
<div dir="ltr">Hi Sergiu, Henning,<div>I'm seeing the same reported, in both debian 5.2.4 (stock package) and 5.3.2 built from git on ubuntu.</div><div><br></div><div>Maybe I'm doing something wrong too, but with 5.3.2 if I reload I see the expected values in the logs:</div><div><br></div><div><i>22(21385) INFO: tls [tls_domain.c:315]: ksr_tls_fill_missing(): TLSs<default>: certificate='/usr/local/etc/kamailio/cert.pem'<br>...</i></div><div><i>22(21385) INFO: tls [tls_domain.c:347]: ksr_tls_fill_missing(): TLSs<default>: private_key='/usr/local/etc/kamailio/key.pem'<br></i></div><div><br></div><div>but tls.options says:</div><div><br></div><div>root@8cc87e7f3c98:/# kamcmd tls.options<br><i>{<br>...</i></div><div><i>private_key: /usr/local/etc/kamailio/cert.pem<br>...<br>   certificate: /usr/local/etc/kamailio/cert.pem<br></i></div><div><br></div><div><br></div><div>root@8cc87e7f3c98:/# kamcmd core.version<br>kamailio 5.3.2 (x86_64/linux) ee9cd2<br></div><div><br></div><div>Even adding something like this in tls_rpc.c:</div><div><br></div><div><i>str priv_key;<br>priv_key = cfg_get(tls, tls_cfg, private_key);<br>WARN("TLS_OPTIONS <---------- private key:[%.*s]\n", priv_key.len, priv_key.s);<br></i></div><div><br></div><div>shows the wrong value:</div><div><i>22(21591) WARNING: tls [tls_rpc.c:226]: tls_options(): TLS_OPTIONS <---------- private key:[/usr/local/etc/kamailio/cert.pem]<br></i></div><div><br></div><div>tls.cfg is a simple:</div><div><br></div><div>root@8cc87e7f3c98:/usr/local/src/kamailio-5.3/kamailio/src/modules/tls# cat /usr/local/etc/kamailio/tls.cfg<br><i>[server:default]<br>method = TLSv1.2+<br>verify_certificate = no<br>require_certificate = no<br>private_key = /usr/local/etc/kamailio/key.pem<br>certificate = /usr/local/etc/kamailio/cert.pem<br>#<br>[client:default]<br>verify_certificate = yes<br>require_certificate = yes<br></i></div><div><br></div><div>and:</div><div><i>modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")</i><br></div><div><br></div><div>I hope this makes it more obvious.</div><div><br></div><div>Cheers,</div><div>Giacomo<br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 16 Mar 2020 at 18:57, Henning Westerholt <<a href="mailto:hw@skalatan.de">hw@skalatan.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">


<div lang="DE">

<div class="gmail-m_1704582645530052144WordSection1">

<p class="MsoNormal"><span lang="EN-GB">Hi Sergiu,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">I did not posted it because there is not much to see

</span><span lang="EN-GB" style="font-family:"Segoe UI Emoji",sans-serif">😉</span><span lang="EN-GB"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">[server:default]<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">method = TLSv1.2+<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">verify_certificate = yes<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">require_certificate = yes<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">private_key = /etc/kamailio/kamailio.key<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">certificate = /etc/kamailio/kamailio.pem<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">ca_list = /etc/kamailio/ca_list.pem<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">[client:default] section is identical.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Do you use a special distribution? I did the test on Debian.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Cheers,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Henning<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">-- <u></u>

<u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Henning Westerholt –

</span><span><a href="https://skalatan.de/blog/" target="_blank"><span lang="EN-GB" style="color:rgb(5,99,193)">https://skalatan.de/blog/</span></a></span><span lang="EN-GB"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-GB">Kamailio services –

</span><span><a href="https://gilawa.com/" target="_blank"><span lang="EN-GB" style="color:rgb(5,99,193)">https://gilawa.com</span></a></span><span>

<span lang="EN-GB"><u></u><u></u></span></span></p>

<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal" style="margin-left:35.4pt"><b>From:</b> sr-users <<a href="mailto:sr-users-bounces@lists.kamailio.org" target="_blank">sr-users-bounces@lists.kamailio.org</a>>

<b>On Behalf Of </b>Sergiu Pojoga<br>

<b>Sent:</b> Monday, March 16, 2020 6:48 PM<br>

<b>To:</b> Kamailio (SER) - Users Mailing List <<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>

<b>Subject:</b> Re: [SR-Users] tls.options RPC reporting default settings<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Hi Henning,<u></u><u></u></p>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">It did reboot Kam, lol.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">You didn't post parts of your custom tls.cfg settings to match with what rpc tls.options reports?<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">Cheers.<u></u><u></u></p>

</div>

</div>

<p class="MsoNormal" style="margin-left:35.4pt"><u></u> <u></u></p>

<div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt <<a href="mailto:hw@skalatan.de" target="_blank">hw@skalatan.de</a>> wrote:<u></u><u></u></p>

</div>

<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm">

<div>

<div>

<p class="MsoNormal" style="margin-left:35.4pt">

Hi Sergio,<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

 <u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">strange, for me it looks ok:</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">kamcmd> root@dc-sbc:~# kamcmd |grep kamailio</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">root@dc-sbc:~# kamcmd tls.options |grep kamailio</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">        private_key: /etc/kamailio/cert.pem</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">        certificate: /etc/kamailio/cert.pem</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">        session_id: kamailio-tls-5.x.y</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">        config: /etc/kamailio/tls.cfg</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">root@dc-sbc:~# kamcmd core.version</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">kamailio 5.3.2 (x86_64/linux)</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">Probably stupid question, maybe the server needs a restart, if you changed something etc..?</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">Cheers,</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">Henning</span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">-- </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">Henning Westerholt – </span><a href="https://skalatan.de/blog/" target="_blank"><span lang="EN-GB" style="color:rgb(5,99,193)">https://skalatan.de/blog/</span></a><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB">Kamailio services – </span><a href="https://gilawa.com/" target="_blank"><span lang="EN-GB" style="color:rgb(5,99,193)">https://gilawa.com</span></a>

<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:35.4pt">

<span lang="EN-GB"> </span><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:70.8pt">

<b>From:</b> sr-users <<a href="mailto:sr-users-bounces@lists.kamailio.org" target="_blank">sr-users-bounces@lists.kamailio.org</a>>

<b>On Behalf Of </b>Sergiu Pojoga<br>

<b>Sent:</b> Saturday, March 14, 2020 6:49 PM<br>

<b>To:</b> Kamailio (SER) - Users Mailing List <<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>><br>

<b>Subject:</b> [SR-Users] tls.options RPC reporting default settings<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:70.8pt">

 <u></u><u></u></p>

<div>

<p class="MsoNormal" style="margin-left:70.8pt">

Hi there,<u></u><u></u></p>

<div>

<p class="MsoNormal" style="margin-left:70.8pt">

 <u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:70.8pt">

Having custom TLS config in tls.cfg, RPC `tls.options` seems to report default settings. Bug or intended?<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:70.8pt">

 <u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-bottom:12pt;margin-left:70.8pt">

root@kam:/# kamcmd version    <br>

kamailio 5.3.2 (x86_64/linux) 0bed10<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:70.8pt">

root@kam:/# kamcmd tls.options<br>

{<br>

 force_run: 0<br>

 method: TLSv1<br>

 verify_certificate: 0<br>

 verify_depth: 9<br>

 require_certificate: 0<br>

 private_key: /usr/local/etc/kamailio/cert.pem<br>

 ca_list: <br>

 certificate: /usr/local/etc/kamailio/cert.pem<br>

 cipher_list: <br>

 session_cache: 0<br>

 session_id: kamailio-tls-5.x.y<br>

 config: /usr/local/etc/kamailio/tls.cfg<br>

...<br>

}<br>

<br>

modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal" style="margin-left:70.8pt">

<br>

root@kam:/usr/local/etc/kamailio# cat tls.cfg<br>

[server:default]<br>

method = TLSv1.2+<br>

verify_certificate = yes<br>

require_certificate = yes<br>

private_key = /tmp/privkey.pem<br>

certificate = /tmp/fullchain.pem<br>

ca_list = /etc/ssl/certs/ca-certificates.crt<br>

<br>

[client:default]<br>

method = TLSv1.2+<br>

verify_certificate = yes<br>

require_certificate = yes<br>

private_key = /tmp/privkey.pem<br>

certificate = /tmp/fullchain.pem<br>

ca_list = /etc/ssl/certs/ca-certificates.crt<br>

<br>

Cheers.<u></u><u></u></p>

</div>

</div>

</div>

</div>

</blockquote>

</div>

</div>

</div>


_______________________________________________<br>

Kamailio (SER) - Users Mailing List<br>

<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>

<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>

</blockquote></div>