Having pulled the lates 3.0-devel version, I have the following error when trying to compile proto-tls
../tls_mgm/tls_conn_ops.h:118:29: error: dereferencing pointer to incomplete type 'SSL {aka struct ssl_st}' if ( ((SSL *)c->extra_data)->kssl_ctx ) { Can you please correct ? From: Users <users-boun...@lists.opensips.org> On Behalf Of Vlad Patrascu Sent: Thursday, March 7, 2019 11:46 AM To: users@lists.opensips.org Subject: Re: [OpenSIPS-Users] opensips 2.4.4: bug in tls_mgm Hi Johan, The issue is probably caused by the fact that OpenSIPS tries to initialize a 'default' client and server domain and the certificate file is inexistent at the default path ('/usr/local/opensips//etc/opensips/tls/cert.pem'). So even if you define your "sv_dom" custom server domain, OpenSIPS still tries to create default domains for fallback purposes. When you omit the '[sv_dom]' prefix for the domain settings in your second test, you overwrite the default ones (with a valid path for the certificate this time). In conclusion, either specify your custom domain _and_ default domains separately (set the modparams multiple times) or make sure the certificate is found at the default path. Also, note that it's not necessary to define a custom server domain if you only intend to use a single one, as the default will match any socket. Regards, Vlad Patrascu OpenSIPS Developer http://www.opensips-solutions.com On 02/17/2019 01:35 PM, johan de clercq wrote: Hi, I believe that I have found a bug in tls_mgm: Using opensips default certificates: /usr/local/opensips/etc/opensips/tls# ls -lu total 24 -rw-r--r-- 1 root staff 2049 Feb 17 12:13 ca.conf -rw-r--r-- 1 root staff 1048 Feb 17 12:13 README -rw-r--r-- 1 root staff 1127 Feb 17 12:13 request.conf drwxr-sr-x 4 root staff 4096 Feb 17 12:16 rootCA drwxr-sr-x 2 root staff 4096 Feb 17 12:13 user -rw-r--r-- 1 root staff 591 Feb 17 12:13 user.conf /usr/local/opensips/etc/opensips/tls/rootCA# ls cacert.pem certs index.txt private serial Tls params: loadmodule "tls_mgm.so" modparam("tls_mgm", "server_domain", "sv_dom=5.135.140.139:5061") modparam("tls_mgm", "require_cert", "[sv_dom]0") modparam("tls_mgm", "verify_cert", "[sv_dom]0") modparam("tls_mgm", "tls_method", "[sv_dom]SSLv23") modparam("tls_mgm", "certificate", "[sv_dom]/usr/local/opensips/etc/opensips/tls/rootCA/cacert.pem") modparam("tls_mgm", "private_key", "[sv_dom]/usr/local/opensips/etc/opensips/tls/rootCA/private/cakey.pem") modparam("tls_mgm", "ca_list", "[sv_dom]/usr/local/opensips/etc/opensips/tls/rootCA/cacert.pem") #### PROTO_TLS module loadmodule "proto_tls.so" modparam("proto_tls", "trace_destination", "hep_dest") modparam("proto_tls", "trace_on", 1) I removed the passphrase: mv etc/tls/rootCA/private/cakey.pem etc/tls/rootCA/private/cakey.pem.protected openssl rsa -in etc/tls/rootCA/private/cakey.pem.protected -out etc/tls/rootCA/private/cakey.pem and then tried to run opensips from cmdline : ./opensips -f /usr/local/opensips/etc/opensips/opensips.cfg syslog output: Feb 17 12:22:01 ns3012072 ./opensips[28673]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/usr/local/opensips//etc/opensips/tls/cert.pem' Feb 17 12:22:01 ns3012072 ./opensips[28673]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default' Feb 17 12:22:01 ns3012072 ./opensips[28673]: ERROR:core:init_mod: failed to initialize module tls_mgm Feb 17 12:22:01 ns3012072 ./opensips[28673]: ERROR:core:main: error while initializing modules Feb 17 12:22:01 ns3012072 ./opensips[28673]: CRITICAL:core:sig_usr: segfault in attendant (starter) process! Feb 17 12:22:01 ns3012072 kernel: [ 4024.678398] opensips[28673]: segfault at 7fcb76dbf850 ip 00007fcb76546f69 sp 00007ffe803ac150 error 4 in libcrypto.so.1.1[7fcb763df000+265000] Next I tried with: loadmodule "tls_mgm.so" #modparam("tls_mgm", "server_domain", "sv_dom=5.135.140.139:5061") modparam("tls_mgm", "require_cert", "0") modparam("tls_mgm", "verify_cert", "0") modparam("tls_mgm", "tls_method", "SSLv23") modparam("tls_mgm", "certificate", "/usr/local/opensips/etc/opensips/tls/rootCA/cacert.pem") modparam("tls_mgm", "private_key", "/usr/local/opensips/etc/opensips/tls/rootCA/private/cakey.pem") modparam("tls_mgm", "ca_list", "/usr/local/opensips/etc/opensips/tls/rootCA/cacert.pem") #### PROTO_TLS module loadmodule "proto_tls.so" modparam("proto_tls", "trace_destination", "hep_dest") modparam("proto_tls", "trace_on", 1) and then opensips starts. Can you please explain what I am doing wrong ? Johan De Clercq, Managing Director Democon bvba - Ooigemstraat 41 - 8780 Oostrozebeke Tel +3256980990 - GSM +32478720104 _______________________________________________ Users mailing list Users@lists.opensips.org <mailto:Users@lists.opensips.org> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users