[Serdev] external TLS configuration fails

Klaus Darilion klaus.mailinglists at pernau.at
Wed Apr 12 13:29:36 UTC 2006 

Hi Jan!

I triy to reproduce the bug with a clean ser installation - which is not 
that easy. I think enabling TLS should be more easily. At the moment, to 
enable TLS, I have to:
- apply the patch
- export TLS=1
- edit Makefile and remove "tls" from excluded modules.

IMO the patch should be applied to CVS head and tls should be removed 
from excluded modules automatically if TLS==1

regards
klaus

Jan Janak wrote:
> I tried to reproduce this one but without success, it works for me.
> 
> Could you retry this with the latest CVS code and if you still have the
> problem, send me:
> 
> 1) bit-by-bit copy of both configuration files
> 2) Certificates that you are using
> 3) Binaries and ser sources
> 
>    thanks, Jan.
> 
> I somehow need to reproduce the problem, I have never seen this.
> 
>    Jan.
> 
> Klaus Darilion wrote:
>> Hi!
>>
>> This behavior is really strange: The bug can be fixed by adding a LOG
>> statement in parse_domain, just before calling parse_hostport:
>>
>>   if (t.type != ':') {
>>      LOG(L_ERR, "ERROR:%s:%d:%d: Syntax error, ':' expected\n",
>>          pstate.file, t.start.line, t.start.col);
>>      return -1;
>>   }
>>
>> //add some logs to fix bug
>> LOG(L_ERR, "ERROR: parse_domain ...");
>>
>>   if (parse_hostport(&type, &ip, &port, &t) < 0) return -1;
>>
>>
>> Probably this is some uninitialized pointer, but I did not find the bug
>> yet :-(
>>
>> regards
>> klaus
>>
>>
>> Klaus Darilion wrote:
>>> Hi Jan!
>>>
>>> I tried the new external TLS configuration but ser fails during
>>> initialization:
>>>
>>> ser[4488]: ERROR:tls.conf:36:12: Syntax error, ']' expected
>>> serr[4488]: init_mod(): Error while initializing module tls
>>>
>>>
>>> line 36 is:
>>> [server:127.0.0.1:5061]
>>>
>>>
>>> regards
>>> klaus
>>>
>>> PS: The full tls config:
>>>
>>> #
>>> # SER TLS Configuration
>>> #
>>>
>>> #
>>> # Default server domain, do not require
>>> # clients certificates and do not verify
>>> # them
>>> #
>>> [server:default]
>>> method = TLSv1
>>> verify_certificate = yes
>>> verify_depth = 3
>>> require_certificate = yes
>>> private_key = "/root/ca/proxyCert1/privkey.pem"
>>> certificate = "/root/ca/proxyCert1/cert.pem"
>>> ca_list = "/root/ca/demoCA/cacert.pem"
>>>
>>> #
>>> # Default client domain, make sure that
>>> # servers present valid certificate
>>> #
>>> [client:default]
>>> method = TLSv1
>>> verify_certificate = yes
>>> verify_depth = 3
>>> require_certificate = yes
>>> private_key = "/root/ca/proxyCert1/privkey.pem"
>>> certificate = "/root/ca/proxyCert1/cert.pem"
>>> ca_list = "/root/ca/demoCA/cacert.pem"
>>>
>>> #
>>> # Use alternative certificate for clients
>>> # on the same host
>>> #
>>> [server:127.0.0.1:5061]
>>> private_key = "/root/ca/proxyCert3/privkey.pem"
>>> certificate = "/root/ca/proxyCert3/cert.pem"
>>>
>>> _______________________________________________
>>> Serdev mailing list
>>> serdev at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serdev
>> _______________________________________________
>> Serdev mailing list
>> serdev at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serdev
>>
>

More information about the Serdev mailing list