Hello Adrian,
I managed to use wolfssl by forcing it:
modparam("tls_mgm", "tls_library", "wolfssl")
I haven't tested the auto mode ...
-ovidiu
On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu <[email protected]> wrote:
>
> After more digging I discovered that this behaviour does not happen when
> loading tls_openssl module.
>
> tls_openssl loads fine this configuration but tls_wolfssl does not.
>
> > On 12 Aug 2021, at 14:12, Adrian Georgescu <[email protected]> wrote:
> >
> > Hi,
> >
> > I am using the latest 3.2.0 build with the old TLS configuration, with the
> > aim to try out Wolf SSL stack.
> >
> > But while the config check passed, the server does not start with the old
> > configuration:
> >
> > loadmodule “tls_mgm.so"
> > loadmodule “tls_wolfssl.so"
> > modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
> > modparam("tls_mgm", "tls_library", "auto”)
> >
> > modparam("tls_mgm", "server_domain", "ag-projects-server")
> > modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
> > modparam("tls_mgm", "match_sip_domain",
> > "[ag-projects-server]ag-projects.com")
> > modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-")
> > modparam("tls_mgm", "certificate",
> > "[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
> > modparam("tls_mgm", "private_key",
> > "[ag-projects-server]/etc/opensips/tls/ag-projects.key")
> > modparam("tls_mgm", "ca_list",
> > "[ag-projects-server]/etc/opensips/tls/ca-list.pem")
> > modparam("tls_mgm", "ca_dir",
> > "[ag-projects-server]/etc/ssl/certs")
> > modparam("tls_mgm", "verify_cert", "[ag-projects-server]1")
> > modparam("tls_mgm", "require_cert", "[ag-projects-server]0")
> >
> > modparam("tls_mgm", "client_domain", "ag-projects-client")
> > modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
> > modparam("tls_mgm", "match_sip_domain",
> > "[ag-projects-client]ag-projects.com")
> > modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-")
> > modparam("tls_mgm", "certificate",
> > "[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
> > modparam("tls_mgm", "private_key",
> > "[ag-projects-client]/etc/opensips/tls/ag-projects.key")
> > modparam("tls_mgm", "ca_list",
> > "[ag-projects-client]/etc/opensips/tls/ca-list.pem")
> > modparam("tls_mgm", "ca_dir",
> > "[ag-projects-client]/etc/ssl/certs")
> > modparam("tls_mgm", "verify_cert", "[ag-projects-client]1")
> > modparam("tls_mgm", "require_cert", "[ag-projects-client]0”)
> >
> >
> > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
> > DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
> > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
> > DBG:core:set_mod_param_regex: found <require_cert> in module tls_mgm
> > [/usr/lib/x86_64-linux-gnu/opensips/modules/]
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
> > tls_wolfssl
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
> > tls_openssl
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module
> > tls_openssl, and it was not loaded -- continuing
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:solve_module_dependencies: solving dependency proto_tls -> module
> > tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:init_mod: initializing module tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > INFO:tls_mgm:mod_init: initializing TLS management
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:tls_mgm:load_info: 0 rows found in tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:tls_mgm:load_info: 0 records found in tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:tls_mgm:init_tls_dom: no DH params file for tls domain
> > 'ag-projects-server' defined, using default '(null)'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:tls_mgm:init_tls_dom: cipher list null ... setting default
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain
> > 'ag-projects-server'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > ERROR:core:init_mod: failed to initialize module tls_mgm
> >
> > Any ideas what am I doing wrong?
> >
> > Adrian
> >
> >
>
>
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
VoIP Embedded, Inc.
http://www.voipembedded.com
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
