[SR-Users] tls.options RPC reporting default settings

Henning Westerholt hw at skalatan.de
Mon Mar 16 18:56:08 CET 2020


Hi Sergiu,

I did not posted it because there is not much to see 😉

[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/kamailio.key
certificate = /etc/kamailio/kamailio.pem
ca_list = /etc/kamailio/ca_list.pem

[client:default] section is identical.

Do you use a special distribution? I did the test on Debian.

Cheers,

Henning

--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>

From: sr-users <sr-users-bounces at lists.kamailio.org> On Behalf Of Sergiu Pojoga
Sent: Monday, March 16, 2020 6:48 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] tls.options RPC reporting default settings

Hi Henning,

It did reboot Kam, lol.

You didn't post parts of your custom tls.cfg settings to match with what rpc tls.options reports?

Cheers.

On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt <hw at skalatan.de<mailto:hw at skalatan.de>> wrote:
Hi Sergio,

strange, for me it looks ok:

kamcmd> root at dc-sbc:~# kamcmd |grep kamailio

root at dc-sbc:~# kamcmd tls.options |grep kamailio
        private_key: /etc/kamailio/cert.pem
        certificate: /etc/kamailio/cert.pem
        session_id: kamailio-tls-5.x.y
        config: /etc/kamailio/tls.cfg

root at dc-sbc:~# kamcmd core.version
kamailio 5.3.2 (x86_64/linux)

Probably stupid question, maybe the server needs a restart, if you changed something etc..?

Cheers,

Henning


--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>

From: sr-users <sr-users-bounces at lists.kamailio.org<mailto:sr-users-bounces at lists.kamailio.org>> On Behalf Of Sergiu Pojoga
Sent: Saturday, March 14, 2020 6:49 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>
Subject: [SR-Users] tls.options RPC reporting default settings

Hi there,

Having custom TLS config in tls.cfg, RPC `tls.options` seems to report default settings. Bug or intended?

root at kam:/# kamcmd version
kamailio 5.3.2 (x86_64/linux) 0bed10
root at kam:/# kamcmd tls.options
{
 force_run: 0
 method: TLSv1
 verify_certificate: 0
 verify_depth: 9
 require_certificate: 0
 private_key: /usr/local/etc/kamailio/cert.pem
 ca_list:
 certificate: /usr/local/etc/kamailio/cert.pem
 cipher_list:
 session_cache: 0
 session_id: kamailio-tls-5.x.y
 config: /usr/local/etc/kamailio/tls.cfg
...
}

modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")

root at kam:/usr/local/etc/kamailio# cat tls.cfg
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /tmp/privkey.pem
certificate = /tmp/fullchain.pem
ca_list = /etc/ssl/certs/ca-certificates.crt

[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /tmp/privkey.pem
certificate = /tmp/fullchain.pem
ca_list = /etc/ssl/certs/ca-certificates.crt

Cheers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200316/c51b6b62/attachment.html>


More information about the sr-users mailing list