Thank you Vlad, I confirm that I was able to load the certificate using wolfssl by setting the protocol version to TLSv1.
Regards, Adrian > On 12 Aug 2021, at 18:12, Vlad Patrascu <[email protected]> wrote: > > Hi Adrian, > > The wolfSSL implementation does not support a TLS method range, such as > "TLSv1-", so that could be one of the causes. What seems strange is that > there is no warning message: "WARNING:tls_wolfssl:tls_get_method: wolfSSL > does not support method range specification" which should be thrown in such > cases. > > Regards, > > -- > Vlad Patrascu > OpenSIPS Core Developer > http://www.opensips-solutions.com > > On 12.08.2021 20:12, Adrian Georgescu wrote: >> Hi, >> >> I am using the latest 3.2.0 build with the old TLS configuration, with the >> aim to try out Wolf SSL stack. >> >> But while the config check passed, the server does not start with the old >> configuration: >> >> loadmodule “tls_mgm.so" >> loadmodule “tls_wolfssl.so" >> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain") >> modparam("tls_mgm", "tls_library", "auto”) >> >> modparam("tls_mgm", "server_domain", "ag-projects-server") >> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*") >> modparam("tls_mgm", "match_sip_domain", >> "[ag-projects-server]ag-projects.com") >> modparam("tls_mgm", "tls_method", "[ag-projects-server]TLSv1-") >> modparam("tls_mgm", "certificate", >> "[ag-projects-server]/etc/opensips/tls/ag-projects.crt") >> modparam("tls_mgm", "private_key", >> "[ag-projects-server]/etc/opensips/tls/ag-projects.key") >> modparam("tls_mgm", "ca_list", >> "[ag-projects-server]/etc/opensips/tls/ca-list.pem") >> modparam("tls_mgm", "ca_dir", "[ag-projects-server]/etc/ssl/certs") >> modparam("tls_mgm", "verify_cert", "[ag-projects-server]1") >> modparam("tls_mgm", "require_cert", "[ag-projects-server]0") >> >> modparam("tls_mgm", "client_domain", "ag-projects-client") >> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*") >> modparam("tls_mgm", "match_sip_domain", >> "[ag-projects-client]ag-projects.com") >> modparam("tls_mgm", "tls_method", "[ag-projects-client]TLSv1-") >> modparam("tls_mgm", "certificate", >> "[ag-projects-client]/etc/opensips/tls/ag-projects.crt") >> modparam("tls_mgm", "private_key", >> "[ag-projects-client]/etc/opensips/tls/ag-projects.key") >> modparam("tls_mgm", "ca_list", >> "[ag-projects-client]/etc/opensips/tls/ca-list.pem") >> modparam("tls_mgm", "ca_dir", "[ag-projects-client]/etc/ssl/certs") >> modparam("tls_mgm", "verify_cert", "[ag-projects-client]1") >> modparam("tls_mgm", "require_cert", "[ag-projects-client]0”) >> >> >> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] >> DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm >> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] >> DBG:core:set_mod_param_regex: found <require_cert> in module tls_mgm >> [/usr/lib/x86_64-linux-gnu/opensips/modules/] >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module >> tls_wolfssl >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module >> tls_openssl >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module >> tls_openssl, and it was not loaded -- continuing >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:solve_module_dependencies: solving dependency proto_tls -> module >> tls_mgm >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:core:init_mod: initializing module tls_mgm >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> INFO:tls_mgm:mod_init: initializing TLS management >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:tls_mgm:load_info: 0 rows found in tls_mgm >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:tls_mgm:load_info: 0 records found in tls_mgm >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server' >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:tls_mgm:init_tls_dom: no DH params file for tls domain >> 'ag-projects-server' defined, using default '(null)' >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> DBG:tls_mgm:init_tls_dom: cipher list null ... setting default >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain >> 'ag-projects-server' >> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] >> ERROR:core:init_mod: failed to initialize module tls_mgm >> >> Any ideas what am I doing wrong? >> >> Adrian >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
