[Serdev] external TLS configuration fails
Jan Janak
jan at iptel.org
Wed Apr 12 15:52:59 UTC 2006
Klaus Darilion wrote:
> Hi Jan!
>
> I triy to reproduce the bug with a clean ser installation - which is not
> that easy. I think enabling TLS should be more easily. At the moment, to
> enable TLS, I have to:
> - apply the patch
> - export TLS=1
> - edit Makefile and remove "tls" from excluded modules.
>
> IMO the patch should be applied to CVS head and tls should be removed
> from excluded modules automatically if TLS==1
In the future the patch will not be needed, this is a temporary
solution. Andrei is working on core changes that would eliminate
the need to have the patch.
Jan.
>
> regards
> klaus
>
> Jan Janak wrote:
>> I tried to reproduce this one but without success, it works for me.
>>
>> Could you retry this with the latest CVS code and if you still have the
>> problem, send me:
>>
>> 1) bit-by-bit copy of both configuration files
>> 2) Certificates that you are using
>> 3) Binaries and ser sources
>>
>> thanks, Jan.
>>
>> I somehow need to reproduce the problem, I have never seen this.
>>
>> Jan.
>>
>> Klaus Darilion wrote:
>>> Hi!
>>>
>>> This behavior is really strange: The bug can be fixed by adding a LOG
>>> statement in parse_domain, just before calling parse_hostport:
>>>
>>> if (t.type != ':') {
>>> LOG(L_ERR, "ERROR:%s:%d:%d: Syntax error, ':' expected\n",
>>> pstate.file, t.start.line, t.start.col);
>>> return -1;
>>> }
>>>
>>> //add some logs to fix bug
>>> LOG(L_ERR, "ERROR: parse_domain ...");
>>>
>>> if (parse_hostport(&type, &ip, &port, &t) < 0) return -1;
>>>
>>>
>>> Probably this is some uninitialized pointer, but I did not find the bug
>>> yet :-(
>>>
>>> regards
>>> klaus
>>>
>>>
>>> Klaus Darilion wrote:
>>>> Hi Jan!
>>>>
>>>> I tried the new external TLS configuration but ser fails during
>>>> initialization:
>>>>
>>>> ser[4488]: ERROR:tls.conf:36:12: Syntax error, ']' expected
>>>> serr[4488]: init_mod(): Error while initializing module tls
>>>>
>>>>
>>>> line 36 is:
>>>> [server:127.0.0.1:5061]
>>>>
>>>>
>>>> regards
>>>> klaus
>>>>
>>>> PS: The full tls config:
>>>>
>>>> #
>>>> # SER TLS Configuration
>>>> #
>>>>
>>>> #
>>>> # Default server domain, do not require
>>>> # clients certificates and do not verify
>>>> # them
>>>> #
>>>> [server:default]
>>>> method = TLSv1
>>>> verify_certificate = yes
>>>> verify_depth = 3
>>>> require_certificate = yes
>>>> private_key = "/root/ca/proxyCert1/privkey.pem"
>>>> certificate = "/root/ca/proxyCert1/cert.pem"
>>>> ca_list = "/root/ca/demoCA/cacert.pem"
>>>>
>>>> #
>>>> # Default client domain, make sure that
>>>> # servers present valid certificate
>>>> #
>>>> [client:default]
>>>> method = TLSv1
>>>> verify_certificate = yes
>>>> verify_depth = 3
>>>> require_certificate = yes
>>>> private_key = "/root/ca/proxyCert1/privkey.pem"
>>>> certificate = "/root/ca/proxyCert1/cert.pem"
>>>> ca_list = "/root/ca/demoCA/cacert.pem"
>>>>
>>>> #
>>>> # Use alternative certificate for clients
>>>> # on the same host
>>>> #
>>>> [server:127.0.0.1:5061]
>>>> private_key = "/root/ca/proxyCert3/privkey.pem"
>>>> certificate = "/root/ca/proxyCert3/cert.pem"
>>>>
>>>> _______________________________________________
>>>> Serdev mailing list
>>>> serdev at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serdev
>>> _______________________________________________
>>> Serdev mailing list
>>> serdev at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serdev
>>>
>>
>
More information about the Serdev
mailing list