[SR-Users] tls.options RPC reporting default settings

Giacomo Vacca giacomo.vacca at gmail.com
Mon Mar 16 19:20:14 CET 2020 

Hi Sergiu, Henning,
I'm seeing the same reported, in both debian 5.2.4 (stock package) and
5.3.2 built from git on ubuntu.

Maybe I'm doing something wrong too, but with 5.3.2 if I reload I see the
expected values in the logs:


*22(21385) INFO: tls [tls_domain.c:315]: ksr_tls_fill_missing():
TLSs<default>: certificate='/usr/local/etc/kamailio/cert.pem'...*

*22(21385) INFO: tls [tls_domain.c:347]: ksr_tls_fill_missing():
TLSs<default>: private_key='/usr/local/etc/kamailio/key.pem'*

but tls.options says:

root at 8cc87e7f3c98:/# kamcmd tls.options

*{...*



*private_key: /usr/local/etc/kamailio/cert.pem... certificate:
/usr/local/etc/kamailio/cert.pem*


root at 8cc87e7f3c98:/# kamcmd core.version
kamailio 5.3.2 (x86_64/linux) ee9cd2

Even adding something like this in tls_rpc.c:




*str priv_key;priv_key = cfg_get(tls, tls_cfg,
private_key);WARN("TLS_OPTIONS <---------- private key:[%.*s]\n",
priv_key.len, priv_key.s);*

shows the wrong value:

*22(21591) WARNING: tls [tls_rpc.c:226]: tls_options(): TLS_OPTIONS
<---------- private key:[/usr/local/etc/kamailio/cert.pem]*

tls.cfg is a simple:

root at 8cc87e7f3c98:/usr/local/src/kamailio-5.3/kamailio/src/modules/tls# cat
/usr/local/etc/kamailio/tls.cfg










*[server:default]method = TLSv1.2+verify_certificate =
norequire_certificate = noprivate_key =
/usr/local/etc/kamailio/key.pemcertificate =
/usr/local/etc/kamailio/cert.pem#[client:default]verify_certificate =
yesrequire_certificate = yes*

and:
*modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")*

I hope this makes it more obvious.

Cheers,
Giacomo



On Mon, 16 Mar 2020 at 18:57, Henning Westerholt <hw at skalatan.de> wrote:

> Hi Sergiu,
>
>
>
> I did not posted it because there is not much to see 😉
>
>
>
> [server:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/kamailio.key
>
> certificate = /etc/kamailio/kamailio.pem
>
> ca_list = /etc/kamailio/ca_list.pem
>
>
>
> [client:default] section is identical.
>
>
>
> Do you use a special distribution? I did the test on Debian.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *Sergiu
> Pojoga
> *Sent:* Monday, March 16, 2020 6:48 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* Re: [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi Henning,
>
>
>
> It did reboot Kam, lol.
>
>
>
> You didn't post parts of your custom tls.cfg settings to match with what
> rpc tls.options reports?
>
>
>
> Cheers.
>
>
>
> On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt <hw at skalatan.de> wrote:
>
> Hi Sergio,
>
>
>
> strange, for me it looks ok:
>
>
>
> kamcmd> root at dc-sbc:~# kamcmd |grep kamailio
>
>
>
> root at dc-sbc:~# kamcmd tls.options |grep kamailio
>
>         private_key: /etc/kamailio/cert.pem
>
>         certificate: /etc/kamailio/cert.pem
>
>         session_id: kamailio-tls-5.x.y
>
>         config: /etc/kamailio/tls.cfg
>
>
>
> root at dc-sbc:~# kamcmd core.version
>
> kamailio 5.3.2 (x86_64/linux)
>
>
>
> Probably stupid question, maybe the server needs a restart, if you changed
> something etc..?
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *Sergiu
> Pojoga
> *Sent:* Saturday, March 14, 2020 6:49 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi there,
>
>
>
> Having custom TLS config in tls.cfg, RPC `tls.options` seems to report
> default settings. Bug or intended?
>
>
>
> root at kam:/# kamcmd version
> kamailio 5.3.2 (x86_64/linux) 0bed10
>
> root at kam:/# kamcmd tls.options
> {
>  force_run: 0
>  method: TLSv1
>  verify_certificate: 0
>  verify_depth: 9
>  require_certificate: 0
>  private_key: /usr/local/etc/kamailio/cert.pem
>  ca_list:
>  certificate: /usr/local/etc/kamailio/cert.pem
>  cipher_list:
>  session_cache: 0
>  session_id: kamailio-tls-5.x.y
>  config: /usr/local/etc/kamailio/tls.cfg
> ...
> }
>
> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>
>
> root at kam:/usr/local/etc/kamailio# cat tls.cfg
> [server:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> [client:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> Cheers.
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200316/27e47a78/attachment.html>

More information about the sr-users mailing list