[SR-Users] tls.options RPC reporting default settings

Mon Mar 16 19:22:51 CET 2020

So in your example, tls.cfg certificate path is set
to /etc/kamailio/kamailio.pem, while tls.options reports certificate path
/etc/kamailio/cert.pem

On Mon, Mar 16, 2020 at 1:56 PM Henning Westerholt <hw at skalatan.de> wrote:

> Hi Sergiu,
>
>
>
> I did not posted it because there is not much to see 😉
>
>
>
> [server:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/kamailio.key
>
> certificate = /etc/kamailio/kamailio.pem
>
> ca_list = /etc/kamailio/ca_list.pem
>
>
>
> [client:default] section is identical.
>
>
>
> Do you use a special distribution? I did the test on Debian.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *Sergiu
> Pojoga
> *Sent:* Monday, March 16, 2020 6:48 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* Re: [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi Henning,
>
>
>
> It did reboot Kam, lol.
>
>
>
> You didn't post parts of your custom tls.cfg settings to match with what
> rpc tls.options reports?
>
>
>
> Cheers.
>
>
>
> On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt <hw at skalatan.de> wrote:
>
> Hi Sergio,
>
>
>
> strange, for me it looks ok:
>
>
>
> kamcmd> root at dc-sbc:~# kamcmd |grep kamailio
>
>
>
> root at dc-sbc:~# kamcmd tls.options |grep kamailio
>
>         private_key: /etc/kamailio/cert.pem
>
>         certificate: /etc/kamailio/cert.pem
>
>         session_id: kamailio-tls-5.x.y
>
>         config: /etc/kamailio/tls.cfg
>
>
>
> root at dc-sbc:~# kamcmd core.version
>
> kamailio 5.3.2 (x86_64/linux)
>
>
>
> Probably stupid question, maybe the server needs a restart, if you changed
> something etc..?
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of *Sergiu
> Pojoga
> *Sent:* Saturday, March 14, 2020 6:49 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi there,
>
>
>
> Having custom TLS config in tls.cfg, RPC `tls.options` seems to report
> default settings. Bug or intended?
>
>
>
> root at kam:/# kamcmd version
> kamailio 5.3.2 (x86_64/linux) 0bed10
>
> root at kam:/# kamcmd tls.options
> {
>  force_run: 0
>  method: TLSv1
>  verify_certificate: 0
>  verify_depth: 9
>  require_certificate: 0
>  private_key: /usr/local/etc/kamailio/cert.pem
>  ca_list:
>  certificate: /usr/local/etc/kamailio/cert.pem
>  cipher_list:
>  session_cache: 0
>  session_id: kamailio-tls-5.x.y
>  config: /usr/local/etc/kamailio/tls.cfg
> ...
> }
>
> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>
>
> root at kam:/usr/local/etc/kamailio# cat tls.cfg
> [server:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> [client:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> Cheers.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200316/7688827f/attachment.html>