Re: [SR-Users] $sel(tls.peer.subject.cn) error

Thu, 10 Apr 2014 03:19:18 -0700

The parameters for functions are resolved at fixup time, which is done after mod_init -- the config parser will see any function parameter as just string, then later will run fixup for function parameters.
Probably the error message from tls_select.c:152 can be made dbg, the pv value is ok, being null in this case. 

Cheers,
Daniel

On 10/04/14 10:58, Juha Heinanen wrote:

Daniel-Constantin Mierla writes:


Note that there should be direct pv alternative, as I could see in the
module, such as $tls_peer_subject_cn -- see tls_pv structure inside
tls_select.c file of the tls module. Not sure if they were documented
somewhere.

those seem to work without modifying tls module source.  i tested like
this:

     if (proto == TLS) {
         xlog("L_INFO", "tls_my_subject_cn = <$tls_my_subject_cn>\n");
         xlog("L_INFO", "tls_peer_subject_cn = <$tls_peer_subject_cn>\n");
     };

and got:

Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: REGISTER <sip:t...@test.tutpro.com> 
by <t...@test.tutpro.com> from <192.98.102.30> is authorized
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: tls_my_subject_cn = 
<test.tutpro.com>
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: tls 
[tls_select.c:152]: get_cert(): Unable to retrieve TLS certificate from SSL 
structure
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: tls_peer_subject_cn = 
<<null>>
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: tls 
[tls_select.c:152]: get_cert(): Unable to retrieve TLS certificate from SSL 
structure
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: <core> [lvalue.c:416]: 
lval_assign(): assignment failed at pos: (878,49-878,49)

i'm not sure yet, if this peer gave its certificate during the
handshake.  if there is no peer certificate, ERROR level message seems
like an overkill.  in my opinion it would suffice to return empty
value.

-- juha


--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users






















					Reply via email to