[BUG] Impossible to load chain of certificates and CA certificates from DB #1714
Comments
|
Just to confirm, in the database you do have all the certificates chain, correct? |
|
@razvancrainea , yes, they are correct. Please review PR |
|
And I changed manually MySQL scheme of course, as it is impossible to store all CA certificates in 16K blob. This mentioned in #1709 |
|
@razvancrainea Can you help? tls_dump_cert_info (defined in tls_conn_server.h) is just for print certificate subj and issuer. And patch is much more informative in logs with this function, but I got this warnings because of unused static functions: |
|
I've just pushed a commit on master and merged your PR. Can you confirm it's all right now? If so, I will backport them. |
|
@razvancrainea , I don't know how to check tls_mgm.xml, but, yes, this is just change of ca_list field type. PR I've tested only on 2.4.5, but this part of code was not changed in 3.0. When tls_mgm takes certificates from files - it uses it right way, certificate - as full chain, and ca-list -as list of all CA certificates, so just initialisation from DB was incorrect before PR. I've attached patch for 2.4 branch |
|
I've just pushed this upstream, let me know if it's all good. |
|
@razvancrainea I've built latest 2.4.5 version from git. Everything works like expected. |
OpenSIPS version you are running
Describe the bug
Module tls_mgm uses DB. If we store TLS domain information in database, it is impossible to load chain of TLS certificates (only first one loaded) and impossible to load CA certificates (only first one loaded)
To Reproduce
Expected behavior
Load full chain of certificates for TLS domain and list of CA certificates
Relevant System Logs
No logs, no errors.
OS/environment information
gitAdditional context
Issue #1709 related to this one.
The text was updated successfully, but these errors were encountered: