Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
Thank you Vlad, I confirm that I was able to load the certificate using wolfssl by setting the protocol version to TLSv1. Regards, Adrian > On 12 Aug 2021, at 18:12, Vlad Patrascu wrote: > > Hi Adrian, > > The wolfSSL implementation does not support a TLS method range, such as > "TLSv1-", so that could be one of the causes. What seems strange is that > there is no warning message: "WARNING:tls_wolfssl:tls_get_method: wolfSSL > does not support method range specification" which should be thrown in such > cases. > > Regards, > > -- > Vlad Patrascu > OpenSIPS Core Developer > http://www.opensips-solutions.com > > On 12.08.2021 20:12, Adrian Georgescu wrote: >> Hi, >> >> I am using the latest 3.2.0 build with the old TLS configuration, with the >> aim to try out Wolf SSL stack. >> >> But while the config check passed, the server does not start with the old >> configuration: >> >> loadmodule “tls_mgm.so" >> loadmodule “tls_wolfssl.so" >> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain") >> modparam("tls_mgm", "tls_library", "auto”) >> >> modparam("tls_mgm", "server_domain","ag-projects-server") >> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*") >> modparam("tls_mgm", "match_sip_domain", >> "[ag-projects-server]ag-projects.com") >> modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-") >> modparam("tls_mgm", "certificate", >> "[ag-projects-server]/etc/opensips/tls/ag-projects.crt") >> modparam("tls_mgm", "private_key", >> "[ag-projects-server]/etc/opensips/tls/ag-projects.key") >> modparam("tls_mgm", "ca_list", >> "[ag-projects-server]/etc/opensips/tls/ca-list.pem") >> modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs") >> modparam("tls_mgm", "verify_cert", "[ag-projects-server]1") >> modparam("tls_mgm", "require_cert", "[ag-projects-server]0") >> >> modparam("tls_mgm", "client_domain","ag-projects-client") >> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*") >> modparam("tls_mgm", "match_sip_domain", >> "[ag-projects-client]ag-projects.com") >> modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-") >> modparam("tls_mgm", "certificate", >> "[ag-projects-client]/etc/opensips/tls/ag-projects.crt") >> modparam("tls_mgm", "private_key", >> "[ag-projects-client]/etc/opensips/tls/ag-projects.key") >> modparam("tls_mgm", "ca_list", >> "[ag-projects-client]/etc/opensips/tls/ca-list.pem") >> modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs") >> modparam("tls_mgm", "verify_cert", "[ag-projects-client]1") >> modparam("tls_mgm", "require_cert", "[ag-projects-client]0”) >> >> >> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] >> DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm >> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] >> DBG:core:set_mod_param_regex: found in module tls_mgm >> [/usr/lib/x86_64-linux-gnu/opensips/modules/] >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module >> tls_wolfssl >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module >> tls_openssl >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module >> tls_openssl, and it was not loaded -- continuing >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:solve_module_dependencies: solving dependency proto_tls -> module >> tls_mgm >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:init_mod: initializing module tls_mgm >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> INFO:tls_mgm:mod_init: initializing TLS management >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:tls_mgm:load_info: 0 rows found in tls_mgm >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:tls_mgm:load_info: 0 records found in tls_mgm >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server' >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:tls_mgm:init_tls_dom: no DH params file for tls domain >> 'ag-projects-server' defined, using default '(null)' >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:tls_mgm:init_tls_dom: cipher list null ... setting default >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain >> 'ag-projects-server' >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> ERROR:core:init_mod:
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
Hi Adrian, The wolfSSL implementation does not support a TLS method range, such as "TLSv1-", so that could be one of the causes. What seems strange is that there is no warning message: "WARNING:tls_wolfssl:tls_get_method: wolfSSL does not support method range specification" which should be thrown in such cases. Regards, -- Vlad Patrascu OpenSIPS Core Developer http://www.opensips-solutions.com On 12.08.2021 20:12, Adrian Georgescu wrote: Hi, I am using the latest 3.2.0 build with the old TLS configuration, with the aim to try out Wolf SSL stack. But while the config check passed, the server does not start with the old configuration: loadmodule “tls_mgm.so" loadmodule “tls_wolfssl.so" modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain") modparam("tls_mgm", "tls_library", "auto”) modparam("tls_mgm", "server_domain","ag-projects-server") modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*") modparam("tls_mgm", "match_sip_domain", "[ag-projects-server]ag-projects.com") modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-") modparam("tls_mgm", "certificate", "[ag-projects-server]/etc/opensips/tls/ag-projects.crt") modparam("tls_mgm", "private_key", "[ag-projects-server]/etc/opensips/tls/ag-projects.key") modparam("tls_mgm", "ca_list", "[ag-projects-server]/etc/opensips/tls/ca-list.pem") modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs") modparam("tls_mgm", "verify_cert", "[ag-projects-server]1") modparam("tls_mgm", "require_cert", "[ag-projects-server]0") modparam("tls_mgm", "client_domain","ag-projects-client") modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*") modparam("tls_mgm", "match_sip_domain", "[ag-projects-client]ag-projects.com") modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-") modparam("tls_mgm", "certificate", "[ag-projects-client]/etc/opensips/tls/ag-projects.crt") modparam("tls_mgm", "private_key", "[ag-projects-client]/etc/opensips/tls/ag-projects.key") modparam("tls_mgm", "ca_list", "[ag-projects-client]/etc/opensips/tls/ca-list.pem") modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs") modparam("tls_mgm", "verify_cert", "[ag-projects-client]1") modparam("tls_mgm", "require_cert", "[ag-projects-client]0”) Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] DBG:core:set_mod_param_regex: found in module tls_mgm [/usr/lib/x86_64-linux-gnu/opensips/modules/] Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module tls_wolfssl Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module tls_openssl Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module tls_openssl, and it was not loaded -- continuing Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency proto_tls -> module tls_mgm Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:init_mod: initializing module tls_mgm Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] INFO:tls_mgm:mod_init: initializing TLS management Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:load_info: 0 rows found in tls_mgm Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:load_info: 0 records found in tls_mgm Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server' Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:init_tls_dom: no DH params file for tls domain 'ag-projects-server' defined, using default '(null)' Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:init_tls_dom: cipher list null ... setting default Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'ag-projects-server' Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] ERROR:core:init_mod: failed to initialize module tls_mgm Any ideas what am I doing wrong? Adrian ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
I loaded both modules and I just switch between them via the tls_library parameter and it loads ok: loadmodule "tls_openssl.so" loadmodule "tls_wolfssl.so" loadmodule "tls_mgm.so" modparam("tls_mgm", "tls_library", "openssl") # modparam("tls_mgm", "tls_library", "wolfssl") I did not test with the latest opensips version ... I also had some issues with the wolfssl library: is_peer_verified() doesn't seem to work properly. Because of that I'm still using the openssl library. -ovidiu On Thu, Aug 12, 2021 at 3:17 PM Adrian Georgescu wrote: > > H Ovidiu, > > I set it up explicitly now but I get the same result, I tried different > domains or combination but any definition fails to load. > > Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'msteams-server' > Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:init_mod: failed > to initialize module tls_mgm > Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:main: error > while initializing modules > > loadmodule "tls_mgm.so" > modparam("tls_mgm", "tls_library", "wolfssl") > > Regards, > Adrian > > > On 12 Aug 2021, at 16:03, Ovidiu Sas wrote: > > > > Hello Adrian, > > > > I managed to use wolfssl by forcing it: > > modparam("tls_mgm", "tls_library", "wolfssl") > > > > I haven't tested the auto mode ... > > > > -ovidiu > > > > On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu > > wrote: > >> > >> After more digging I discovered that this behaviour does not happen when > >> loading tls_openssl module. > >> > >> tls_openssl loads fine this configuration but tls_wolfssl does not. > >> > >>> On 12 Aug 2021, at 14:12, Adrian Georgescu wrote: > >>> > >>> Hi, > >>> > >>> I am using the latest 3.2.0 build with the old TLS configuration, with > >>> the aim to try out Wolf SSL stack. > >>> > >>> But while the config check passed, the server does not start with the old > >>> configuration: > >>> > >>> loadmodule “tls_mgm.so" > >>> loadmodule “tls_wolfssl.so" > >>> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain") > >>> modparam("tls_mgm", "tls_library", "auto”) > >>> > >>> modparam("tls_mgm", "server_domain","ag-projects-server") > >>> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*") > >>> modparam("tls_mgm", "match_sip_domain", > >>> "[ag-projects-server]ag-projects.com") > >>> modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-") > >>> modparam("tls_mgm", "certificate", > >>> "[ag-projects-server]/etc/opensips/tls/ag-projects.crt") > >>> modparam("tls_mgm", "private_key", > >>> "[ag-projects-server]/etc/opensips/tls/ag-projects.key") > >>> modparam("tls_mgm", "ca_list", > >>> "[ag-projects-server]/etc/opensips/tls/ca-list.pem") > >>> modparam("tls_mgm", "ca_dir", > >>> "[ag-projects-server]/etc/ssl/certs") > >>> modparam("tls_mgm", "verify_cert", "[ag-projects-server]1") > >>> modparam("tls_mgm", "require_cert", "[ag-projects-server]0") > >>> > >>> modparam("tls_mgm", "client_domain","ag-projects-client") > >>> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*") > >>> modparam("tls_mgm", "match_sip_domain", > >>> "[ag-projects-client]ag-projects.com") > >>> modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-") > >>> modparam("tls_mgm", "certificate", > >>> "[ag-projects-client]/etc/opensips/tls/ag-projects.crt") > >>> modparam("tls_mgm", "private_key", > >>> "[ag-projects-client]/etc/opensips/tls/ag-projects.key") > >>> modparam("tls_mgm", "ca_list", > >>> "[ag-projects-client]/etc/opensips/tls/ca-list.pem") > >>> modparam("tls_mgm", "ca_dir", > >>> "[ag-projects-client]/etc/ssl/certs") > >>> modparam("tls_mgm", "verify_cert", "[ag-projects-client]1") > >>> modparam("tls_mgm", "require_cert", "[ag-projects-client]0”) > >>> > >>> > >>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] > >>> DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm > >>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] > >>> DBG:core:set_mod_param_regex: found in module tls_mgm > >>> [/usr/lib/x86_64-linux-gnu/opensips/modules/] > >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > >>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module > >>> tls_wolfssl > >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > >>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module > >>> tls_openssl > >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > >>> DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module > >>> tls_openssl, and it was not loaded -- continuing > >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > >>> DBG:core:solve_module_dependencies: solving dependency proto_tls -> > >>> module tls_mgm > >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > >>>
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
On 12.08.2021 22:17, Adrian Georgescu wrote: I set it up explicitly now but I get the same result, I tried different domains or combination but any definition fails to load. Hi gents, IIRC (Vlad: please correct me if I'm wrong), this initial version of the tls_wolfssl module does not have full feature parity with tls_openssl, as it is currently only equipped to provide TLS communication for modules such as proto_tls and proto_wss. So when it comes to configuring domains via tls_mgm on top of tls_wolfssl, the module MAY lack the required API function implementations, hence the errors you are getting. PS: there seem to be some hints about the above in the module docs [1] as well. [1]: https://opensips.org/docs/modules/3.2.x/tls_wolfssl.html#overview Cheers, -- Liviu Chircu www.twitter.com/liviuchircu | www.opensips-solutions.com OpenSIPS Summit 2021 Distributed | www.opensips.org/events ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
H Ovidiu, I set it up explicitly now but I get the same result, I tried different domains or combination but any definition fails to load. Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'msteams-server' Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:init_mod: failed to initialize module tls_mgm Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:main: error while initializing modules loadmodule "tls_mgm.so" modparam("tls_mgm", "tls_library", "wolfssl") Regards, Adrian > On 12 Aug 2021, at 16:03, Ovidiu Sas wrote: > > Hello Adrian, > > I managed to use wolfssl by forcing it: > modparam("tls_mgm", "tls_library", "wolfssl") > > I haven't tested the auto mode ... > > -ovidiu > > On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu wrote: >> >> After more digging I discovered that this behaviour does not happen when >> loading tls_openssl module. >> >> tls_openssl loads fine this configuration but tls_wolfssl does not. >> >>> On 12 Aug 2021, at 14:12, Adrian Georgescu wrote: >>> >>> Hi, >>> >>> I am using the latest 3.2.0 build with the old TLS configuration, with the >>> aim to try out Wolf SSL stack. >>> >>> But while the config check passed, the server does not start with the old >>> configuration: >>> >>> loadmodule “tls_mgm.so" >>> loadmodule “tls_wolfssl.so" >>> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain") >>> modparam("tls_mgm", "tls_library", "auto”) >>> >>> modparam("tls_mgm", "server_domain","ag-projects-server") >>> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*") >>> modparam("tls_mgm", "match_sip_domain", >>> "[ag-projects-server]ag-projects.com") >>> modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-") >>> modparam("tls_mgm", "certificate", >>> "[ag-projects-server]/etc/opensips/tls/ag-projects.crt") >>> modparam("tls_mgm", "private_key", >>> "[ag-projects-server]/etc/opensips/tls/ag-projects.key") >>> modparam("tls_mgm", "ca_list", >>> "[ag-projects-server]/etc/opensips/tls/ca-list.pem") >>> modparam("tls_mgm", "ca_dir", >>> "[ag-projects-server]/etc/ssl/certs") >>> modparam("tls_mgm", "verify_cert", "[ag-projects-server]1") >>> modparam("tls_mgm", "require_cert", "[ag-projects-server]0") >>> >>> modparam("tls_mgm", "client_domain","ag-projects-client") >>> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*") >>> modparam("tls_mgm", "match_sip_domain", >>> "[ag-projects-client]ag-projects.com") >>> modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-") >>> modparam("tls_mgm", "certificate", >>> "[ag-projects-client]/etc/opensips/tls/ag-projects.crt") >>> modparam("tls_mgm", "private_key", >>> "[ag-projects-client]/etc/opensips/tls/ag-projects.key") >>> modparam("tls_mgm", "ca_list", >>> "[ag-projects-client]/etc/opensips/tls/ca-list.pem") >>> modparam("tls_mgm", "ca_dir", >>> "[ag-projects-client]/etc/ssl/certs") >>> modparam("tls_mgm", "verify_cert", "[ag-projects-client]1") >>> modparam("tls_mgm", "require_cert", "[ag-projects-client]0”) >>> >>> >>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] >>> DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm >>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] >>> DBG:core:set_mod_param_regex: found in module tls_mgm >>> [/usr/lib/x86_64-linux-gnu/opensips/modules/] >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module >>> tls_wolfssl >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module >>> tls_openssl >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module >>> tls_openssl, and it was not loaded -- continuing >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> DBG:core:solve_module_dependencies: solving dependency proto_tls -> module >>> tls_mgm >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> DBG:core:init_mod: initializing module tls_mgm >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> INFO:tls_mgm:mod_init: initializing TLS management >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> DBG:tls_mgm:load_info: 0 rows found in tls_mgm >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> DBG:tls_mgm:load_info: 0 records found in tls_mgm >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server' >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >>> DBG:tls_mgm:init_tls_dom: no DH params file for tls domain >>> 'ag-projects-server' defined, using default '(null)' >>>
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
Hello Adrian, I managed to use wolfssl by forcing it: modparam("tls_mgm", "tls_library", "wolfssl") I haven't tested the auto mode ... -ovidiu On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu wrote: > > After more digging I discovered that this behaviour does not happen when > loading tls_openssl module. > > tls_openssl loads fine this configuration but tls_wolfssl does not. > > > On 12 Aug 2021, at 14:12, Adrian Georgescu wrote: > > > > Hi, > > > > I am using the latest 3.2.0 build with the old TLS configuration, with the > > aim to try out Wolf SSL stack. > > > > But while the config check passed, the server does not start with the old > > configuration: > > > > loadmodule “tls_mgm.so" > > loadmodule “tls_wolfssl.so" > > modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain") > > modparam("tls_mgm", "tls_library", "auto”) > > > > modparam("tls_mgm", "server_domain","ag-projects-server") > > modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*") > > modparam("tls_mgm", "match_sip_domain", > > "[ag-projects-server]ag-projects.com") > > modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-") > > modparam("tls_mgm", "certificate", > > "[ag-projects-server]/etc/opensips/tls/ag-projects.crt") > > modparam("tls_mgm", "private_key", > > "[ag-projects-server]/etc/opensips/tls/ag-projects.key") > > modparam("tls_mgm", "ca_list", > > "[ag-projects-server]/etc/opensips/tls/ca-list.pem") > > modparam("tls_mgm", "ca_dir", > > "[ag-projects-server]/etc/ssl/certs") > > modparam("tls_mgm", "verify_cert", "[ag-projects-server]1") > > modparam("tls_mgm", "require_cert", "[ag-projects-server]0") > > > > modparam("tls_mgm", "client_domain","ag-projects-client") > > modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*") > > modparam("tls_mgm", "match_sip_domain", > > "[ag-projects-client]ag-projects.com") > > modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-") > > modparam("tls_mgm", "certificate", > > "[ag-projects-client]/etc/opensips/tls/ag-projects.crt") > > modparam("tls_mgm", "private_key", > > "[ag-projects-client]/etc/opensips/tls/ag-projects.key") > > modparam("tls_mgm", "ca_list", > > "[ag-projects-client]/etc/opensips/tls/ca-list.pem") > > modparam("tls_mgm", "ca_dir", > > "[ag-projects-client]/etc/ssl/certs") > > modparam("tls_mgm", "verify_cert", "[ag-projects-client]1") > > modparam("tls_mgm", "require_cert", "[ag-projects-client]0”) > > > > > > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] > > DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm > > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] > > DBG:core:set_mod_param_regex: found in module tls_mgm > > [/usr/lib/x86_64-linux-gnu/opensips/modules/] > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module > > tls_wolfssl > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module > > tls_openssl > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module > > tls_openssl, and it was not loaded -- continuing > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:core:solve_module_dependencies: solving dependency proto_tls -> module > > tls_mgm > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:core:init_mod: initializing module tls_mgm > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > INFO:tls_mgm:mod_init: initializing TLS management > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:tls_mgm:load_info: 0 rows found in tls_mgm > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:tls_mgm:load_info: 0 records found in tls_mgm > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server' > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:tls_mgm:init_tls_dom: no DH params file for tls domain > > 'ag-projects-server' defined, using default '(null)' > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > DBG:tls_mgm:init_tls_dom: cipher list null ... setting default > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain > > 'ag-projects-server' > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > > ERROR:core:init_mod: failed to initialize module tls_mgm > > > > Any ideas what am I doing wrong? > > > > Adrian > > > > > > >
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
This line looks suspicious as I have not loaded or specified anywhere tls_openssl. Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module tls_openssl, and it was not loaded — continuing Adrian > On 12 Aug 2021, at 14:12, Adrian Georgescu wrote: > > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module > tls_openssl, and it was not loaded -- continuing ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
After more digging I discovered that this behaviour does not happen when loading tls_openssl module. tls_openssl loads fine this configuration but tls_wolfssl does not. > On 12 Aug 2021, at 14:12, Adrian Georgescu wrote: > > Hi, > > I am using the latest 3.2.0 build with the old TLS configuration, with the > aim to try out Wolf SSL stack. > > But while the config check passed, the server does not start with the old > configuration: > > loadmodule “tls_mgm.so" > loadmodule “tls_wolfssl.so" > modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain") > modparam("tls_mgm", "tls_library", "auto”) > > modparam("tls_mgm", "server_domain","ag-projects-server") > modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*") > modparam("tls_mgm", "match_sip_domain", "[ag-projects-server]ag-projects.com") > modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-") > modparam("tls_mgm", "certificate", > "[ag-projects-server]/etc/opensips/tls/ag-projects.crt") > modparam("tls_mgm", "private_key", > "[ag-projects-server]/etc/opensips/tls/ag-projects.key") > modparam("tls_mgm", "ca_list", > "[ag-projects-server]/etc/opensips/tls/ca-list.pem") > modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs") > modparam("tls_mgm", "verify_cert", "[ag-projects-server]1") > modparam("tls_mgm", "require_cert", "[ag-projects-server]0") > > modparam("tls_mgm", "client_domain","ag-projects-client") > modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*") > modparam("tls_mgm", "match_sip_domain", "[ag-projects-client]ag-projects.com") > modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-") > modparam("tls_mgm", "certificate", > "[ag-projects-client]/etc/opensips/tls/ag-projects.crt") > modparam("tls_mgm", "private_key", > "[ag-projects-client]/etc/opensips/tls/ag-projects.key") > modparam("tls_mgm", "ca_list", > "[ag-projects-client]/etc/opensips/tls/ca-list.pem") > modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs") > modparam("tls_mgm", "verify_cert", "[ag-projects-client]1") > modparam("tls_mgm", "require_cert", "[ag-projects-client]0”) > > > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] > DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm > Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] > DBG:core:set_mod_param_regex: found in module tls_mgm > [/usr/lib/x86_64-linux-gnu/opensips/modules/] > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module > tls_wolfssl > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module > tls_openssl > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module > tls_openssl, and it was not loaded -- continuing > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:core:solve_module_dependencies: solving dependency proto_tls -> module > tls_mgm > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:core:init_mod: initializing module tls_mgm > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > INFO:tls_mgm:mod_init: initializing TLS management > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:tls_mgm:load_info: 0 rows found in tls_mgm > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:tls_mgm:load_info: 0 records found in tls_mgm > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server' > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:tls_mgm:init_tls_dom: no DH params file for tls domain > 'ag-projects-server' defined, using default '(null)' > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > DBG:tls_mgm:init_tls_dom: cipher list null ... setting default > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'ag-projects-server' > Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] > ERROR:core:init_mod: failed to initialize module tls_mgm > > Any ideas what am I doing wrong? > > Adrian > > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration
Hi, I am using the latest 3.2.0 build with the old TLS configuration, with the aim to try out Wolf SSL stack. But while the config check passed, the server does not start with the old configuration: loadmodule “tls_mgm.so" loadmodule “tls_wolfssl.so" modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain") modparam("tls_mgm", "tls_library", "auto”) modparam("tls_mgm", "server_domain","ag-projects-server") modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*") modparam("tls_mgm", "match_sip_domain", "[ag-projects-server]ag-projects.com") modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-") modparam("tls_mgm", "certificate", "[ag-projects-server]/etc/opensips/tls/ag-projects.crt") modparam("tls_mgm", "private_key", "[ag-projects-server]/etc/opensips/tls/ag-projects.key") modparam("tls_mgm", "ca_list", "[ag-projects-server]/etc/opensips/tls/ca-list.pem") modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs") modparam("tls_mgm", "verify_cert", "[ag-projects-server]1") modparam("tls_mgm", "require_cert", "[ag-projects-server]0") modparam("tls_mgm", "client_domain","ag-projects-client") modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*") modparam("tls_mgm", "match_sip_domain", "[ag-projects-client]ag-projects.com") modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-") modparam("tls_mgm", "certificate", "[ag-projects-client]/etc/opensips/tls/ag-projects.crt") modparam("tls_mgm", "private_key", "[ag-projects-client]/etc/opensips/tls/ag-projects.key") modparam("tls_mgm", "ca_list", "[ag-projects-client]/etc/opensips/tls/ca-list.pem") modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs") modparam("tls_mgm", "verify_cert", "[ag-projects-client]1") modparam("tls_mgm", "require_cert", "[ag-projects-client]0”) Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] DBG:core:set_mod_param_regex: found in module tls_mgm [/usr/lib/x86_64-linux-gnu/opensips/modules/] Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module tls_wolfssl Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module tls_openssl Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module tls_openssl, and it was not loaded -- continuing Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency proto_tls -> module tls_mgm Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:init_mod: initializing module tls_mgm Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] INFO:tls_mgm:mod_init: initializing TLS management Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:load_info: 0 rows found in tls_mgm Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:load_info: 0 records found in tls_mgm Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server' Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:init_tls_dom: no DH params file for tls domain 'ag-projects-server' defined, using default '(null)' Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:init_tls_dom: cipher list null ... setting default Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'ag-projects-server' Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] ERROR:core:init_mod: failed to initialize module tls_mgm Any ideas what am I doing wrong? Adrian ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users