Hello,
It’s my first message here so here is a little introduction about me.
I’m Yoann gini, a french system administrator specialized in Apple product for enterprise. I also manage some other UNIX sever (essentially BSD based) and some windows when customers pay me a lot…
I’m trying to install Kamailio on by personal FreeBSD 10 server. My intend is discover products functionalities and see what can be done whit it. Maybe I can made a package for OS X Server and deploy it along with e-mail and xmpp services when my customers need efficient communication system.
So, at this time, I’m playing with various options and I’ve some problems.
The one who lead me here concern TLS module.
I’m unable to start the service with TLS module enabled, digging into the debug log, I’ve catch those lines:
0(35943) DEBUG: <core> [cfg.y:1635]: yyparse(): loading module tls.so 0(35943) DEBUG: <core> [sr_module.c:591]: load_module(): load_module: trying to load </usr/local/lib64/kamailio/modules/tls.so> 0(35943) INFO: tls [tls_init.c:385]: init_tls_compression(): tls: init_tls: disabling compression... 0(35943) ERROR: <core> [modparam.c:163]: set_mod_param_regex(): set_mod_param_regex: No module matching <tls> found
It seems that the module is loaded, but impossible to configure…
Here is the output of grep -i tls kamailio.cfg
### #!define WITH_TLS # *** To enable TLS support execute: # - adjust CFGDIR/tls.cfg as needed # - define WITH_TLS #!ifdef WITH_TLS listen=tls:<ipv4>:5061 listen=tls:<ipv6>:5061 enable_tls=yes #!ifdef WITH_TLS loadmodule "tls.so" #!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
And the content of /usr/local/etc/kamailio/tls.cfg
[server:default] method = TLSv1 verify_certificate = yes require_certificate = no private_key = /etc/ssl/keys/my_real_ssl_cert.key certificate = /etc/ssl/certs/my_real_ssl_cert.crt ca_list = /etc/ssl/cert.pem #crl = /usr/local/etc/kamailio/crl.pem
[client:default] verify_certificate = no require_certificate = no
After some search, I’ve found this message on the list http://lists.sip-router.org/pipermail/sr-users/2013-August/079439.html
It seems that a bug on OpenSSL side cause some trouble with TLS module…
Is it still true ? How do you manage your TLS configuration ?
I’m using OpenSSL 1.0.1g with kamailio 4.1.2.
Best regards, Yoann.
Hello,
if you installed tls module, then be sure you have the next line after the first line of kamailio.cfg:
#!define WITH_TLS
Cheers, Daniel
On 21/04/14 13:20, Yoann Gini wrote:
Hello,
It’s my first message here so here is a little introduction about me.
I’m Yoann gini, a french system administrator specialized in Apple product for enterprise. I also manage some other UNIX sever (essentially BSD based) and some windows when customers pay me a lot…
I’m trying to install Kamailio on by personal FreeBSD 10 server. My intend is discover products functionalities and see what can be done whit it. Maybe I can made a package for OS X Server and deploy it along with e-mail and xmpp services when my customers need efficient communication system.
So, at this time, I’m playing with various options and I’ve some problems.
The one who lead me here concern TLS module.
I’m unable to start the service with TLS module enabled, digging into the debug log, I’ve catch those lines:
0(35943) DEBUG: <core> [cfg.y:1635]: yyparse(): loading module tls.so 0(35943) DEBUG: <core> [sr_module.c:591]: load_module(): load_module: trying to load </usr/local/lib64/kamailio/modules/tls.so> 0(35943) INFO: tls [tls_init.c:385]: init_tls_compression(): tls: init_tls: disabling compression... 0(35943) ERROR: <core> [modparam.c:163]: set_mod_param_regex(): set_mod_param_regex: No module matching <tls> found
It seems that the module is loaded, but impossible to configure…
Here is the output of grep -i tls kamailio.cfg
### #!define WITH_TLS # *** To enable TLS support execute: # - adjust CFGDIR/tls.cfg as needed # - define WITH_TLS #!ifdef WITH_TLS listen=tls:<ipv4>:5061 listen=tls:<ipv6>:5061 enable_tls=yes #!ifdef WITH_TLS loadmodule "tls.so" #!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
And the content of /usr/local/etc/kamailio/tls.cfg
[server:default] method = TLSv1 verify_certificate = yes require_certificate = no private_key = /etc/ssl/keys/my_real_ssl_cert.key certificate = /etc/ssl/certs/my_real_ssl_cert.crt ca_list = /etc/ssl/cert.pem #crl = /usr/local/etc/kamailio/crl.pem
[client:default] verify_certificate = no require_certificate = no
After some search, I’ve found this message on the list http://lists.sip-router.org/pipermail/sr-users/2013-August/079439.html
It seems that a bug on OpenSSL side cause some trouble with TLS module…
Is it still true ? How do you manage your TLS configuration ?
I’m using OpenSSL 1.0.1g with kamailio 4.1.2.
Best regards, Yoann.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi
Le 21 avr. 2014 à 14:11, Daniel-Constantin Mierla miconda@gmail.com a écrit :
if you installed tls module, then be sure you have the next line after the first line of kamailio.cfg:
#!define WITH_TLS
Yes I have it.
The output pasted in my previous mail shown « ### #!define WITH_TLS » but I’ve obviously try it with just « #!define WITH_TLS ». The ### are here just to disable the settings in the mean time.
-
Daniel-Constantin Mierla -
Yoann Gini