Mercurial > hg > freeDiameter
diff doc/freediameter.conf.sample @ 20:277ec00d793e
Backup before typhoon... Progress on server side
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Wed, 07 Oct 2009 19:31:39 +0900 |
parents | e7187583dcf8 |
children | bef197f6826f |
line wrap: on
line diff
--- a/doc/freediameter.conf.sample Mon Oct 05 17:51:06 2009 +0900 +++ b/doc/freediameter.conf.sample Wed Oct 07 19:31:39 2009 +0900 @@ -1,5 +1,7 @@ # This is a sample configuration file for freeDiameter daemon. +# Only the "TLS_Cred" directive is really mandatory in this file. + ############################################################## ## Peer identity and realm @@ -30,11 +32,11 @@ # Default: use RFC3588bis method with separate port for TLS. #TLS_old_method; -# Disable use of TCP protocol (only SCTP) +# Disable use of TCP protocol (only listen and connect in SCTP) # Default : TCP enabled #No_TCP; -# Disable use of SCTP protocol (only TCP) +# Disable use of SCTP protocol (only listen and connect in TCP) # Default : SCTP enabled #No_SCTP; # This option has no effect if freeDiameter is compiled with DISABLE_SCTP option, @@ -92,6 +94,7 @@ # The information about revoked certificates. # The file contains a list of trusted CRLs in PEM format. They should have been verified before. # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) +# Note: currently, openssl CRL seems not supported... # Default : GNUTLS default behavior #TLS_CRL = "<file.PEM>"; @@ -210,3 +213,7 @@ LoadExtension = "extensions/dict_eap.fdx"; ConnectPeer = "jules.nautilus6.org" ; ConnectPeer = "aaa.nautilus6.org" { No_TLS; No_IP; No_TCP; SCTP_streams = 60; } ; +TLS_Cred = "/etc/openssl-ca/clients/certs/fdtest.cert" , "/etc/openssl-ca/clients/privkeys/fdtest.key.pem"; +TLS_CA = "/etc/openssl-ca/public-www/cacert.pem"; +# TLS_CRL = "/etc/openssl-ca/public-www/crl.pem"; +