[SR-Users] tls.options RPC reporting default settings

Daniel-Constantin Mierla miconda at gmail.com
Tue Mar 17 08:50:21 CET 2020 

Hello,

probably the rpc is working with the structure related to modparams, not
to the profiles set in the tls.cfg. I guess that we should at least
return an error if tls.cfg is used and the internal structure for
modparams is not used.

Cheers,
Daniel

On 16.03.20 20:38, Henning Westerholt wrote:
>
> Hi Sergiu, Giacomo,
>
>  
>
> ah, now I understand. Indeed, this looks wrong.
>
>  
>
> Cheers,
>
>  
>
> Henning
>
>  
>
> -- 
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com <https://gilawa.com/>
>
>  
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of
> *Sergiu Pojoga
> *Sent:* Monday, March 16, 2020 7:23 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* Re: [SR-Users] tls.options RPC reporting default settings
>
>  
>
> So in your example, tls.cfg certificate path is set
> to /etc/kamailio/kamailio.pem, while tls.options reports certificate
> path /etc/kamailio/cert.pem
>
>  
>
>  
>
>  
>
> On Mon, Mar 16, 2020 at 1:56 PM Henning Westerholt <hw at skalatan.de
> <mailto:hw at skalatan.de>> wrote:
>
>     Hi Sergiu,
>
>      
>
>     I did not posted it because there is not much to see 😉
>
>      
>
>     [server:default]
>
>     method = TLSv1.2+
>
>     verify_certificate = yes
>
>     require_certificate = yes
>
>     private_key = /etc/kamailio/kamailio.key
>
>     certificate = /etc/kamailio/kamailio.pem
>
>     ca_list = /etc/kamailio/ca_list.pem
>
>      
>
>     [client:default] section is identical.
>
>      
>
>     Do you use a special distribution? I did the test on Debian.
>
>      
>
>     Cheers,
>
>      
>
>     Henning
>
>      
>
>     -- 
>
>     Henning Westerholt – https://skalatan.de/blog/
>
>     Kamailio services – https://gilawa.com <https://gilawa.com/>
>
>      
>
>     *From:* sr-users <sr-users-bounces at lists.kamailio.org
>     <mailto:sr-users-bounces at lists.kamailio.org>> *On Behalf Of
>     *Sergiu Pojoga
>     *Sent:* Monday, March 16, 2020 6:48 PM
>     *To:* Kamailio (SER) - Users Mailing List
>     <sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>>
>     *Subject:* Re: [SR-Users] tls.options RPC reporting default settings
>
>      
>
>     Hi Henning,
>
>      
>
>     It did reboot Kam, lol.
>
>      
>
>     You didn't post parts of your custom tls.cfg settings to match
>     with what rpc tls.options reports?
>
>      
>
>     Cheers.
>
>      
>
>     On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt <hw at skalatan.de
>     <mailto:hw at skalatan.de>> wrote:
>
>         Hi Sergio,
>
>          
>
>         strange, for me it looks ok:
>
>          
>
>         kamcmd> root at dc-sbc:~# kamcmd |grep kamailio
>
>          
>
>         root at dc-sbc:~# kamcmd tls.options |grep kamailio
>
>                 private_key: /etc/kamailio/cert.pem
>
>                 certificate: /etc/kamailio/cert.pem
>
>                 session_id: kamailio-tls-5.x.y
>
>                 config: /etc/kamailio/tls.cfg
>
>          
>
>         root at dc-sbc:~# kamcmd core.version
>
>         kamailio 5.3.2 (x86_64/linux)
>
>          
>
>         Probably stupid question, maybe the server needs a restart, if
>         you changed something etc..?
>
>          
>
>         Cheers,
>
>          
>
>         Henning
>
>          
>
>          
>
>         -- 
>
>         Henning Westerholt – https://skalatan.de/blog/
>
>         Kamailio services – https://gilawa.com <https://gilawa.com/>
>
>          
>
>         *From:* sr-users <sr-users-bounces at lists.kamailio.org
>         <mailto:sr-users-bounces at lists.kamailio.org>> *On Behalf Of
>         *Sergiu Pojoga
>         *Sent:* Saturday, March 14, 2020 6:49 PM
>         *To:* Kamailio (SER) - Users Mailing List
>         <sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>>
>         *Subject:* [SR-Users] tls.options RPC reporting default settings
>
>          
>
>         Hi there,
>
>          
>
>         Having custom TLS config in tls.cfg, RPC `tls.options` seems
>         to report default settings. Bug or intended?
>
>          
>
>         root at kam:/# kamcmd version    
>         kamailio 5.3.2 (x86_64/linux) 0bed10
>
>         root at kam:/# kamcmd tls.options
>         {
>          force_run: 0
>          method: TLSv1
>          verify_certificate: 0
>          verify_depth: 9
>          require_certificate: 0
>          private_key: /usr/local/etc/kamailio/cert.pem
>          ca_list:
>          certificate: /usr/local/etc/kamailio/cert.pem
>          cipher_list:
>          session_cache: 0
>          session_id: kamailio-tls-5.x.y
>          config: /usr/local/etc/kamailio/tls.cfg
>         ...
>         }
>
>         modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>
>
>         root at kam:/usr/local/etc/kamailio# cat tls.cfg
>         [server:default]
>         method = TLSv1.2+
>         verify_certificate = yes
>         require_certificate = yes
>         private_key = /tmp/privkey.pem
>         certificate = /tmp/fullchain.pem
>         ca_list = /etc/ssl/certs/ca-certificates.crt
>
>         [client:default]
>         method = TLSv1.2+
>         verify_certificate = yes
>         require_certificate = yes
>         private_key = /tmp/privkey.pem
>         certificate = /tmp/fullchain.pem
>         ca_list = /etc/ssl/certs/ca-certificates.crt
>
>         Cheers.
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200317/60785fcc/attachment.html>

More information about the sr-users mailing list