Closed eq-spo closed 8 months ago
Hi @eq-spo you're one of the few that is trying this feature :) I'm sure you already read this https://github.com/sipcapture/captagent/wiki/TLS and that you're aware that this key is not fully secure anymore (just to be sure). Anyway I will try it again once I can so I can give help on this.
NOTE: I will remove mysql
module inside of captagent as we don't support anymore.
When --enable-ssl
is set, the configure.ac script defines here SSL
macro, but it is never used throughout the code.
The only SSL related macro used in the code is USE_SSL
, but the configure.ac supposedly sets it here, but the if check if test "$SSL" = "yes";
never evaluates to true. I modified the if statement to if test "$enableSSL" = "yes";
it passed, but failed with the following error
configure: checking for OpenSSL SSL Library and Header files...
checking openssl/ssl.h usability... no
checking openssl/ssl.h presence... yes
configure: WARNING: openssl/ssl.h: present but cannot be compiled
configure: WARNING: openssl/ssl.h: check for missing prerequisite headers?
configure: WARNING: openssl/ssl.h: see the Autoconf documentation
configure: WARNING: openssl/ssl.h: section "Present But Cannot Be Compiled"
configure: WARNING: openssl/ssl.h: proceeding with the compiler's result
configure: WARNING: ## ------------------------------------- ##
configure: WARNING: ## Report this to support@sipcapture.org ##
configure: WARNING: ## ------------------------------------- ##
checking for openssl/ssl.h... no
Hi @greenbea
First of all --enable-tls
and --enable-ssl
are for two different things.
I will recheck the part you mentioned anyway, just to be sure.
I will work on a new version of captagent in the following months.
Thank you
Hi everyone,
We are trying to get TLS to work, but getting:
[ERR] protocol_tls.c:269 TLS has been not enabled. Please reconfigure captagent with param --enable-ssl and --enable-tls
We have deleted captagent completely and installed/compiled it with the tags as mentioned in the TLS wiki page. The dependencies libgcrypt20 libgcrypt20-dev libssl-dev and openssl are also installed
With
./configure --enable-tls --enable-ssl
we get the following summary at the end of the performanceLooks good, but after the
make && sudo make install
command and re-entering the needed values in the config-files, we are still getting the above mentioned error.captagent.xml:
socket_pcap.xml
protocol_tls.xml
The key mentioned above is a 2048 bit RSA private key and we are using TLS_RSA_WITH_AES_256_GCM_SHA384.
The only thing that seemed a little weird was with the ./configure command: Most of the output ends with a "yes" or similar, only the values like mysql, ssl or similar have nothing else after the dots:
Could we be missing something here? Perhaps the configure script is ignoring the --enable arguments?