[SR-Users] tls.options RPC reporting default settings

Sergiu Pojoga pojogas at gmail.com
Mon Mar 16 18:47:35 CET 2020 

Hi Henning,

It did reboot Kam, lol.

You didn't post parts of your custom tls.cfg settings to match with what
rpc tls.options reports?

Cheers.

On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt <hw at skalatan.de> wrote:

> Hi Sergio,
>
>
>
> strange, for me it looks ok:
>
>
>
> kamcmd> root at dc-sbc:~# kamcmd |grep kamailio
>
>
>
> root at dc-sbc:~# kamcmd tls.options |grep kamailio
>
>         private_key: /etc/kamailio/cert.pem
>
>         certificate: /etc/kamailio/cert.pem
>
>         session_id: kamailio-tls-5.x.y
>
>         config: /etc/kamailio/tls.cfg
>
>
>
> root at dc-sbc:~# kamcmd core.version
>
> kamailio 5.3.2 (x86_64/linux)
>
>
>
> Probably stupid question, maybe the server needs a restart, if you changed
> something etc..?
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *Sergiu
> Pojoga
> *Sent:* Saturday, March 14, 2020 6:49 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi there,
>
>
>
> Having custom TLS config in tls.cfg, RPC `tls.options` seems to report
> default settings. Bug or intended?
>
>
>
> root at kam:/# kamcmd version
> kamailio 5.3.2 (x86_64/linux) 0bed10
>
> root at kam:/# kamcmd tls.options
> {
>  force_run: 0
>  method: TLSv1
>  verify_certificate: 0
>  verify_depth: 9
>  require_certificate: 0
>  private_key: /usr/local/etc/kamailio/cert.pem
>  ca_list:
>  certificate: /usr/local/etc/kamailio/cert.pem
>  cipher_list:
>  session_cache: 0
>  session_id: kamailio-tls-5.x.y
>  config: /usr/local/etc/kamailio/tls.cfg
> ...
> }
>
> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>
>
> root at kam:/usr/local/etc/kamailio# cat tls.cfg
> [server:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> [client:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> Cheers.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200316/79d64629/attachment.html>

More information about the sr-users mailing list