[Serdev] external TLS configuration fails

Jan Janak jan at iptel.org
Tue Apr 11 15:41:04 UTC 2006 

I tried to reproduce this one but without success, it works for me.

Could you retry this with the latest CVS code and if you still have the
problem, send me:

1) bit-by-bit copy of both configuration files
2) Certificates that you are using
3) Binaries and ser sources

   thanks, Jan.

I somehow need to reproduce the problem, I have never seen this.

   Jan.

Klaus Darilion wrote:
> Hi!
> 
> This behavior is really strange: The bug can be fixed by adding a LOG
> statement in parse_domain, just before calling parse_hostport:
> 
>   if (t.type != ':') {
>      LOG(L_ERR, "ERROR:%s:%d:%d: Syntax error, ':' expected\n",
>          pstate.file, t.start.line, t.start.col);
>      return -1;
>   }
> 
> //add some logs to fix bug
> LOG(L_ERR, "ERROR: parse_domain ...");
> 
>   if (parse_hostport(&type, &ip, &port, &t) < 0) return -1;
> 
> 
> Probably this is some uninitialized pointer, but I did not find the bug
> yet :-(
> 
> regards
> klaus
> 
> 
> Klaus Darilion wrote:
>> Hi Jan!
>>
>> I tried the new external TLS configuration but ser fails during
>> initialization:
>>
>> ser[4488]: ERROR:tls.conf:36:12: Syntax error, ']' expected
>> serr[4488]: init_mod(): Error while initializing module tls
>>
>>
>> line 36 is:
>> [server:127.0.0.1:5061]
>>
>>
>> regards
>> klaus
>>
>> PS: The full tls config:
>>
>> #
>> # SER TLS Configuration
>> #
>>
>> #
>> # Default server domain, do not require
>> # clients certificates and do not verify
>> # them
>> #
>> [server:default]
>> method = TLSv1
>> verify_certificate = yes
>> verify_depth = 3
>> require_certificate = yes
>> private_key = "/root/ca/proxyCert1/privkey.pem"
>> certificate = "/root/ca/proxyCert1/cert.pem"
>> ca_list = "/root/ca/demoCA/cacert.pem"
>>
>> #
>> # Default client domain, make sure that
>> # servers present valid certificate
>> #
>> [client:default]
>> method = TLSv1
>> verify_certificate = yes
>> verify_depth = 3
>> require_certificate = yes
>> private_key = "/root/ca/proxyCert1/privkey.pem"
>> certificate = "/root/ca/proxyCert1/cert.pem"
>> ca_list = "/root/ca/demoCA/cacert.pem"
>>
>> #
>> # Use alternative certificate for clients
>> # on the same host
>> #
>> [server:127.0.0.1:5061]
>> private_key = "/root/ca/proxyCert3/privkey.pem"
>> certificate = "/root/ca/proxyCert3/cert.pem"
>>
>> _______________________________________________
>> Serdev mailing list
>> serdev at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serdev
> 
> _______________________________________________
> Serdev mailing list
> serdev at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serdev
>

More information about the Serdev mailing list