Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration

Ovidiu Sas Thu, 12 Aug 2021 12:05:45 -0700

Hello Adrian,

I managed to use wolfssl by forcing it:
  modparam("tls_mgm", "tls_library", "wolfssl")


I haven't tested the auto mode ...

-ovidiu

On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu <a...@ag-projects.com> wrote:
>
> After more digging I discovered that this behaviour does not happen when 
> loading tls_openssl module.
>
> tls_openssl loads fine this configuration but tls_wolfssl does not.
>
> > On 12 Aug 2021, at 14:12, Adrian Georgescu <a...@ag-projects.com> wrote:
> >
> > Hi,
> >
> > I am using the latest 3.2.0 build with the old TLS configuration, with the 
> > aim to try out Wolf SSL stack.
> >
> > But while the config check passed, the server does not start with the old 
> > configuration:
> >
> > loadmodule “tls_mgm.so"
> > loadmodule “tls_wolfssl.so"
> > modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
> > modparam("tls_mgm", "tls_library", "auto”)
> >
> > modparam("tls_mgm", "server_domain",    "ag-projects-server")
> > modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
> > modparam("tls_mgm", "match_sip_domain", 
> > "[ag-projects-server]ag-projects.com")
> > modparam("tls_mgm", "tls_method",       "[ag-projects-server]TLSv1-")
> > modparam("tls_mgm", "certificate",      
> > "[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
> > modparam("tls_mgm", "private_key",      
> > "[ag-projects-server]/etc/opensips/tls/ag-projects.key")
> > modparam("tls_mgm", "ca_list",          
> > "[ag-projects-server]/etc/opensips/tls/ca-list.pem")
> > modparam("tls_mgm", "ca_dir",           
> > "[ag-projects-server]/etc/ssl/certs")
> > modparam("tls_mgm", "verify_cert",      "[ag-projects-server]1")
> > modparam("tls_mgm", "require_cert",     "[ag-projects-server]0")
> >
> > modparam("tls_mgm", "client_domain",    "ag-projects-client")
> > modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
> > modparam("tls_mgm", "match_sip_domain", 
> > "[ag-projects-client]ag-projects.com")
> > modparam("tls_mgm", "tls_method",       "[ag-projects-client]TLSv1-")
> > modparam("tls_mgm", "certificate",      
> > "[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
> > modparam("tls_mgm", "private_key",      
> > "[ag-projects-client]/etc/opensips/tls/ag-projects.key")
> > modparam("tls_mgm", "ca_list",          
> > "[ag-projects-client]/etc/opensips/tls/ca-list.pem")
> > modparam("tls_mgm", "ca_dir",           
> > "[ag-projects-client]/etc/ssl/certs")
> > modparam("tls_mgm", "verify_cert",      "[ag-projects-client]1")
> > modparam("tls_mgm", "require_cert",     "[ag-projects-client]0”)
> >
> >
> > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] 
> > DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
> > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] 
> > DBG:core:set_mod_param_regex: found <require_cert> in module tls_mgm 
> > [/usr/lib/x86_64-linux-gnu/opensips/modules/]
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module 
> > tls_wolfssl
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module 
> > tls_openssl
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module 
> > tls_openssl, and it was not loaded -- continuing
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:core:solve_module_dependencies: solving dependency proto_tls -> module 
> > tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:core:init_mod: initializing module tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > INFO:tls_mgm:mod_init: initializing TLS management
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:tls_mgm:load_info: 0 rows found in tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:tls_mgm:load_info: 0 records found in tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:tls_mgm:init_tls_dom: no DH params file for tls domain 
> > 'ag-projects-server' defined, using default '(null)'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > DBG:tls_mgm:init_tls_dom: cipher list null ... setting default
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 
> > 'ag-projects-server'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] 
> > ERROR:core:init_mod: failed to initialize module tls_mgm
> >
> > Any ideas what am I doing wrong?
> >
> > Adrian
> >
> >
>
>
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



-- 
VoIP Embedded, Inc.
http://www.voipembedded.com

_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration

Reply via email to