[SR-Users] tls.options RPC reporting default settings
Daniel-Constantin Mierla
miconda at gmail.com
Tue Mar 17 08:50:21 CET 2020
Hello,
probably the rpc is working with the structure related to modparams, not
to the profiles set in the tls.cfg. I guess that we should at least
return an error if tls.cfg is used and the internal structure for
modparams is not used.
Cheers,
Daniel
On 16.03.20 20:38, Henning Westerholt wrote:
>
> Hi Sergiu, Giacomo,
>
>
>
> ah, now I understand. Indeed, this looks wrong.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com <https://gilawa.com/>
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org> *On Behalf Of
> *Sergiu Pojoga
> *Sent:* Monday, March 16, 2020 7:23 PM
> *To:* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject:* Re: [SR-Users] tls.options RPC reporting default settings
>
>
>
> So in your example, tls.cfg certificate path is set
> to /etc/kamailio/kamailio.pem, while tls.options reports certificate
> path /etc/kamailio/cert.pem
>
>
>
>
>
>
>
> On Mon, Mar 16, 2020 at 1:56 PM Henning Westerholt <hw at skalatan.de
> <mailto:hw at skalatan.de>> wrote:
>
> Hi Sergiu,
>
>
>
> I did not posted it because there is not much to see 😉
>
>
>
> [server:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/kamailio.key
>
> certificate = /etc/kamailio/kamailio.pem
>
> ca_list = /etc/kamailio/ca_list.pem
>
>
>
> [client:default] section is identical.
>
>
>
> Do you use a special distribution? I did the test on Debian.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com <https://gilawa.com/>
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org
> <mailto:sr-users-bounces at lists.kamailio.org>> *On Behalf Of
> *Sergiu Pojoga
> *Sent:* Monday, March 16, 2020 6:48 PM
> *To:* Kamailio (SER) - Users Mailing List
> <sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>>
> *Subject:* Re: [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi Henning,
>
>
>
> It did reboot Kam, lol.
>
>
>
> You didn't post parts of your custom tls.cfg settings to match
> with what rpc tls.options reports?
>
>
>
> Cheers.
>
>
>
> On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt <hw at skalatan.de
> <mailto:hw at skalatan.de>> wrote:
>
> Hi Sergio,
>
>
>
> strange, for me it looks ok:
>
>
>
> kamcmd> root at dc-sbc:~# kamcmd |grep kamailio
>
>
>
> root at dc-sbc:~# kamcmd tls.options |grep kamailio
>
> private_key: /etc/kamailio/cert.pem
>
> certificate: /etc/kamailio/cert.pem
>
> session_id: kamailio-tls-5.x.y
>
> config: /etc/kamailio/tls.cfg
>
>
>
> root at dc-sbc:~# kamcmd core.version
>
> kamailio 5.3.2 (x86_64/linux)
>
>
>
> Probably stupid question, maybe the server needs a restart, if
> you changed something etc..?
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com <https://gilawa.com/>
>
>
>
> *From:* sr-users <sr-users-bounces at lists.kamailio.org
> <mailto:sr-users-bounces at lists.kamailio.org>> *On Behalf Of
> *Sergiu Pojoga
> *Sent:* Saturday, March 14, 2020 6:49 PM
> *To:* Kamailio (SER) - Users Mailing List
> <sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>>
> *Subject:* [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi there,
>
>
>
> Having custom TLS config in tls.cfg, RPC `tls.options` seems
> to report default settings. Bug or intended?
>
>
>
> root at kam:/# kamcmd version
> kamailio 5.3.2 (x86_64/linux) 0bed10
>
> root at kam:/# kamcmd tls.options
> {
> force_run: 0
> method: TLSv1
> verify_certificate: 0
> verify_depth: 9
> require_certificate: 0
> private_key: /usr/local/etc/kamailio/cert.pem
> ca_list:
> certificate: /usr/local/etc/kamailio/cert.pem
> cipher_list:
> session_cache: 0
> session_id: kamailio-tls-5.x.y
> config: /usr/local/etc/kamailio/tls.cfg
> ...
> }
>
> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>
>
> root at kam:/usr/local/etc/kamailio# cat tls.cfg
> [server:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> [client:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> Cheers.
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200317/60785fcc/attachment.html>
More information about the sr-users
mailing list