21 Apr
2014
21 Apr
'14
2:20 p.m.
Hello,
It’s my first message here so here is a little introduction about me.
I’m Yoann gini, a french system administrator specialized in Apple product for enterprise.
I also manage some other UNIX sever (essentially BSD based) and some windows when
customers pay me a lot…
I’m trying to install Kamailio on by personal FreeBSD 10 server. My intend is discover
products functionalities and see what can be done whit it. Maybe I can made a package for
OS X Server and deploy it along with e-mail and xmpp services when my customers need
efficient communication system.
So, at this time, I’m playing with various options and I’ve some problems.
The one who lead me here concern TLS module.
I’m unable to start the service with TLS module enabled, digging into the debug log, I’ve
catch those lines:
0(35943) DEBUG: <core> [cfg.y:1635]: yyparse(): loading module tls.so
0(35943) DEBUG: <core> [sr_module.c:591]: load_module(): load_module: trying to
load </usr/local/lib64/kamailio/modules/tls.so>
0(35943) INFO: tls [tls_init.c:385]: init_tls_compression(): tls: init_tls: disabling
compression...
0(35943) ERROR: <core> [modparam.c:163]: set_mod_param_regex():
set_mod_param_regex: No module matching <tls> found
It seems that the module is loaded, but impossible to configure…
Here is the output of grep -i tls kamailio.cfg
### #!define WITH_TLS
# *** To enable TLS support execute:
# - adjust CFGDIR/tls.cfg as needed
# - define WITH_TLS
#!ifdef WITH_TLS
listen=tls:<ipv4>:5061
listen=tls:<ipv6>:5061
enable_tls=yes
#!ifdef WITH_TLS
loadmodule "tls.so"
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/etc/kamailio/tls.cfg")
And the content of /usr/local/etc/kamailio/tls.cfg
[server:default]
method = TLSv1
verify_certificate = yes
require_certificate = no
private_key = /etc/ssl/keys/my_real_ssl_cert.key
certificate = /etc/ssl/certs/my_real_ssl_cert.crt
ca_list = /etc/ssl/cert.pem
#crl = /usr/local/etc/kamailio/crl.pem
[client:default]
verify_certificate = no
require_certificate = no
After some search, I’ve found this message on the list
http://lists.sip-router.org/pipermail/sr-users/2013-August/079439.html
It seems that a bug on OpenSSL side cause some trouble with TLS module…
Is it still true ? How do you manage your TLS configuration ?
I’m using OpenSSL 1.0.1g with kamailio 4.1.2.
Best regards,
Yoann.
21 Apr
21 Apr
3:11 p.m.
Hello,
if you installed tls module, then be sure you have the next line after
the first line of kamailio.cfg:
#!define WITH_TLS
Cheers,
Daniel
On 21/04/14 13:20, Yoann Gini wrote:
Hello,
It’s my first message here so here is a little introduction about me.
I’m Yoann gini, a french system administrator specialized in Apple
product for enterprise. I also manage some other UNIX sever
(essentially BSD based) and some windows when customers pay me a lot…
I’m trying to install Kamailio on by personal FreeBSD 10 server. My
intend is discover products functionalities and see what can be done
whit it. Maybe I can made a package for OS X Server and deploy it
along with e-mail and xmpp services when my customers need efficient
communication system.
So, at this time, I’m playing with various options and I’ve some problems.
The one who lead me here concern TLS module.
I’m unable to start the service with TLS module enabled, digging into
the debug log, I’ve catch those lines:
0(35943) DEBUG: <core> [cfg.y:1635]: yyparse(): loading module tls.so
0(35943) DEBUG: <core> [sr_module.c:591]: load_module(): load_module:
trying to load </usr/local/lib64/kamailio/modules/tls.so>
0(35943) INFO: tls [tls_init.c:385]: init_tls_compression(): tls:
init_tls: disabling compression...
0(35943) ERROR: <core> [modparam.c:163]: set_mod_param_regex():
set_mod_param_regex: No module matching <tls> found
It seems that the module is loaded, but impossible to configure…
Here is the output of grep -i tls kamailio.cfg
### #!define WITH_TLS
# *** To enable TLS support execute:
# - adjust CFGDIR/tls.cfg as needed
# - define WITH_TLS
#!ifdef WITH_TLS
listen=tls:<ipv4>:5061
listen=tls:<ipv6>:5061
enable_tls=yes
#!ifdef WITH_TLS
loadmodule "tls.so"
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/etc/kamailio/tls.cfg")
And the content of /usr/local/etc/kamailio/tls.cfg
[server:default]
method = TLSv1
verify_certificate = yes
require_certificate = no
private_key = /etc/ssl/keys/my_real_ssl_cert.key
certificate = /etc/ssl/certs/my_real_ssl_cert.crt
ca_list = /etc/ssl/cert.pem
#crl = /usr/local/etc/kamailio/crl.pem
[client:default]
verify_certificate = no
require_certificate = no
After some search, I’ve found this message on the list
http://lists.sip-router.org/pipermail/sr-users/2013-August/079439.html
It seems that a bug on OpenSSL side cause some trouble with TLS module…
Is it still true ? How do you manage your TLS configuration ?
I’m using OpenSSL 1.0.1g with kamailio 4.1.2.
Best regards,
Yoann.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
4:14 p.m.
Hi
Le 21 avr. 2014 à 14:11, Daniel-Constantin Mierla <miconda(a)gmail.com> a écrit :
if you installed tls module, then be sure you have the
next line after the first line of kamailio.cfg:
#!define WITH_TLS
Yes I have it.
The output pasted in my previous mail shown « ### #!define WITH_TLS » but I’ve obviously
try it with just « #!define WITH_TLS ». The ### are here just to disable the settings in
the mean time.
3897
days inactive
3897
days old
2 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
Yoann Gini