/docs/modules/3.2.x/mi_script.html#func_mi
>     <https://opensips.org/html/docs/modules/3.2.x/mi_script.html#func_mi>
>
>     and yeah, I know, it is ugly :(
>
>     Best regards,
>
>     Bogdan-Andrei Iancu
>
>     OpenSIPS Founder and Developer
>        https://www.opensips-solutions.com  <https://www.opensips-solutions.com>
>     OpenSIPS eBootcamp 23rd May - 3rd June 2022
>        https://opensips.org/training/OpenSIPS_eBootcamp_2022/  <https://opensips.org/training/OpenSIPS_eBootcamp_2022/>
>
>     On 3/15/22 1:45 PM, Yury Kirsanov wrote:
>>     Hi,
>>     I've got a question, is there any way to pass SSL certificate and
>>     key as a parameter to the tls_mgm module during script execution?
>>     For example, first I do a REST request to our REST API server
>>     which returns me all required parameters including certificate
>>     and key. Then I'd like to use this response as a client
>>     certificate for outgoing connection to some TLS-enabled server.
>>     Is there any way to do that? I know I can use DB module and
>>     select a client certificate using avp variable, but that's not
>>     convenient as it requires tls_reload MI command each time the DB
>>     is updated.
>>
>>     Thanks and best regards,
>>     Yury.
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users  <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220331/53d83f92/attachment-0001.html>

More information about the Users mailing list