[asterisk-bugs] [JIRA] (ASTERISK-25340) Manager.conf TLS doesn't activates
Rusty Newton (JIRA)
noreply at issues.asterisk.org
Thu Aug 27 09:23:33 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-25340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=227361#comment-227361 ]
Rusty Newton edited comment on ASTERISK-25340 at 8/27/15 9:22 AM:
------------------------------------------------------------------
Ok. I configured logger.conf as described here https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information
Then I restored manager.conf from default (used sample file).
Then I went to asterisk console:
{noformat}
CLI> core set verbose 5
Console verbose is still 5.
CLI> core set debug 5
Core debug was OFF and is now 5.
CLI> module reload logger
Module 'logger' reloaded successfully.
== Parsing '/etc/asterisk/logger.conf': Found
Asterisk Queue Logger restarted
CLI> manager set debug on
CLI> manager set debug
manager debug is on
CLI> reload manager
Module 'manager' reloaded successfully.
CLI> manager show settings
Global Settings:
----------------
Manager (AMI): No
Web Manager (AMI/HTTP): No
TCP Bindaddress: Disabled
HTTP Timeout (minutes): 60
TLS Enable: No
TLS Bindaddress: Disabled
TLS Certfile: asterisk.pem
TLS Privatekey:
TLS Cipher:
Allow multiple login: Yes
Display connects: Yes
Timestamp events: No
Channel vars:
Debug: Yes
{noformat}
Then I configured manager.conf:
{noformat}
[general]
enabled = yes
;webenabled = yes
port = 5038
bindaddr = 0.0.0.0
; Parameters that control AMI over TLS. ("enabled" must be set too).
; You can open a connection to this socket with e.g.
;
; openssl s_client -connect my_host:5039
;
tlsenable=yes ; set to YES to enable it
tlsbindaddr=0.0.0.0:5039 ; address and port to bind to, default to bindaddr and port 5039
tlscertfile=/tmp/asterisk.pem ; path to the certificate.
tlsprivatekey=/tmp/private.pem ; path to the private key, if no private given,
; if no tlsprivatekey is given, default is to search
; tlscertfile for private key.
;tlscipher=<cipher string> ; string specifying which SSL ciphers to use or not use
;
;allowmultiplelogin = yes ; IF set to no, rejects manager logins that are already in use.
; ; The default is yes.
;
displayconnects = yes
;
; Add a Unix epoch timestamp to events (not action responses)
;
;timestampevents = yes
;brokeneventsaction = yes ; Restore previous behavior that caused the events
; action to not return a response in certain
; circumstances. Defaults to 'no'.
{noformat}
Then I went to asterisk console:
{noformat}
CLI> core set verbose 5
Console verbose was 4 and is now 5.
CLI> core set debug 5
Core debug is still 5.
CLI> manager set debug
manager debug is on
CLI> reload manager
Module 'manager' reloaded successfully.
== Parsing '/etc/asterisk/manager.conf': Found
== Manager registered action BridgeList
== Manager registered action BridgeInfo
== Manager registered action BridgeDestroy
== Manager registered action BridgeKick
CLI> manager show settings
Global Settings:
----------------
Manager (AMI): Yes
Web Manager (AMI/HTTP): No
TCP Bindaddress: 0.0.0.0:5038
HTTP Timeout (minutes): 60
TLS Enable: No
TLS Bindaddress: Disabled
TLS Certfile: /tmp/asterisk.pem
TLS Privatekey: /tmp/private.pem
TLS Cipher:
Allow multiple login: Yes
Display connects: Yes
Timestamp events: No
Channel vars:
Debug: No
Log file in attach.
{noformat}
was (Author: vlt):
Ok. I configured logger.conf as described here https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information
Then I restored manager.conf from default (used sample file).
Then I went to asterisk console:
CLI> core set verbose 5
Console verbose is still 5.
CLI> core set debug 5
Core debug was OFF and is now 5.
CLI> module reload logger
Module 'logger' reloaded successfully.
== Parsing '/etc/asterisk/logger.conf': Found
Asterisk Queue Logger restarted
CLI> manager set debug on
CLI> manager set debug
manager debug is on
CLI> reload manager
Module 'manager' reloaded successfully.
CLI> manager show settings
Global Settings:
----------------
Manager (AMI): No
Web Manager (AMI/HTTP): No
TCP Bindaddress: Disabled
HTTP Timeout (minutes): 60
TLS Enable: No
TLS Bindaddress: Disabled
TLS Certfile: asterisk.pem
TLS Privatekey:
TLS Cipher:
Allow multiple login: Yes
Display connects: Yes
Timestamp events: No
Channel vars:
Debug: Yes
Then I configured manager.conf:
[general]
enabled = yes
;webenabled = yes
port = 5038
bindaddr = 0.0.0.0
; Parameters that control AMI over TLS. ("enabled" must be set too).
; You can open a connection to this socket with e.g.
;
; openssl s_client -connect my_host:5039
;
tlsenable=yes ; set to YES to enable it
tlsbindaddr=0.0.0.0:5039 ; address and port to bind to, default to bindaddr and port 5039
tlscertfile=/tmp/asterisk.pem ; path to the certificate.
tlsprivatekey=/tmp/private.pem ; path to the private key, if no private given,
; if no tlsprivatekey is given, default is to search
; tlscertfile for private key.
;tlscipher=<cipher string> ; string specifying which SSL ciphers to use or not use
;
;allowmultiplelogin = yes ; IF set to no, rejects manager logins that are already in use.
; ; The default is yes.
;
displayconnects = yes
;
; Add a Unix epoch timestamp to events (not action responses)
;
;timestampevents = yes
;brokeneventsaction = yes ; Restore previous behavior that caused the events
; action to not return a response in certain
; circumstances. Defaults to 'no'.
Then I went to asterisk console:
CLI> core set verbose 5
Console verbose was 4 and is now 5.
CLI> core set debug 5
Core debug is still 5.
CLI> manager set debug
manager debug is on
CLI> reload manager
Module 'manager' reloaded successfully.
== Parsing '/etc/asterisk/manager.conf': Found
== Manager registered action BridgeList
== Manager registered action BridgeInfo
== Manager registered action BridgeDestroy
== Manager registered action BridgeKick
CLI> manager show settings
Global Settings:
----------------
Manager (AMI): Yes
Web Manager (AMI/HTTP): No
TCP Bindaddress: 0.0.0.0:5038
HTTP Timeout (minutes): 60
TLS Enable: No
TLS Bindaddress: Disabled
TLS Certfile: /tmp/asterisk.pem
TLS Privatekey: /tmp/private.pem
TLS Cipher:
Allow multiple login: Yes
Display connects: Yes
Timestamp events: No
Channel vars:
Debug: No
Log file in attach.
> Manager.conf TLS doesn't activates
> ----------------------------------
>
> Key: ASTERISK-25340
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25340
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Affects Versions: 13.5.0
> Environment: Amazon Linux AMI release 2015.03
> openssl-devel-1.0.1k-10.87.amzn1.x86_64
> Asterisk 13.5.0
> Reporter: Eugene Yavaev
> Assignee: Unassigned
> Attachments: issue_25340_full_log.txt
>
>
> manager.conf:
> [general]
> enabled = yes
> ;webenabled = yes
> port = 5038
> bindaddr = 0.0.0.0
> tlsenable=yes
> tlsbindaddr=0.0.0.0:5039
> tlscertfile=/tmp/asterisk.pem
> tlsprivatekey=/tmp/private.pem
> ;tlscipher=<cipher string>
> ;allowmultiplelogin = yes
> ;displayconnects = yes
> Asterisk CLI:
> CLI> reload manager
> Module 'manager' reloaded successfully.
> CLI> manager show settings
> Manager (AMI): Yes
> Web Manager (AMI/HTTP): No
> TCP Bindaddress: 0.0.0.0:5038
> HTTP Timeout (minutes): 60
> TLS Enable: No
> TLS Bindaddress: Disabled
> TLS Certfile: /tmp/asterisk.pem
> TLS Privatekey: /tmp/private.pem
> TLS Cipher:
> Allow multiple login: Yes
> Display connects: Yes
> Timestamp events: No
> Channel vars:
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list