[sr-dev] [kamailio/kamailio] add ca_path param to tls module (#2682)
Juha Heinanen
jh at tutpro.com
Tue Mar 23 11:22:48 CET 2021
I got latest master properly installed and gave ca_path a try.
I placed four ca certs in directory /etc/sip-proxy/certs/ca_list:
# ls /etc/sip-proxy/certs/ca_list
class3_X0E.crt dst_root_ca_x3.pem lets-encrypt-x3-cross-signed.pem root_X0F.crt
Then I created file ca_list.pem that contained all of them:
# cat /etc/sip-proxy/certs/ca_list/* > /etc/sip-proxy/certs/ca_list.pem
In tls config file I had:
[client:default]
...
ca_list = /etc/sip-proxy/certs/ca_list.pem
[server:default]
...
ca_list = /etc/sip-proxy/certs/ca_list.pem
Result was that kamailio started OK.
Then in tls config file I replaced ca_list with ca_path:
ca_path = /etc/sip-proxy/certs/ca_list
and kamailio failed to start:
Mar 23 12:19:06 lohi /usr/bin/sip-proxy[1435]: INFO: tls [tls_domain.c:329]: ksr_tls_fill_missing(): TLSs<default>: ca_list='(null)'
Mar 23 12:19:06 lohi /usr/bin/sip-proxy[1435]: INFO: tls [tls_domain.c:336]: ksr_tls_fill_missing(): TLSs<default>: ca_path='/etc/sip-proxy/certs/ca_list'
...
Mar 23 12:19:06 lohi /usr/bin/sip-proxy[1435]: ERROR: tls [tls_domain.c:601]: load_ca_list(): TLSs<default>: Error while setting client CA list
Mar 23 12:19:06 lohi /usr/bin/sip-proxy[1435]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0200100E:system library:fopen:Bad address
Mar 23 12:19:06 lohi /usr/bin/sip-proxy[1435]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:20074002:BIO routines:file_ctrl:system lib
Mar 23 12:19:06 lohi /usr/bin/sip-proxy[1435]: ERROR: <core> [core/sr_module.c:865]: init_mod_child(): error while initializing module tls (/usr/lib/x86_64-linux-gnu/sip-proxy/modules/tls.so) (idx: 0 rank: -127 desc: [main])
More information about the sr-dev
mailing list