Hi there,
Having custom TLS config in tls.cfg, RPC `tls.options` seems to report default settings. Bug or intended?
root@kam:/# kamcmd version kamailio 5.3.2 (x86_64/linux) 0bed10
root@kam:/# kamcmd tls.options { force_run: 0 method: TLSv1 verify_certificate: 0 verify_depth: 9 require_certificate: 0 private_key: /usr/local/etc/kamailio/cert.pem ca_list: certificate: /usr/local/etc/kamailio/cert.pem cipher_list: session_cache: 0 session_id: kamailio-tls-5.x.y config: /usr/local/etc/kamailio/tls.cfg ... }
modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
root@kam:/usr/local/etc/kamailio# cat tls.cfg [server:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /tmp/privkey.pem certificate = /tmp/fullchain.pem ca_list = /etc/ssl/certs/ca-certificates.crt
[client:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /tmp/privkey.pem certificate = /tmp/fullchain.pem ca_list = /etc/ssl/certs/ca-certificates.crt
Cheers.
Hi Sergio,
strange, for me it looks ok:
kamcmd> root@dc-sbc:~# kamcmd |grep kamailio
root@dc-sbc:~# kamcmd tls.options |grep kamailio private_key: /etc/kamailio/cert.pem certificate: /etc/kamailio/cert.pem session_id: kamailio-tls-5.x.y config: /etc/kamailio/tls.cfg
root@dc-sbc:~# kamcmd core.version kamailio 5.3.2 (x86_64/linux)
Probably stupid question, maybe the server needs a restart, if you changed something etc..?
Cheers,
Henning
-- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.comhttps://gilawa.com/
From: sr-users sr-users-bounces@lists.kamailio.org On Behalf Of Sergiu Pojoga Sent: Saturday, March 14, 2020 6:49 PM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: [SR-Users] tls.options RPC reporting default settings
Hi there,
Having custom TLS config in tls.cfg, RPC `tls.options` seems to report default settings. Bug or intended?
root@kam:/# kamcmd version kamailio 5.3.2 (x86_64/linux) 0bed10 root@kam:/# kamcmd tls.options { force_run: 0 method: TLSv1 verify_certificate: 0 verify_depth: 9 require_certificate: 0 private_key: /usr/local/etc/kamailio/cert.pem ca_list: certificate: /usr/local/etc/kamailio/cert.pem cipher_list: session_cache: 0 session_id: kamailio-tls-5.x.y config: /usr/local/etc/kamailio/tls.cfg ... }
modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
root@kam:/usr/local/etc/kamailio# cat tls.cfg [server:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /tmp/privkey.pem certificate = /tmp/fullchain.pem ca_list = /etc/ssl/certs/ca-certificates.crt
[client:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /tmp/privkey.pem certificate = /tmp/fullchain.pem ca_list = /etc/ssl/certs/ca-certificates.crt
Cheers.
Hi Henning,
It did reboot Kam, lol.
You didn't post parts of your custom tls.cfg settings to match with what rpc tls.options reports?
Cheers.
On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt hw@skalatan.de wrote:
Hi Sergio,
strange, for me it looks ok:
kamcmd> root@dc-sbc:~# kamcmd |grep kamailio
root@dc-sbc:~# kamcmd tls.options |grep kamailio
private_key: /etc/kamailio/cert.pem certificate: /etc/kamailio/cert.pem session_id: kamailio-tls-5.x.y config: /etc/kamailio/tls.cfgroot@dc-sbc:~# kamcmd core.version
kamailio 5.3.2 (x86_64/linux)
Probably stupid question, maybe the server needs a restart, if you changed something etc..?
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com
*From:* sr-users sr-users-bounces@lists.kamailio.org *On Behalf Of *Sergiu Pojoga *Sent:* Saturday, March 14, 2020 6:49 PM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Subject:* [SR-Users] tls.options RPC reporting default settings
Hi there,
Having custom TLS config in tls.cfg, RPC `tls.options` seems to report default settings. Bug or intended?
root@kam:/# kamcmd version kamailio 5.3.2 (x86_64/linux) 0bed10
root@kam:/# kamcmd tls.options { force_run: 0 method: TLSv1 verify_certificate: 0 verify_depth: 9 require_certificate: 0 private_key: /usr/local/etc/kamailio/cert.pem ca_list: certificate: /usr/local/etc/kamailio/cert.pem cipher_list: session_cache: 0 session_id: kamailio-tls-5.x.y config: /usr/local/etc/kamailio/tls.cfg ... }
modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
root@kam:/usr/local/etc/kamailio# cat tls.cfg [server:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /tmp/privkey.pem certificate = /tmp/fullchain.pem ca_list = /etc/ssl/certs/ca-certificates.crt
[client:default] method = TLSv1.2+ verify_certificate = yes require_certificate = yes private_key = /tmp/privkey.pem certificate = /tmp/fullchain.pem ca_list = /etc/ssl/certs/ca-certificates.crt
Cheers.
-
Henning Westerholt -
Sergiu Pojoga