[Pkg-voip-commits] [resiprocate] 04/06: Update repro.config comments

Daniel Pocock pocock at alioth.debian.org
Sat Sep 28 20:22:54 UTC 2013 

This is an automated email from the git hooks/post-receive script.

pocock pushed a commit to branch master
in repository resiprocate.

commit ca3227edd331263ff4f15e0bbe0369825803af51
Author: Daniel Pocock <daniel at pocock.com.au>
Date:   Sat Sep 28 21:07:43 2013 +0200

    Update repro.config comments
---
 debian/conf/repro.config |   43 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/debian/conf/repro.config b/debian/conf/repro.config
index 2c438cd..8bab225 100644
--- a/debian/conf/repro.config
+++ b/debian/conf/repro.config
@@ -53,6 +53,16 @@ DTLSPort = 0
 # TLS domain name for this server (note: domain cert for this domain must be present)
 TLSDomainName =
 
+# PEM-encoded X.509 certificate for TLS
+# Must contain any intermediate certificates from the CA
+# The TLSCertificate and TLSPrivateKey parameters are optional.  The stack
+# will also try to automatically detect any suitable certificates
+# in the directory specified by CertificatePath
+TLSCertificate = 
+
+# PEM-encoded private key for TLS
+TLSPrivateKey =
+
 # Whether or not we ask for (Optional) or expect (Mandatory) TLS
 # clients to present a client certificate
 # Possible values:
@@ -82,6 +92,8 @@ TLSUseEmailAsSIP = false
 #                                                is not used.
 # Transport<Num>Type = <'TCP'|'UDP'|'TLS'|'DTLS'> - default is UDP if missing
 # Transport<Num>TlsDomain = <TLSDomain> - only required if transport is TLS or DTLS
+# Transport<Num>TlsCertificate = <TLSCertificate> - only for TLS, DTLS
+# Transport<Num>TlsPrivateKey = <TLSPrivateKey> - only for TLS, DTLS
 # Transport<Num>TlsClientVerification = <'None'|'Optional'|'Mandatory'> - default is None
 # Transport<Num>RecordRouteUri = <'auto'|URI> - if set to auto then record route URI
 #                                               is automatically generated from the other
@@ -107,6 +119,8 @@ TLSUseEmailAsSIP = false
 # Transport3Interface = 192.168.1.106:5061
 # Transport3Type = TLS
 # Transport3TlsDomain = sipdomain.com
+# Transport3TlsCertificate = /etc/ssl/crt/sipdomain.com.crt
+# Transport3TlsPrivateKey = /etc/ssl/private/sipdomain.com.key
 # Transport3TlsClientVerification = Mandatory
 # Transport3RecordRouteUri = sip:h1.sipdomain.com;transport=TLS
 #
@@ -159,6 +173,15 @@ RegSyncPeer =
 # Misc settings
 ########################################################
 
+# Drop privileges and run as some other user and group
+# If RunAsUser is specified and RunAsGroup is not specified,
+# then setgid will be invoked using the default group for
+# the specified user
+# If neither option is specified, then no attempt will be made
+# to call setuid/setgid (there is no default value)
+#RunAsUser = repro
+#RunAsGroup = repro
+
 # Must be true or false, default = false, not supported on Windows
 Daemonize = true
 
@@ -166,14 +189,24 @@ Daemonize = true
 # if unspecified, no attempt will be made to create a PID file
 PidFile = /var/run/repro/repro.pid
 
-# Path to load certificates from (default:  "$(HOME)/.sipCerts on *nix, and c:\sipCerts 
-# on windows)
-# Note that repro loads ALL root certificates found by the settings
-# CertificatePath, CADirectory and CAFile.  Setting one option does
-# not disable the other options.
+# Path to load certificates from (optional, there is no default)
+# Note that repro loads ALL root certificates found by any of the settings
+#
+#    CertificatePath
+#    CADirectory
+#    CAFile
+#
+# Setting one option does not disable the other options.
+#
 # Certificates in this location have to match one of the filename
 # patterns expected by the legacy reSIProcate SSL code:
+#
 #   domain_cert_NAME.pem, root_cert_NAME.pem, ...
+#
+# For domain certificates, it is recommended to use the options
+# for individual transports, such as TransportXTlsCertificate and
+# TransportXTlsPrivateKey and not set CertificatePath at all.
+#
 CertificatePath = /etc/repro/ssl
 
 # Path to load root certificates from

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/resiprocate.git

More information about the Pkg-voip-commits mailing list