[OpenSIPS-Users] TLS_MGM module with DB(MYSQL)

Callum Guy callum.guy at x-on.co.uk
Fri May 28 13:51:42 EST 2021 

I'm a bit lost with regards to your setup/intentions but I think you might
be misusing those config values - if in doubt try the vanilla
implementation using an unmodified table and limited module parameters,
start small and build!

Of concern:

modparam("tls_mgm", "domain_col", "xxxxxx.i3clogic.com") < is that really
your column name??
modparam("tls_mgm", "match_ip_address_col", "xx.xx36.64:443") < is that
really your column name??

I'm wondering if you have interpreted those as default values?

https://opensips.org/html/docs/modules/3.0.x/tls_mgm.html#idp5640928

Initially just try with the value "default" for domain - thats a special
catch all value:

[image: image.png]


On Fri, 28 May 2021 at 12:59, Saurabh Chopra <saurabhc at 3clogic.com> wrote:

> Hi Opensips Team/ Callum,
>
> Thanks for the response, I successfully inserted the content of my
> files(certificate) in mysql DB. But when I try to run the script the
> opensips is crashing now with errors.
>
> May 28 11:45:59  /usr/local/sbin/opensips[1268]:
> CRITICAL:db_mysql:wrapper_single_mysql_real_query: driver error (1064): You
> have an error in your SQL syntax; check the manual that corresponds to your
> MySQL server version for the right syntax to use near
> '.36.64:443,match_sip_domain,type,method,0,0,certificate,private_key,crl_check_al'
> at line 1
> May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:core:db_do_query:
> error while submitting query - [select id,xxxx.i3clogic.com,x.x.36.64:443,match_sip_domain,type,method,0,0,certificate,private_key,crl_check_all,crl_dir,ca_list,ca_dir,cipher_list,dh_params,ec_curve
> from tls_mgm ]
> May 28 11:45:59   /usr/local/sbin/opensips[1268]: ERROR:tls_mgm:load_info:
> DB query failed - retrieve valid connections
> May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:tls_mgm:load_info:
> Unable to load domains info from DB
> May 28 11:45:59 /usr/local/sbin/opensips[1268]: ERROR:core:init_mod:
> failed to initialize module tls_mgm
> May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:core:main: error
> while initializing modules
>
> Given these parameters in the config script.
>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "db_url", "mysql://root:xxxxx@localhost/opensips")
> modparam("tls_mgm", "db_table", "tls_mgm")
> modparam("tls_mgm", "domain_col", "xxxxxx.i3clogic.com")
> modparam("tls_mgm", "match_ip_address_col", "xx.xx36.64:443")
> modparam("tls_mgm", "tls_method_col", "method")
> modparam("tls_mgm", "verify_cert_col", "0")
> modparam("tls_mgm", "require_cert_col", "0")
> modparam("tls_mgm", "certificate_col", "certificate")
> modparam("tls_mgm", "private_key_col", "private_key")
> modparam("tls_mgm", "crl_check_all_col", "crl_check_all")
> modparam("tls_mgm", "crl_dir_col", "crl_dir")
> modparam("tls_mgm", "ca_list_col", "ca_list")
>
> Kindly help in this matter.
>
> Best Regards
> Saurabh Chopra
> +918861979979
>
>
> On Wed, May 26, 2021 at 5:06 PM Callum Guy <callum.guy at x-on.co.uk> wrote:
>
>> You need to insert the certificate contents into the table rather than a
>> file, to my understanding - you'd probably want to convert the certs to PEM
>> format prior to doing this.
>>
>>
>>
>>
>>
>> On Tue, 25 May 2021 at 14:20, Saurabh Chopra <saurabhc at 3clogic.com>
>> wrote:
>>
>>> Hi Opensips Team/Razvan,
>>>
>>> I am using the TLS_MGM module to validate my certificate file through a
>>> database (mysql) but getting the below error.
>>>
>>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
>>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]: *ERROR:tls_mgm:load_certificate_db:
>>> Unable to load certificate from buffer*
>>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
>>> WARNING:tls_mgm:init_tls_domains: Failed to init TLS domain 'default',
>>> skipping...
>>>
>>> The data i have put in DB is depicted below:-
>>>
>>> insert into tls_mgm
>>> (id,domain,match_ip_address,match_sip_domain,type,method,verify_cert,require_cert,certificate,private_key,crl_check_all,crl_dir,ca_list,ca_dir,
>>> cipher_list,dh_params,ec_curve) values
>>> ('1','default','20.0.xx.xx:443','','1','SSLv23','1','0','xxxx2021.der','xxxx.der','0','','xxxxx2021.der','','ALL','','');
>>>
>>> *.der* files are the binary file for certificate file, private key file
>>> and ca_list .  However the same is working fine through the configuration
>>> script.
>>>
>>> Can anybody confirm what I am doing wrong ?
>>>
>>>
>>> Best Regards
>>> Saurabh Chopra
>>> +918861979979
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>> *0333 332 0000  |  x-on.co.uk <https://www.x-on.co.uk>  |   **
>> <https://www.linkedin.com/company/x-on>   <https://www.facebook.com/XonTel>
>>   <https://twitter.com/xonuk> **  |  Coronavirus
>> <https://www.x-on.co.uk/service/surgery-connect/coronavirus.htm>**
>> |  Practice Index Reviews <https://practiceindex.co.uk/gp/x-on>*
>>
>> THE ITSPA AWARDS 2020 <http://www.itspa.org.uk/itspa-awards> AND Best
>> ITSP - Mid Market, Best Software and Best Vertical Solution are trade marks
>> of the Internet Telephony Services Providers' Association, used under
>> licence.
>>
>> *Our new office address: 22 Riduna Park, Melton IP12 1QT.*
>>
>> X-on is a trading name of Storacall Technology Ltd a limited company
>> registered in England and Wales.
>> Registered Office : Avaland House, 110 London Road, Apsley, Hemel
>> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
>> The information in this e-mail is confidential and for use by the
>> addressee(s) only. If you are not the intended recipient, please notify
>> X-on immediately on +44(0)333 332 0000 and delete the
>> message from your computer. If you are not a named addressee you must not
>> use, disclose, disseminate, distribute, copy, print or reply to this email. Views
>> or opinions expressed by an individual
>> within this email may not necessarily reflect the views of X-on or its
>> associated companies. Although X-on routinely screens for viruses,
>> addressees should scan this email and any attachments
>> for viruses. X-on makes no representation or warranty as to the absence
>> of viruses in this email or any attachments.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

-- 





*0333 332 0000  |  x-on.co.uk <https://www.x-on.co.uk>  |   ** 
<https://www.linkedin.com/company/x-on>   <https://www.facebook.com/XonTel> 
  <https://twitter.com/xonuk> **  |  Coronavirus 
<https://www.x-on.co.uk/service/surgery-connect/coronavirus.htm>**  |  
Practice Index Reviews <https://practiceindex.co.uk/gp/x-on>*


THE ITSPA 
AWARDS 2020 <http://www.itspa.org.uk/itspa-awards> AND Best ITSP - Mid 
Market, Best Software and Best Vertical Solution are trade marks of the 
Internet Telephony Services Providers' Association, used under licence.

*Our new office address: 22 Riduna Park, Melton IP12 1QT.*

X-on
is a 
trading name of Storacall Technology Ltd a limited company registered in
England and Wales.

Registered Office : Avaland House, 110 London Road, 
Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company Registration No. 2578478.

The information in this e-mail is confidential and for use by the 
addressee(s)
only. If you are not the intended recipient, please notify 
X-on immediately on +44(0)333 332 0000 and delete the
message from your 
computer. If you are not a named addressee you must not use,
disclose, 
disseminate, distribute, copy, print or reply to this email. Views
or 
opinions expressed by an individual
within this email may not necessarily
reflect the views of X-on or its associated companies. Although X-on 
routinely
screens for viruses, addressees should scan this email and any 
attachments
for
viruses. X-on makes no representation or warranty as to the 
absence of viruses
in this email or any attachments.










-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20210528/38518f16/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 10668 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20210528/38518f16/attachment-0001.png>

More information about the Users mailing list