Hi,
That;s a really bad example of how to hide trash beneath the carpet :(
The instructions on how to get a backtrace are simple and clear [1] -
please consider doing this and helping back the project you are using.
[1] https://www.opensips.org/Documentation/TroubleShooting-Crash
Best
Hi Ovidiu,
I solved this problem by hardcoding the cert address in the my_con.c
address. Guess the cert setup in the config file can't be loaded correctly
when my_con.c calls it.
On Tue, Sep 27, 2022 at 7:34 AM Ovidiu Sas wrote:
> I encountered a crash related to TLS connections and I was
I encountered a crash related to TLS connections and I was wondering
if it's a similar issue.
It seems not, the crash that I encountered happens only on 3.3.
If you installed opensips from a package, you need to install
opensips-dbg package to get the debug symbols.
After that, you can locate the
Hi Ovidiu,
The version I am using is 3.2. I am not familiar with the debug symbols,
but guess this can be reproduced easily. With ?tls_domain=dom1 attached
after the mysql address, it happens. Can you simply check if it is the same
behavior? If not, I will dig further by learning how to use the
Which version of opensips are you using?
Can you install the debug symbols and get a backtrace from the core file?
https://www.opensips.org/Documentation/TroubleShooting-Crash
Regards,
Ovidiu Sas
On Sun, Sep 25, 2022 at 6:32 AM jacky z wrote:
>
> Hi Vlad,
>
> It seems opensips crashed when I
Hi Vlad,
It seems opensips crashed when I set ?tls_domain=dom1 to enable tls
connection to mysql db. I followed the method in the manual.
modparam("usrloc", "db_url",
"mysql://root:1234@localhost/opensips?tls_domain=dom1")
Here is the log.
Sep 25 10:14:01 ip-10-100-20-35
Hi Jacky,
I cant think of any workaround unfortunately.
Regards,
--
Vlad Patrascu
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 17.09.2022 18:46, jacky z wrote:
HiĀ Vlad,
Is there any workaround to disable the client cert? Thanks!
On Wed, Sep 14, 2022 at 9:16 PM Vlad
Hi Vlad,
Is there any workaround to disable the client cert? Thanks!
On Wed, Sep 14, 2022 at 9:16 PM Vlad Patrascu wrote:
> Hi Jacky,
>
> OpenSIPS will always require you to configure a client certificate for TLS
> client domains and will also present that certificate when connecting. But
>
Hi Vlad,
In theory, the RDS server is expected to work like what you mentioned.
However, based on test, when the client cert and key is specified, the
connection can't be set.
For example, if we specify the following when we connect to the RDS server
in the command line in our testing
Hi Jacky,
OpenSIPS will always require you to configure a client certificate for
TLS client domains and will also present that certificate when
connecting. But normally, a TLS server can simply choose not to verify
the client certificate. I don't have any experience with AWS RDS though
but
Hi Bogdan-Andrei,
I checked the mariadb documentation and found mariadb has two options to
set ssl connection: two-way TSL and one-way TSL. It seems AWS RDS only
supports one-way TSL, that is, TSL is used without a client cert. Does
OPENSIPS support such one-way TSL to connect a database? Thanks!
Hi Bogdan-Andrei,
I have set the "certificate" and "private_key" in my script, as I explained
in method 1. However, AWS RDS doesn't support a client cert. Please refer to
https://stackoverflow.com/questions/53760104/how-to-configure-x509-client-certificate-based-authentication-to-connect-to-aws
Set the certificate and key you have in the tls_mgm module, for the
"certificate" and "private_key" parameters.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
Hi Bogdan-Andrei,
I tried two methods.
Method 1:
#enabled TLS connection:
modparam("db_mysql", "use_tls", 1)
#setup a client domain:
modparam("tls_mgm", "client_domain", "dom1")
modparam("tls_mgm", "match_ip_address", "[dom1]*")
modparam("tls_mgm", "match_sip_domain", "[dom1]*")
Hi,
sorry for my silly question, but how do you connect from the OpenSIPS
side ??
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 9/13/22 10:41
Hi Team,
We hope to connect to aws RDS database with ssl encryption. We have setup a
client domain according to OPENSIPS documents. However, AWS RDS does not
support client cert as someone has confirmed with AWS
16 matches
Mail list logo