[OpenSIPS-Users] 3.2.0 TLS MGM module does not load 3.1.0 domain configuration

Ovidiu Sas osas at voipembedded.com
Thu Aug 12 20:09:07 EST 2021


I loaded both modules and I just switch between them via the
tls_library parameter and it loads ok:
loadmodule "tls_openssl.so"
loadmodule "tls_wolfssl.so"
loadmodule "tls_mgm.so"
  modparam("tls_mgm", "tls_library", "openssl")
# modparam("tls_mgm", "tls_library", "wolfssl")

I did not test with the latest opensips version ...
I also had some issues with the wolfssl library: is_peer_verified()
doesn't seem to work properly. Because of that I'm still using the
openssl library.

-ovidiu

On Thu, Aug 12, 2021 at 3:17 PM Adrian Georgescu <ag at ag-projects.com> wrote:
>
> H Ovidiu,
>
> I set it up explicitly now but I get the same result, I tried different domains or combination but any definition fails to load.
>
> Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'msteams-server'
> Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:init_mod: failed to initialize module tls_mgm
> Aug 12 21:10:30 live01 /usr/sbin/opensips[10920]: ERROR:core:main: error while initializing modules
>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "tls_library", "wolfssl")
>
> Regards,
> Adrian
>
> > On 12 Aug 2021, at 16:03, Ovidiu Sas <osas at voipembedded.com> wrote:
> >
> > Hello Adrian,
> >
> > I managed to use wolfssl by forcing it:
> >  modparam("tls_mgm", "tls_library", "wolfssl")
> >
> > I haven't tested the auto mode ...
> >
> > -ovidiu
> >
> > On Thu, Aug 12, 2021 at 2:59 PM Adrian Georgescu <ag at ag-projects.com> wrote:
> >>
> >> After more digging I discovered that this behaviour does not happen when loading tls_openssl module.
> >>
> >> tls_openssl loads fine this configuration but tls_wolfssl does not.
> >>
> >>> On 12 Aug 2021, at 14:12, Adrian Georgescu <ag at ag-projects.com> wrote:
> >>>
> >>> Hi,
> >>>
> >>> I am using the latest 3.2.0 build with the old TLS configuration, with the aim to try out Wolf SSL stack.
> >>>
> >>> But while the config check passed, the server does not start with the old configuration:
> >>>
> >>> loadmodule “tls_mgm.so"
> >>> loadmodule “tls_wolfssl.so"
> >>> modparam("tls_mgm", "client_tls_domain_avp", "tls_client_domain")
> >>> modparam("tls_mgm", "tls_library", "auto”)
> >>>
> >>> modparam("tls_mgm", "server_domain",    "ag-projects-server")
> >>> modparam("tls_mgm", "match_ip_address", "[ag-projects-server]*")
> >>> modparam("tls_mgm", "match_sip_domain", "[ag-projects-server]ag-projects.com")
> >>> modparam("tls_mgm", "tls_method",       "[ag-projects-server]TLSv1-")
> >>> modparam("tls_mgm", "certificate",      "[ag-projects-server]/etc/opensips/tls/ag-projects.crt")
> >>> modparam("tls_mgm", "private_key",      "[ag-projects-server]/etc/opensips/tls/ag-projects.key")
> >>> modparam("tls_mgm", "ca_list",          "[ag-projects-server]/etc/opensips/tls/ca-list.pem")
> >>> modparam("tls_mgm", "ca_dir",           "[ag-projects-server]/etc/ssl/certs")
> >>> modparam("tls_mgm", "verify_cert",      "[ag-projects-server]1")
> >>> modparam("tls_mgm", "require_cert",     "[ag-projects-server]0")
> >>>
> >>> modparam("tls_mgm", "client_domain",    "ag-projects-client")
> >>> modparam("tls_mgm", "match_ip_address", "[ag-projects-client]*")
> >>> modparam("tls_mgm", "match_sip_domain", "[ag-projects-client]ag-projects.com")
> >>> modparam("tls_mgm", "tls_method",       "[ag-projects-client]TLSv1-")
> >>> modparam("tls_mgm", "certificate",      "[ag-projects-client]/etc/opensips/tls/ag-projects.crt")
> >>> modparam("tls_mgm", "private_key",      "[ag-projects-client]/etc/opensips/tls/ag-projects.key")
> >>> modparam("tls_mgm", "ca_list",          "[ag-projects-client]/etc/opensips/tls/ca-list.pem")
> >>> modparam("tls_mgm", "ca_dir",           "[ag-projects-client]/etc/ssl/certs")
> >>> modparam("tls_mgm", "verify_cert",      "[ag-projects-client]1")
> >>> modparam("tls_mgm", "require_cert",     "[ag-projects-client]0”)
> >>>
> >>>
> >>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] DBG:core:set_mod_param_regex: tls_mgm matches module tls_mgm
> >>> Aug 12 18:51:14 live01 opensips[6455]: Aug 12 18:51:14 [6455] DBG:core:set_mod_param_regex: found <require_cert> in module tls_mgm [/usr/lib/x86_64-linux-gnu/opensips/modules/]
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module tls_wolfssl
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency tls_mgm -> module tls_openssl
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: module tls_mgm soft-depends on module tls_openssl, and it was not loaded -- continuing
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:solve_module_dependencies: solving dependency proto_tls -> module tls_mgm
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:core:init_mod: initializing module tls_mgm
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] INFO:tls_mgm:mod_init: initializing TLS management
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:load_info: 0 rows found in tls_mgm
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:load_info: 0 records found in tls_mgm
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] INFO:tls_mgm:init_tls_dom: Processing TLS domain 'ag-projects-server'
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:init_tls_dom: no DH params file for tls domain 'ag-projects-server' defined, using default '(null)'
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] DBG:tls_mgm:init_tls_dom: cipher list null ... setting default
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'ag-projects-server'
> >>> Aug 12 18:51:15 live01 opensips[6455]: Aug 12 18:51:15 [6455] ERROR:core:init_mod: failed to initialize module tls_mgm
> >>>
> >>> Any ideas what am I doing wrong?
> >>>
> >>> Adrian
> >>>
> >>>
> >>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opensips.org
> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
> > --
> > VoIP Embedded, Inc.
> > http://www.voipembedded.com
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



-- 
VoIP Embedded, Inc.
http://www.voipembedded.com



More information about the Users mailing list