[SR-Users] $sel(tls.peer.subject.cn) error

Daniel-Constantin Mierla miconda at gmail.com
Thu Apr 10 12:18:44 CEST 2014 

The parameters for functions are resolved at fixup time, which is done 
after mod_init -- the config parser will see any function parameter as 
just string, then later will run fixup for function parameters.

Probably the error message from tls_select.c:152 can be made dbg, the pv 
value is ok, being null in this case.

Cheers,
Daniel

On 10/04/14 10:58, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
>
>> Note that there should be direct pv alternative, as I could see in the
>> module, such as $tls_peer_subject_cn -- see tls_pv structure inside
>> tls_select.c file of the tls module. Not sure if they were documented
>> somewhere.
> those seem to work without modifying tls module source.  i tested like
> this:
>
>      if (proto == TLS) {
>          xlog("L_INFO", "tls_my_subject_cn = <$tls_my_subject_cn>\n");
>          xlog("L_INFO", "tls_peer_subject_cn = <$tls_peer_subject_cn>\n");
>      };
>
> and got:
>
> Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: REGISTER <sip:test at test.tutpro.com> by <test at test.tutpro.com> from <192.98.102.30> is authorized
> Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: tls_my_subject_cn = <test.tutpro.com>
> Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: tls [tls_select.c:152]: get_cert(): Unable to retrieve TLS certificate from SSL structure
> Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: tls_peer_subject_cn = <<null>>
> Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: tls [tls_select.c:152]: get_cert(): Unable to retrieve TLS certificate from SSL structure
> Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: <core> [lvalue.c:416]: lval_assign(): assignment failed at pos: (878,49-878,49)
>
> i'm not sure yet, if this peer gave its certificate during the
> handshake.  if there is no peer certificate, ERROR level message seems
> like an overkill.  in my opinion it would suffice to return empty
> value.
>
> -- juha

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-users mailing list