Hi Sergiu, Henning,
I'm seeing the same reported, in both debian 5.2.4 (stock package) and
5.3.2 built from git on ubuntu.
Maybe I'm doing something wrong too, but with 5.3.2 if I reload I see the
expected values in the logs:
*22(21385) INFO: tls [tls_domain.c:315]: ksr_tls_fill_missing():
TLSs<default>: certificate='/usr/local/etc/kamailio/cert.pem'...*
*22(21385) INFO: tls [tls_domain.c:347]: ksr_tls_fill_missing():
TLSs<default>: private_key='/usr/local/etc/kamailio/key.pem'*
but tls.options says:
root@8cc87e7f3c98:/# kamcmd tls.options
*{...*
*private_key: /usr/local/etc/kamailio/cert.pem... certificate:
/usr/local/etc/kamailio/cert.pem*
root@8cc87e7f3c98:/# kamcmd core.version
kamailio 5.3.2 (x86_64/linux) ee9cd2
Even adding something like this in tls_rpc.c:
*str priv_key;priv_key = cfg_get(tls, tls_cfg,
private_key);WARN("TLS_OPTIONS <---------- private key:[%.*s]\n",
priv_key.len, priv_key.s);*
shows the wrong value:
*22(21591) WARNING: tls [tls_rpc.c:226]: tls_options(): TLS_OPTIONS
<---------- private key:[/usr/local/etc/kamailio/cert.pem]*
tls.cfg is a simple:
root@8cc87e7f3c98:/usr/local/src/kamailio-5.3/kamailio/src/modules/tls# cat
/usr/local/etc/kamailio/tls.cfg
*[server:default]method = TLSv1.2+verify_certificate =
norequire_certificate = noprivate_key =
/usr/local/etc/kamailio/key.pemcertificate =
/usr/local/etc/kamailio/cert.pem#[client:default]verify_certificate =
yesrequire_certificate = yes*
and:
*modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")*
I hope this makes it more obvious.
Cheers,
Giacomo
On Mon, 16 Mar 2020 at 18:57, Henning Westerholt <[email protected]> wrote:
> Hi Sergiu,
>
>
>
> I did not posted it because there is not much to see 😉
>
>
>
> [server:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/kamailio.key
>
> certificate = /etc/kamailio/kamailio.pem
>
> ca_list = /etc/kamailio/ca_list.pem
>
>
>
> [client:default] section is identical.
>
>
>
> Do you use a special distribution? I did the test on Debian.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <[email protected]> *On Behalf Of *Sergiu
> Pojoga
> *Sent:* Monday, March 16, 2020 6:48 PM
> *To:* Kamailio (SER) - Users Mailing List <[email protected]>
> *Subject:* Re: [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi Henning,
>
>
>
> It did reboot Kam, lol.
>
>
>
> You didn't post parts of your custom tls.cfg settings to match with what
> rpc tls.options reports?
>
>
>
> Cheers.
>
>
>
> On Mon, Mar 16, 2020 at 1:34 PM Henning Westerholt <[email protected]> wrote:
>
> Hi Sergio,
>
>
>
> strange, for me it looks ok:
>
>
>
> kamcmd> root@dc-sbc:~# kamcmd |grep kamailio
>
>
>
> root@dc-sbc:~# kamcmd tls.options |grep kamailio
>
> private_key: /etc/kamailio/cert.pem
>
> certificate: /etc/kamailio/cert.pem
>
> session_id: kamailio-tls-5.x.y
>
> config: /etc/kamailio/tls.cfg
>
>
>
> root@dc-sbc:~# kamcmd core.version
>
> kamailio 5.3.2 (x86_64/linux)
>
>
>
> Probably stupid question, maybe the server needs a restart, if you changed
> something etc..?
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
> *From:* sr-users <[email protected]> *On Behalf Of *Sergiu
> Pojoga
> *Sent:* Saturday, March 14, 2020 6:49 PM
> *To:* Kamailio (SER) - Users Mailing List <[email protected]>
> *Subject:* [SR-Users] tls.options RPC reporting default settings
>
>
>
> Hi there,
>
>
>
> Having custom TLS config in tls.cfg, RPC `tls.options` seems to report
> default settings. Bug or intended?
>
>
>
> root@kam:/# kamcmd version
> kamailio 5.3.2 (x86_64/linux) 0bed10
>
> root@kam:/# kamcmd tls.options
> {
> force_run: 0
> method: TLSv1
> verify_certificate: 0
> verify_depth: 9
> require_certificate: 0
> private_key: /usr/local/etc/kamailio/cert.pem
> ca_list:
> certificate: /usr/local/etc/kamailio/cert.pem
> cipher_list:
> session_cache: 0
> session_id: kamailio-tls-5.x.y
> config: /usr/local/etc/kamailio/tls.cfg
> ...
> }
>
> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>
>
> root@kam:/usr/local/etc/kamailio# cat tls.cfg
> [server:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> [client:default]
> method = TLSv1.2+
> verify_certificate = yes
> require_certificate = yes
> private_key = /tmp/privkey.pem
> certificate = /tmp/fullchain.pem
> ca_list = /etc/ssl/certs/ca-certificates.crt
>
> Cheers.
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> [email protected]
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
