[sr-dev] [kamailio/kamailio] add ca_path param to tls module (#2682)
juha-h
notifications at github.com
Tue Mar 23 12:21:55 CET 2021
Daniel-Constantin Mierla writes:
> The error message seems to be related to failure to open `ca_list`
> file, not to `ca_path` -- can you check if `ca_list` is still set
> somewhere there to an invalid file path?
I checked and config file has only this:
modparam("tls", "config", "/etc/sip-proxy/tls.cfg")
and tls.cfg contains:
# more tls.cfg
[client:default]
verify_certificate = yes
require_certificate = yes
tls_method = TLSv1.2+
private_key = /etc/sip-proxy/certs/key.pem
certificate = /etc/sip-proxy/certs/cert.pem
ca_path = /etc/sip-proxy/certs/ca_list
[server:default]
verify_certificate = yes
require_certificate = no
server_name = lohi.tutpro.com
tls_method = TLSv1.1+
private_key = /etc/sip-proxy/certs/key.pem
certificate = /etc/sip-proxy/certs/cert.pem
ca_path = /etc/sip-proxy/certs/ca_list
There is no trace of ca_list anywhere. Also syslog shows that ca_list
is null:
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:322]: ksr_tls_fill_missing(): TLSs<default>: certificate='/etc/sip-proxy/certs/cert.pem'
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:329]: ksr_tls_fill_missing(): TLSs<default>: ca_list='(null)'
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:336]: ksr_tls_fill_missing(): TLSs<default>: ca_path='/etc/sip-proxy/certs/ca_list'
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682#issuecomment-804822963
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210323/5b4b7616/attachment-0001.htm>
More information about the sr-dev
mailing list