Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
Thank you Vlad,
I confirm that I was able to load the certificate using wolfssl by setting the
protocol version to TLSv1.
Regards,
Adrian
> On 12 Aug 2021, at 18:12, Vlad Patrascu wrote:
>
> Hi Adrian,
>
> The wolfSSL implementation does not support a TLS method range, such as
> "TLSv1-", so that could be one of the causes. What seems strange is that
> there is no warning message: "WARNING:tls_wolfssl:tls_get_method: wolfSSL
> does not support method range specification" which should be thrown in such
> cases.
>
> Regards,
>
> --
> Vlad Patrascu
> OpenSIPS Core Developer
> http://www.opensips-solutions.com
>
> On 12.08.2021 20:12, Adrian Georgescu wrote:
>> Hi,
>>
>> I am using the latest 3.2.0 build with the old TLS configuration, with the
>> aim to try out Wolf SSL stack.
>>
>> But while the config check passed, the server does not start with the old
>> configuration:
>>
>> loadmodule “tls_mgm.so"
>> loadmodule “tls_wolfssl.so"
>> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
>> modparam("tls_mgm", "tls_library", "auto”)
>>
>> modparam("tls_mgm", "server_domain","ag-projects-server")
>> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
>> modparam("tls_mgm", "match_sip_domain",
>> "[ag-projects-server]ag-projects.com")
>> modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-")
>> modparam("tls_mgm", "certificate",
>> "[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
>> modparam("tls_mgm", "private_key",
>> "[ag-projects-server]/etc/opensips/tls/ag-projects.key")
>> modparam("tls_mgm", "ca_list",
>> "[ag-projects-server]/etc/opensips/tls/ca-list.pem")
>> modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs")
>> modparam("tls_mgm", "verify_cert", "[ag-projects-server]1")
>> modparam("tls_mgm", "require_cert", "[ag-projects-server]0")
>>
>> modparam("tls_mgm", "client_domain","ag-projects-client")
>> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
>> modparam("tls_mgm", "match_sip_domain",
>> "[ag-projects-client]ag-projects.com")
>> modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-")
>> modparam("tls_mgm", "certificate",
>> "[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
>> modparam("tls_mgm", "private_key",
>> "[ag-projects-client]/etc/opensips/tls/ag-projects.key")
>> modparam("tls_mgm", "ca_list",
>> "[ag-projects-client]/etc/opensips/tls/ca-list.pem")
>> modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs")
>> modparam("tls_mgm", "verify_cert", "[ag-projects-client]1")
>> modparam("tls_mgm", "require_cert", "[ag-projects-client]0”)
>>
>>
>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
>> DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
>> DBG:core:set_mod_param_regex: found in module tls_mgm
>> [/usr/lib/x86_64-linux-gnu/opensips/modules/]
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
>> tls_wolfssl
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
>> tls_openssl
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module
>> tls_openssl, and it was not loaded -- continuing
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:core:solve_module_dependencies: solving dependency proto_tls -> module
>> tls_mgm
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:core:init_mod: initializing module tls_mgm
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> INFO:tls_mgm:mod_init: initializing TLS management
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:tls_mgm:load_info: 0 rows found in tls_mgm
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:tls_mgm:load_info: 0 records found in tls_mgm
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:tls_mgm:init_tls_dom: no DH params file for tls domain
>> 'ag-projects-server' defined, using default '(null)'
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> DBG:tls_mgm:init_tls_dom: cipher list null ... setting default
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain
>> 'ag-projects-server'
>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>> ERROR:core:init_mod:
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
Hi Adrian,
The wolfSSL implementation does not support a TLS method range, such as
"TLSv1-", so that could be one of the causes. What seems strange is that
there is no warning message: "WARNING:tls_wolfssl:tls_get_method:
wolfSSL does not support method range specification" which should be
thrown in such cases.
Regards,
--
Vlad Patrascu
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 12.08.2021 20:12, Adrian Georgescu wrote:
Hi,
I am using the latest 3.2.0 build with the old TLS configuration, with the aim
to try out Wolf SSL stack.
But while the config check passed, the server does not start with the old
configuration:
loadmodule “tls_mgm.so"
loadmodule “tls_wolfssl.so"
modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
modparam("tls_mgm", "tls_library", "auto”)
modparam("tls_mgm", "server_domain","ag-projects-server")
modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
modparam("tls_mgm", "match_sip_domain", "[ag-projects-server]ag-projects.com")
modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-")
modparam("tls_mgm", "certificate",
"[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
modparam("tls_mgm", "private_key",
"[ag-projects-server]/etc/opensips/tls/ag-projects.key")
modparam("tls_mgm", "ca_list",
"[ag-projects-server]/etc/opensips/tls/ca-list.pem")
modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs")
modparam("tls_mgm", "verify_cert", "[ag-projects-server]1")
modparam("tls_mgm", "require_cert", "[ag-projects-server]0")
modparam("tls_mgm", "client_domain","ag-projects-client")
modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
modparam("tls_mgm", "match_sip_domain", "[ag-projects-client]ag-projects.com")
modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-")
modparam("tls_mgm", "certificate",
"[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
modparam("tls_mgm", "private_key",
"[ag-projects-client]/etc/opensips/tls/ag-projects.key")
modparam("tls_mgm", "ca_list",
"[ag-projects-client]/etc/opensips/tls/ca-list.pem")
modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs")
modparam("tls_mgm", "verify_cert", "[ag-projects-client]1")
modparam("tls_mgm", "require_cert", "[ag-projects-client]0”)
Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
DBG:core:set_mod_param_regex: found in module tls_mgm
[/usr/lib/x86_64-linux-gnu/opensips/modules/]
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
tls_wolfssl
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
tls_openssl
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module
tls_openssl, and it was not loaded -- continuing
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:solve_module_dependencies: solving dependency proto_tls -> module
tls_mgm
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:init_mod: initializing module tls_mgm
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
INFO:tls_mgm:mod_init: initializing TLS management
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:tls_mgm:load_info: 0 rows found in tls_mgm
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:tls_mgm:load_info: 0 records found in tls_mgm
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:tls_mgm:init_tls_dom: no DH params file for tls domain 'ag-projects-server'
defined, using default '(null)'
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:tls_mgm:init_tls_dom: cipher list null ... setting default
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'ag-projects-server'
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
ERROR:core:init_mod: failed to initialize module tls_mgm
Any ideas what am I doing wrong?
Adrian
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
I loaded both modules and I just switch between them via the
tls_library parameter and it loads ok:
loadmodule "tls_openssl.so"
loadmodule "tls_wolfssl.so"
loadmodule "tls_mgm.so"
modparam("tls_mgm", "tls_library", "openssl")
# modparam("tls_mgm", "tls_library", "wolfssl")
I did not test with the latest opensips version ...
I also had some issues with the wolfssl library: is_peer_verified()
doesn't seem to work properly. Because of that I'm still using the
openssl library.
-ovidiu
On Thu, Aug 12, 2021 at 3:17 PM Adrian Georgescu wrote:
>
> H Ovidiu,
>
> I set it up explicitly now but I get the same result, I tried different
> domains or combination but any definition fails to load.
>
> Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]:
> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'msteams-server'
> Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:init_mod: failed
> to initialize module tls_mgm
> Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:main: error
> while initializing modules
>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "tls_library", "wolfssl")
>
> Regards,
> Adrian
>
> > On 12 Aug 2021, at 16:03, Ovidiu Sas wrote:
> >
> > Hello Adrian,
> >
> > I managed to use wolfssl by forcing it:
> > modparam("tls_mgm", "tls_library", "wolfssl")
> >
> > I haven't tested the auto mode ...
> >
> > -ovidiu
> >
> > On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu
> > wrote:
> >>
> >> After more digging I discovered that this behaviour does not happen when
> >> loading tls_openssl module.
> >>
> >> tls_openssl loads fine this configuration but tls_wolfssl does not.
> >>
> >>> On 12 Aug 2021, at 14:12, Adrian Georgescu wrote:
> >>>
> >>> Hi,
> >>>
> >>> I am using the latest 3.2.0 build with the old TLS configuration, with
> >>> the aim to try out Wolf SSL stack.
> >>>
> >>> But while the config check passed, the server does not start with the old
> >>> configuration:
> >>>
> >>> loadmodule “tls_mgm.so"
> >>> loadmodule “tls_wolfssl.so"
> >>> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
> >>> modparam("tls_mgm", "tls_library", "auto”)
> >>>
> >>> modparam("tls_mgm", "server_domain","ag-projects-server")
> >>> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
> >>> modparam("tls_mgm", "match_sip_domain",
> >>> "[ag-projects-server]ag-projects.com")
> >>> modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-")
> >>> modparam("tls_mgm", "certificate",
> >>> "[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
> >>> modparam("tls_mgm", "private_key",
> >>> "[ag-projects-server]/etc/opensips/tls/ag-projects.key")
> >>> modparam("tls_mgm", "ca_list",
> >>> "[ag-projects-server]/etc/opensips/tls/ca-list.pem")
> >>> modparam("tls_mgm", "ca_dir",
> >>> "[ag-projects-server]/etc/ssl/certs")
> >>> modparam("tls_mgm", "verify_cert", "[ag-projects-server]1")
> >>> modparam("tls_mgm", "require_cert", "[ag-projects-server]0")
> >>>
> >>> modparam("tls_mgm", "client_domain","ag-projects-client")
> >>> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
> >>> modparam("tls_mgm", "match_sip_domain",
> >>> "[ag-projects-client]ag-projects.com")
> >>> modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-")
> >>> modparam("tls_mgm", "certificate",
> >>> "[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
> >>> modparam("tls_mgm", "private_key",
> >>> "[ag-projects-client]/etc/opensips/tls/ag-projects.key")
> >>> modparam("tls_mgm", "ca_list",
> >>> "[ag-projects-client]/etc/opensips/tls/ca-list.pem")
> >>> modparam("tls_mgm", "ca_dir",
> >>> "[ag-projects-client]/etc/ssl/certs")
> >>> modparam("tls_mgm", "verify_cert", "[ag-projects-client]1")
> >>> modparam("tls_mgm", "require_cert", "[ag-projects-client]0”)
> >>>
> >>>
> >>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
> >>> DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
> >>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
> >>> DBG:core:set_mod_param_regex: found in module tls_mgm
> >>> [/usr/lib/x86_64-linux-gnu/opensips/modules/]
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> >>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
> >>> tls_wolfssl
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> >>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
> >>> tls_openssl
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> >>> DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module
> >>> tls_openssl, and it was not loaded -- continuing
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> >>> DBG:core:solve_module_dependencies: solving dependency proto_tls ->
> >>> module tls_mgm
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> >>>
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
On 12.08.2021 22:17, Adrian Georgescu wrote: I set it up explicitly now but I get the same result, I tried different domains or combination but any definition fails to load. Hi gents, IIRC (Vlad: please correct me if I'm wrong), this initial version of the tls_wolfssl module does not have full feature parity with tls_openssl, as it is currently only equipped to provide TLS communication for modules such as proto_tls and proto_wss. So when it comes to configuring domains via tls_mgm on top of tls_wolfssl, the module MAY lack the required API function implementations, hence the errors you are getting. PS: there seem to be some hints about the above in the module docs [1] as well. [1]: https://opensips.org/docs/modules/3.2.x/tls_wolfssl.html#overview Cheers, -- Liviu Chircu www.twitter.com/liviuchircu | www.opensips-solutions.com OpenSIPS Summit 2021 Distributed | www.opensips.org/events ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
H Ovidiu,
I set it up explicitly now but I get the same result, I tried different domains
or combination but any definition fails to load.
Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]:
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'msteams-server'
Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:init_mod: failed
to initialize module tls_mgm
Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:main: error while
initializing modules
loadmodule "tls_mgm.so"
modparam("tls_mgm", "tls_library", "wolfssl")
Regards,
Adrian
> On 12 Aug 2021, at 16:03, Ovidiu Sas wrote:
>
> Hello Adrian,
>
> I managed to use wolfssl by forcing it:
> modparam("tls_mgm", "tls_library", "wolfssl")
>
> I haven't tested the auto mode ...
>
> -ovidiu
>
> On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu wrote:
>>
>> After more digging I discovered that this behaviour does not happen when
>> loading tls_openssl module.
>>
>> tls_openssl loads fine this configuration but tls_wolfssl does not.
>>
>>> On 12 Aug 2021, at 14:12, Adrian Georgescu wrote:
>>>
>>> Hi,
>>>
>>> I am using the latest 3.2.0 build with the old TLS configuration, with the
>>> aim to try out Wolf SSL stack.
>>>
>>> But while the config check passed, the server does not start with the old
>>> configuration:
>>>
>>> loadmodule “tls_mgm.so"
>>> loadmodule “tls_wolfssl.so"
>>> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
>>> modparam("tls_mgm", "tls_library", "auto”)
>>>
>>> modparam("tls_mgm", "server_domain","ag-projects-server")
>>> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
>>> modparam("tls_mgm", "match_sip_domain",
>>> "[ag-projects-server]ag-projects.com")
>>> modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-")
>>> modparam("tls_mgm", "certificate",
>>> "[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
>>> modparam("tls_mgm", "private_key",
>>> "[ag-projects-server]/etc/opensips/tls/ag-projects.key")
>>> modparam("tls_mgm", "ca_list",
>>> "[ag-projects-server]/etc/opensips/tls/ca-list.pem")
>>> modparam("tls_mgm", "ca_dir",
>>> "[ag-projects-server]/etc/ssl/certs")
>>> modparam("tls_mgm", "verify_cert", "[ag-projects-server]1")
>>> modparam("tls_mgm", "require_cert", "[ag-projects-server]0")
>>>
>>> modparam("tls_mgm", "client_domain","ag-projects-client")
>>> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
>>> modparam("tls_mgm", "match_sip_domain",
>>> "[ag-projects-client]ag-projects.com")
>>> modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-")
>>> modparam("tls_mgm", "certificate",
>>> "[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
>>> modparam("tls_mgm", "private_key",
>>> "[ag-projects-client]/etc/opensips/tls/ag-projects.key")
>>> modparam("tls_mgm", "ca_list",
>>> "[ag-projects-client]/etc/opensips/tls/ca-list.pem")
>>> modparam("tls_mgm", "ca_dir",
>>> "[ag-projects-client]/etc/ssl/certs")
>>> modparam("tls_mgm", "verify_cert", "[ag-projects-client]1")
>>> modparam("tls_mgm", "require_cert", "[ag-projects-client]0”)
>>>
>>>
>>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
>>> DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
>>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
>>> DBG:core:set_mod_param_regex: found in module tls_mgm
>>> [/usr/lib/x86_64-linux-gnu/opensips/modules/]
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
>>> tls_wolfssl
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
>>> tls_openssl
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module
>>> tls_openssl, and it was not loaded -- continuing
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> DBG:core:solve_module_dependencies: solving dependency proto_tls -> module
>>> tls_mgm
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> DBG:core:init_mod: initializing module tls_mgm
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> INFO:tls_mgm:mod_init: initializing TLS management
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> DBG:tls_mgm:load_info: 0 rows found in tls_mgm
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> DBG:tls_mgm:load_info: 0 records found in tls_mgm
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
>>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
>>> DBG:tls_mgm:init_tls_dom: no DH params file for tls domain
>>> 'ag-projects-server' defined, using default '(null)'
>>>
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
Hello Adrian,
I managed to use wolfssl by forcing it:
modparam("tls_mgm", "tls_library", "wolfssl")
I haven't tested the auto mode ...
-ovidiu
On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu wrote:
>
> After more digging I discovered that this behaviour does not happen when
> loading tls_openssl module.
>
> tls_openssl loads fine this configuration but tls_wolfssl does not.
>
> > On 12 Aug 2021, at 14:12, Adrian Georgescu wrote:
> >
> > Hi,
> >
> > I am using the latest 3.2.0 build with the old TLS configuration, with the
> > aim to try out Wolf SSL stack.
> >
> > But while the config check passed, the server does not start with the old
> > configuration:
> >
> > loadmodule “tls_mgm.so"
> > loadmodule “tls_wolfssl.so"
> > modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
> > modparam("tls_mgm", "tls_library", "auto”)
> >
> > modparam("tls_mgm", "server_domain","ag-projects-server")
> > modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
> > modparam("tls_mgm", "match_sip_domain",
> > "[ag-projects-server]ag-projects.com")
> > modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-")
> > modparam("tls_mgm", "certificate",
> > "[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
> > modparam("tls_mgm", "private_key",
> > "[ag-projects-server]/etc/opensips/tls/ag-projects.key")
> > modparam("tls_mgm", "ca_list",
> > "[ag-projects-server]/etc/opensips/tls/ca-list.pem")
> > modparam("tls_mgm", "ca_dir",
> > "[ag-projects-server]/etc/ssl/certs")
> > modparam("tls_mgm", "verify_cert", "[ag-projects-server]1")
> > modparam("tls_mgm", "require_cert", "[ag-projects-server]0")
> >
> > modparam("tls_mgm", "client_domain","ag-projects-client")
> > modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
> > modparam("tls_mgm", "match_sip_domain",
> > "[ag-projects-client]ag-projects.com")
> > modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-")
> > modparam("tls_mgm", "certificate",
> > "[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
> > modparam("tls_mgm", "private_key",
> > "[ag-projects-client]/etc/opensips/tls/ag-projects.key")
> > modparam("tls_mgm", "ca_list",
> > "[ag-projects-client]/etc/opensips/tls/ca-list.pem")
> > modparam("tls_mgm", "ca_dir",
> > "[ag-projects-client]/etc/ssl/certs")
> > modparam("tls_mgm", "verify_cert", "[ag-projects-client]1")
> > modparam("tls_mgm", "require_cert", "[ag-projects-client]0”)
> >
> >
> > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
> > DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
> > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
> > DBG:core:set_mod_param_regex: found in module tls_mgm
> > [/usr/lib/x86_64-linux-gnu/opensips/modules/]
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
> > tls_wolfssl
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
> > tls_openssl
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module
> > tls_openssl, and it was not loaded -- continuing
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:solve_module_dependencies: solving dependency proto_tls -> module
> > tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:core:init_mod: initializing module tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > INFO:tls_mgm:mod_init: initializing TLS management
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:tls_mgm:load_info: 0 rows found in tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:tls_mgm:load_info: 0 records found in tls_mgm
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:tls_mgm:init_tls_dom: no DH params file for tls domain
> > 'ag-projects-server' defined, using default '(null)'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > DBG:tls_mgm:init_tls_dom: cipher list null ... setting default
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain
> > 'ag-projects-server'
> > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> > ERROR:core:init_mod: failed to initialize module tls_mgm
> >
> > Any ideas what am I doing wrong?
> >
> > Adrian
> >
> >
>
>
>
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
This line looks suspicious as I have not loaded or specified anywhere tls_openssl. Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module tls_openssl, and it was not loaded — continuing Adrian > On 12 Aug 2021, at 14:12, Adrian Georgescu wrote: > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module > tls_openssl, and it was not loaded -- continuing ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
After more digging I discovered that this behaviour does not happen when
loading tls_openssl module.
tls_openssl loads fine this configuration but tls_wolfssl does not.
> On 12 Aug 2021, at 14:12, Adrian Georgescu wrote:
>
> Hi,
>
> I am using the latest 3.2.0 build with the old TLS configuration, with the
> aim to try out Wolf SSL stack.
>
> But while the config check passed, the server does not start with the old
> configuration:
>
> loadmodule “tls_mgm.so"
> loadmodule “tls_wolfssl.so"
> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
> modparam("tls_mgm", "tls_library", "auto”)
>
> modparam("tls_mgm", "server_domain","ag-projects-server")
> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
> modparam("tls_mgm", "match_sip_domain", "[ag-projects-server]ag-projects.com")
> modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-")
> modparam("tls_mgm", "certificate",
> "[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
> modparam("tls_mgm", "private_key",
> "[ag-projects-server]/etc/opensips/tls/ag-projects.key")
> modparam("tls_mgm", "ca_list",
> "[ag-projects-server]/etc/opensips/tls/ca-list.pem")
> modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs")
> modparam("tls_mgm", "verify_cert", "[ag-projects-server]1")
> modparam("tls_mgm", "require_cert", "[ag-projects-server]0")
>
> modparam("tls_mgm", "client_domain","ag-projects-client")
> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
> modparam("tls_mgm", "match_sip_domain", "[ag-projects-client]ag-projects.com")
> modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-")
> modparam("tls_mgm", "certificate",
> "[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
> modparam("tls_mgm", "private_key",
> "[ag-projects-client]/etc/opensips/tls/ag-projects.key")
> modparam("tls_mgm", "ca_list",
> "[ag-projects-client]/etc/opensips/tls/ca-list.pem")
> modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs")
> modparam("tls_mgm", "verify_cert", "[ag-projects-client]1")
> modparam("tls_mgm", "require_cert", "[ag-projects-client]0”)
>
>
> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
> DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
> DBG:core:set_mod_param_regex: found in module tls_mgm
> [/usr/lib/x86_64-linux-gnu/opensips/modules/]
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
> tls_wolfssl
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
> tls_openssl
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module
> tls_openssl, and it was not loaded -- continuing
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:core:solve_module_dependencies: solving dependency proto_tls -> module
> tls_mgm
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:core:init_mod: initializing module tls_mgm
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> INFO:tls_mgm:mod_init: initializing TLS management
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:tls_mgm:load_info: 0 rows found in tls_mgm
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:tls_mgm:load_info: 0 records found in tls_mgm
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:tls_mgm:init_tls_dom: no DH params file for tls domain
> 'ag-projects-server' defined, using default '(null)'
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> DBG:tls_mgm:init_tls_dom: cipher list null ... setting default
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'ag-projects-server'
> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
> ERROR:core:init_mod: failed to initialize module tls_mgm
>
> Any ideas what am I doing wrong?
>
> Adrian
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
Hi,
I am using the latest 3.2.0 build with the old TLS configuration, with the aim
to try out Wolf SSL stack.
But while the config check passed, the server does not start with the old
configuration:
loadmodule “tls_mgm.so"
loadmodule “tls_wolfssl.so"
modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
modparam("tls_mgm", "tls_library", "auto”)
modparam("tls_mgm", "server_domain","ag-projects-server")
modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
modparam("tls_mgm", "match_sip_domain", "[ag-projects-server]ag-projects.com")
modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-")
modparam("tls_mgm", "certificate",
"[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
modparam("tls_mgm", "private_key",
"[ag-projects-server]/etc/opensips/tls/ag-projects.key")
modparam("tls_mgm", "ca_list",
"[ag-projects-server]/etc/opensips/tls/ca-list.pem")
modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs")
modparam("tls_mgm", "verify_cert", "[ag-projects-server]1")
modparam("tls_mgm", "require_cert", "[ag-projects-server]0")
modparam("tls_mgm", "client_domain","ag-projects-client")
modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
modparam("tls_mgm", "match_sip_domain", "[ag-projects-client]ag-projects.com")
modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-")
modparam("tls_mgm", "certificate",
"[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
modparam("tls_mgm", "private_key",
"[ag-projects-client]/etc/opensips/tls/ag-projects.key")
modparam("tls_mgm", "ca_list",
"[ag-projects-client]/etc/opensips/tls/ca-list.pem")
modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs")
modparam("tls_mgm", "verify_cert", "[ag-projects-client]1")
modparam("tls_mgm", "require_cert", "[ag-projects-client]0”)
Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455]
DBG:core:set_mod_param_regex: found in module tls_mgm
[/usr/lib/x86_64-linux-gnu/opensips/modules/]
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
tls_wolfssl
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module
tls_openssl
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module
tls_openssl, and it was not loaded -- continuing
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:solve_module_dependencies: solving dependency proto_tls -> module
tls_mgm
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:core:init_mod: initializing module tls_mgm
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
INFO:tls_mgm:mod_init: initializing TLS management
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:tls_mgm:load_info: 0 rows found in tls_mgm
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:tls_mgm:load_info: 0 records found in tls_mgm
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:tls_mgm:init_tls_dom: no DH params file for tls domain 'ag-projects-server'
defined, using default '(null)'
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
DBG:tls_mgm:init_tls_dom: cipher list null ... setting default
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'ag-projects-server'
Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455]
ERROR:core:init_mod: failed to initialize module tls_mgm
Any ideas what am I doing wrong?
Adrian
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
