Hello,

if you installed tls module, then be sure you have the next line after the first line of kamailio.cfg:

#!define WITH_TLS

Cheers,
Daniel

On 21/04/14 13:20, Yoann Gini wrote:

Hello,

It’s my first message here so here is a little introduction about me.

I’m Yoann gini, a french system administrator specialized in Apple product for enterprise. I also manage some other UNIX sever (essentially BSD based) and some windows when customers pay me a lot…

I’m trying to install Kamailio on by personal FreeBSD 10 server. My intend is discover products functionalities and see what can be done whit it. Maybe I can made a package for OS X Server and deploy it along with e-mail and xmpp services when my customers need efficient communication system.

So, at this time, I’m playing with various options and I’ve some problems.

The one who lead me here concern TLS module.

I’m unable to start the service with TLS module enabled, digging into the debug log, I’ve catch those lines:

0(35943) DEBUG: <core> [cfg.y:1635]: yyparse(): loading module tls.so
0(35943) DEBUG: <core> [sr_module.c:591]: load_module(): load_module: trying to load </usr/local/lib64/kamailio/modules/tls.so>
0(35943) INFO: tls [tls_init.c:385]: init_tls_compression(): tls: init_tls: disabling compression...
0(35943) ERROR: <core> [modparam.c:163]: set_mod_param_regex(): set_mod_param_regex: No module matching <tls> found

It seems that the module is loaded, but impossible to configure…

Here is the output of grep -i tls kamailio.cfg

### #!define WITH_TLS
# *** To enable TLS support execute:
# - adjust CFGDIR/tls.cfg as needed
# - define WITH_TLS
#!ifdef WITH_TLS
listen=tls:<ipv4>:5061
listen=tls:<ipv6>:5061
enable_tls=yes
#!ifdef WITH_TLS
loadmodule "tls.so"
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")

And the content of /usr/local/etc/kamailio/tls.cfg

[server:default]
method = TLSv1
verify_certificate = yes
require_certificate = no
private_key = /etc/ssl/keys/my_real_ssl_cert.key
certificate = /etc/ssl/certs/my_real_ssl_cert.crt
ca_list = /etc/ssl/cert.pem
#crl = /usr/local/etc/kamailio/crl.pem

[client:default]
verify_certificate = no
require_certificate = no

After some search, I’ve found this message on the list http://lists.sip-router.org/pipermail/sr-users/2013-August/079439.html

It seems that a bug on OpenSSL side cause some trouble with TLS module…

Is it still true ? How do you manage your TLS configuration ?

I’m using OpenSSL 1.0.1g with kamailio 4.1.2.

Best regards,

Yoann.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda