diff --git a/.github/workflows/meson-ci.yml b/.github/workflows/meson-ci.yml index 053dba738..971850c5b 100644 --- a/.github/workflows/meson-ci.yml +++ b/.github/workflows/meson-ci.yml @@ -39,7 +39,7 @@ jobs: - name: Check out repository code uses: actions/checkout@main - name: Setup Meson Build - run: PATH="/usr/local/opt/bison/bin:$PATH" meson setup build + run: PATH="/usr/local/opt/bison/bin:$PATH" PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" meson setup build env: CC: gcc - name : Build Open5GS diff --git a/configs/310014.yaml.in b/configs/310014.yaml.in index be56f6c11..c424df939 100644 --- a/configs/310014.yaml.in +++ b/configs/310014.yaml.in @@ -2,6 +2,17 @@ db_uri: mongodb://localhost/open5gs logger: +tls: + enabled: no + server: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testserver.key + cert: @open5gs_builddir@/configs/open5gs/tls/testserver.crt + client: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testclient.key + cert: @open5gs_builddir@/configs/open5gs/tls/testclient.crt + parameter: # no_nrf: true # no_scp: true diff --git a/configs/csfb.yaml.in b/configs/csfb.yaml.in index fa618caa8..bd279a4d5 100644 --- a/configs/csfb.yaml.in +++ b/configs/csfb.yaml.in @@ -2,6 +2,17 @@ db_uri: mongodb://localhost/open5gs logger: +tls: + enabled: no + server: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testserver.key + cert: @open5gs_builddir@/configs/open5gs/tls/testserver.crt + client: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testclient.key + cert: @open5gs_builddir@/configs/open5gs/tls/testclient.crt + parameter: # no_nrf: true # no_scp: true diff --git a/configs/freeDiameter/cacert.pem b/configs/freeDiameter/cacert.pem deleted file mode 100644 index 5a73c99ef..000000000 --- a/configs/freeDiameter/cacert.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICrDCCAhWgAwIBAgIUX3u0zTLhQTa3lsR92/GelxTGQacwDQYJKoZIhvcNAQEL -BQAwaDEXMBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYD -VQQIDAVTZW91bDEOMAwGA1UEBwwFTm93b24xEDAOBgNVBAoMB09wZW41R1MxDjAM -BgNVBAsMBVRlc3RzMB4XDTIwMDgyMjAwMzkxNloXDTMwMDgyMDAwMzkxNlowaDEX -MBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYDVQQIDAVT -ZW91bDEOMAwGA1UEBwwFTm93b24xEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsM -BVRlc3RzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuPWKllQ1+hM/wQE08 -xjDBiSx9GQOCEF5dkLK126u4joIhNFig6wfn/Ui0nq88ApUlEREUXB3D33ZEsAkt -cbwz1UHX2THOeTYX8XdDbkwkbxNOOH902duiQ2UUbf8ve1hsV7+Dr7ue2Fmz4gsR -lHBv1EsIyPZJQlb4qxET+2++2QIDAQABo1MwUTAdBgNVHQ4EFgQUZPvI16MgF9yo -OqpLK4XNvT5TSwkwHwYDVR0jBBgwFoAUZPvI16MgF9yoOqpLK4XNvT5TSwkwDwYD -VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAwGvKdevLJNDuSXsFpIkTE -ZRsNnKrprNgbZC4/HkrzpvR1aDQgcSqF12DzSUmoTqzESuMtKvkaLv2IqYko9g4p -iKVu2jBDKrJq4q63Cy71fxwbtXLrqGaWgbXkepzqyJYjn4Nf/ya0shK7l2rIIDyL -crvs5/rXN6enLFUQ3n955w== ------END CERTIFICATE----- diff --git a/configs/freeDiameter/hss.cert.pem b/configs/freeDiameter/hss.cert.pem deleted file mode 100644 index 4d9ce3953..000000000 --- a/configs/freeDiameter/hss.cert.pem +++ /dev/null @@ -1,60 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests - Validity - Not Before: Aug 22 00:39:17 2020 GMT - Not After : Aug 20 00:39:17 2030 GMT - Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=hss.localdomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (1024 bit) - Modulus: - 00:e8:b3:82:96:bd:4a:f6:30:2c:03:60:aa:82:65: - b0:15:32:5f:d3:90:0d:c0:1d:06:62:52:51:c7:12: - 36:d7:5c:34:21:ac:4a:44:4d:9b:a5:22:9c:3e:86: - a8:ba:df:02:64:b6:74:f5:95:c4:71:e8:e0:28:1d: - 2b:ea:06:94:fa:3c:f1:07:d3:23:55:b6:84:d4:00: - f4:28:08:18:be:c7:38:e1:b7:d9:b4:bf:d3:e1:d3: - d8:13:60:72:e1:e4:d3:31:37:b1:cf:b9:e1:c9:8d: - 5e:e2:1c:54:a3:90:b1:69:6f:07:90:ff:68:86:69: - 7d:ef:50:69:0d:9d:47:18:39 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 74:20:F9:E9:BD:E1:37:8A:9C:A9:AD:B4:B2:28:7D:44:22:0B:BD:0B - X509v3 Authority Key Identifier: - keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09 - - Signature Algorithm: sha256WithRSAEncryption - ac:aa:85:5a:57:61:6d:7d:f3:c4:2a:b7:73:3f:e9:bc:b9:6d: - 0a:8f:35:24:13:66:46:14:5e:60:90:3e:32:95:72:5a:21:55: - 15:fe:ef:30:44:fb:fe:3e:cb:bf:f3:30:ce:3b:bb:4f:c1:64: - 41:ea:db:99:f2:ca:db:78:03:95:81:91:3c:fa:1d:9c:8a:55: - eb:9d:6a:c1:b6:de:44:38:0f:99:b4:66:d5:4e:dd:e7:d5:ba: - ff:f2:4b:f6:9a:94:53:55:36:4e:73:2d:da:d1:bb:0f:8f:fb: - 1a:22:43:28:6a:b4:5d:a3:40:2c:cf:7e:0d:3e:fb:60:ef:92: - f3:0e ------BEGIN CERTIFICATE----- -MIICsjCCAhugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s -b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH -DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw -ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE -CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD -VQQDDA9oc3MubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -AOizgpa9SvYwLANgqoJlsBUyX9OQDcAdBmJSUccSNtdcNCGsSkRNm6UinD6GqLrf -AmS2dPWVxHHo4CgdK+oGlPo88QfTI1W2hNQA9CgIGL7HOOG32bS/0+HT2BNgcuHk -0zE3sc+54cmNXuIcVKOQsWlvB5D/aIZpfe9QaQ2dRxg5AgMBAAGjezB5MAkGA1Ud -EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj -YXRlMB0GA1UdDgQWBBR0IPnpveE3ipyprbSyKH1EIgu9CzAfBgNVHSMEGDAWgBRk -+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQCsqoVaV2FtffPE -KrdzP+m8uW0KjzUkE2ZGFF5gkD4ylXJaIVUV/u8wRPv+Psu/8zDOO7tPwWRB6tuZ -8srbeAOVgZE8+h2cilXrnWrBtt5EOA+ZtGbVTt3n1br/8kv2mpRTVTZOcy3a0bsP -j/saIkMoarRdo0Asz34NPvtg75LzDg== ------END CERTIFICATE----- diff --git a/configs/freeDiameter/hss.conf.in b/configs/freeDiameter/hss.conf.in index 10c4b78df..ebc9d8c83 100644 --- a/configs/freeDiameter/hss.conf.in +++ b/configs/freeDiameter/hss.conf.in @@ -106,7 +106,7 @@ ListenOn = "127.0.0.8"; # Default : NO DEFAULT #TLS_Cred = "" , ""; #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; -TLS_Cred = "@sysconfdir@/freeDiameter/hss.cert.pem", "@sysconfdir@/freeDiameter/hss.key.pem"; +TLS_Cred = "@sysconfdir@/open5gs/tls/hss.crt", "@sysconfdir@/open5gs/tls/hss.key"; # Certificate authority / trust anchors # The file containing the list of trusted Certificate Authorities (PEM list) @@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/hss.cert.pem", "@sysconfdir@/freeDiameter/ # The directive can appear several times to specify several files. # Default : GNUTLS default behavior #TLS_CA = ""; -TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem"; +TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt"; # Certificate Revocation List file # The information about revoked certificates. diff --git a/configs/freeDiameter/hss.key.pem b/configs/freeDiameter/hss.key.pem deleted file mode 100644 index b6362d4d4..000000000 --- a/configs/freeDiameter/hss.key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDos4KWvUr2MCwDYKqCZbAVMl/TkA3AHQZiUlHHEjbXXDQhrEpE -TZulIpw+hqi63wJktnT1lcRx6OAoHSvqBpT6PPEH0yNVtoTUAPQoCBi+xzjht9m0 -v9Ph09gTYHLh5NMxN7HPueHJjV7iHFSjkLFpbweQ/2iGaX3vUGkNnUcYOQIDAQAB -AoGAdxNkv74dnd0IqLHOjut6L16XqqsMXkJ8AdQeBMBNT+bexlxjpJASFW6ghV5i -+T0k/GRhdUouPBvumJhU4Gx9zpVYUMzAxZDgWQfoknQ11fs6bi1aH8Fn9NhC3UeB -ZaSmkAyeTMpJMzVAiVLND3iN/83OcijqSq2MZ4kkdsQngAECQQD/AOBiwlh6AVtZ -bJMbVSVPLdtQRtGuP29gaC64vROE60qfxUcW7H2rHdMq4AWrlaZ3hXxSLU+TuCDt -Z7khtHexAkEA6ZxSJfw1SO0qqu/uHBcQTOzoTKPi28fRt2ilEIOhIzuHbJPpjFEp -snhGfX+XgD4EtXH1ebdmh+rGZ8yRPcjTCQJBAJ170xfq4m1mzR2q+ibVLNd7gIhR -VEmCj6xAaypYSue50DpfwYmcv/ef0bwW4imXoFkMLT0rEowuGNfFSQZRx+ECQETG -TrD8JTvJBsy4QiNm7teWz3TwsrL9itIyLpZECkZzGhVvHky/AEWYfzgnPhT1LTG1 -0Qz6X2cYSTz5zrCf1PECQQCPZIkkOUsgq6kGDK5MTzAoTjPxzIDgLX/YdMelwHUA -pK+nv/gxO9Pjd+wcU4GmaD0KXdLtu+dsKT3bx/7RzGjj ------END RSA PRIVATE KEY----- diff --git a/configs/freeDiameter/meson.build b/configs/freeDiameter/meson.build index 2db114079..bb5366cb2 100644 --- a/configs/freeDiameter/meson.build +++ b/configs/freeDiameter/meson.build @@ -34,24 +34,3 @@ foreach file : freediameter_conf meson.add_install_script(python3_exe, '-c', install_conf.format(gen, freediameter_sysconfdir)) endforeach - -freediameter_pem = ''' - cacert.pem - mme.cert.pem - mme.key.pem - hss.cert.pem - hss.key.pem - smf.cert.pem - smf.key.pem - pcrf.cert.pem - pcrf.key.pem -'''.split() - -foreach file : freediameter_pem - gen = configure_file( - input : file, - output : file, - configuration : conf_data) - meson.add_install_script(python3_exe, '-c', - install_conf.format(gen, freediameter_sysconfdir)) -endforeach diff --git a/configs/freeDiameter/mme.cert.pem b/configs/freeDiameter/mme.cert.pem deleted file mode 100644 index cca1c9792..000000000 --- a/configs/freeDiameter/mme.cert.pem +++ /dev/null @@ -1,60 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests - Validity - Not Before: Aug 22 00:39:17 2020 GMT - Not After : Aug 20 00:39:17 2030 GMT - Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=mme.localdomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (1024 bit) - Modulus: - 00:9c:69:25:fc:ee:7f:11:e0:81:f7:b5:51:8f:01: - b8:9e:01:74:03:3e:a5:25:de:6f:28:66:05:6f:7b: - ab:86:0f:09:fc:94:7b:e8:aa:9f:0b:5f:32:27:46: - f0:ca:e2:12:f3:5d:03:80:e9:9a:1d:f0:20:d6:5c: - 1b:4b:65:d4:66:e3:b7:63:19:6e:b1:e8:db:6c:24: - df:24:2c:50:f2:1c:8a:33:c1:f7:27:b8:3c:6e:c6: - 90:98:ac:43:67:00:6b:3d:ab:39:49:3d:d5:74:77: - 6a:0e:38:4e:41:cd:e4:15:63:27:76:b5:9c:75:f8: - cb:6f:cc:5e:f3:a7:68:ef:a5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 92:69:1E:3F:9F:E2:40:2F:81:24:05:B4:13:AA:8A:65:5C:7C:71:1D - X509v3 Authority Key Identifier: - keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09 - - Signature Algorithm: sha256WithRSAEncryption - 74:fc:32:ee:e6:2b:a5:f5:a4:71:64:49:ff:eb:6f:01:30:32: - b7:61:62:97:e1:2c:0f:50:62:a8:71:9a:bd:8b:d8:0d:4b:28: - ea:b4:5f:1c:30:3e:4c:23:2f:c5:5b:77:ed:48:c2:bb:b7:0c: - d9:50:4d:7f:7f:a3:b9:1e:2c:19:33:1e:41:94:e1:14:1b:45: - e8:ae:27:aa:5e:78:8e:67:67:19:69:48:e3:e4:c0:c3:a7:85: - fd:fd:d6:62:6e:dd:1f:31:2f:bc:9a:d2:fa:82:eb:4b:3e:35: - e0:90:db:ed:de:1a:68:33:6f:e6:90:9f:08:64:60:46:91:09: - 74:15 ------BEGIN CERTIFICATE----- -MIICsjCCAhugAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s -b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH -DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw -ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE -CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD -VQQDDA9tbWUubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -AJxpJfzufxHggfe1UY8BuJ4BdAM+pSXebyhmBW97q4YPCfyUe+iqnwtfMidG8Mri -EvNdA4Dpmh3wINZcG0tl1Gbjt2MZbrHo22wk3yQsUPIcijPB9ye4PG7GkJisQ2cA -az2rOUk91XR3ag44TkHN5BVjJ3a1nHX4y2/MXvOnaO+lAgMBAAGjezB5MAkGA1Ud -EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj -YXRlMB0GA1UdDgQWBBSSaR4/n+JAL4EkBbQTqoplXHxxHTAfBgNVHSMEGDAWgBRk -+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQB0/DLu5iul9aRx -ZEn/628BMDK3YWKX4SwPUGKocZq9i9gNSyjqtF8cMD5MIy/FW3ftSMK7twzZUE1/ -f6O5HiwZMx5BlOEUG0XorieqXniOZ2cZaUjj5MDDp4X9/dZibt0fMS+8mtL6gutL -PjXgkNvt3hpoM2/mkJ8IZGBGkQl0FQ== ------END CERTIFICATE----- diff --git a/configs/freeDiameter/mme.conf.in b/configs/freeDiameter/mme.conf.in index 790ce9742..74333596b 100644 --- a/configs/freeDiameter/mme.conf.in +++ b/configs/freeDiameter/mme.conf.in @@ -106,7 +106,7 @@ ListenOn = "127.0.0.2"; # Default : NO DEFAULT #TLS_Cred = "" , ""; #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; -TLS_Cred = "@sysconfdir@/freeDiameter/mme.cert.pem", "@sysconfdir@/freeDiameter/mme.key.pem"; +TLS_Cred = "@sysconfdir@/open5gs/tls/mme.crt", "@sysconfdir@/open5gs/tls/mme.key"; # Certificate authority / trust anchors # The file containing the list of trusted Certificate Authorities (PEM list) @@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/mme.cert.pem", "@sysconfdir@/freeDiameter/ # The directive can appear several times to specify several files. # Default : GNUTLS default behavior #TLS_CA = ""; -TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem"; +TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt"; # Certificate Revocation List file # The information about revoked certificates. diff --git a/configs/freeDiameter/mme.key.pem b/configs/freeDiameter/mme.key.pem deleted file mode 100644 index cc9c42c92..000000000 --- a/configs/freeDiameter/mme.key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCcaSX87n8R4IH3tVGPAbieAXQDPqUl3m8oZgVve6uGDwn8lHvo -qp8LXzInRvDK4hLzXQOA6Zod8CDWXBtLZdRm47djGW6x6NtsJN8kLFDyHIozwfcn -uDxuxpCYrENnAGs9qzlJPdV0d2oOOE5BzeQVYyd2tZx1+MtvzF7zp2jvpQIDAQAB -AoGARr3D4a7Yp/Q7tBY86gokPsp3dxQ5S3RcIBBseuybOknJAYUCucuZnWIT4/HQ -7GHtokY6VG7TNqEpqOoFqkdHFgDZQlJPG+N2B63JEGxAL0RedHsTbnYQ8MFqrixb -U59yDfwudrlEYAQNML51pEp7D06Add+CPubcFLO8Tnh/z20CQQDQCWRPP0ZdfYk1 -NZFS82fWxWE0jhxEu8nFXCh4uawlSOyyl8RFKyvwFhs+u8DAS+ntSA5nBIkglLW5 -aM+WbJerAkEAwHi5BIojXNmqjrfDDDaD3jM5/Ug2SOuReVz/7JDoPC/w9rob37RM -pz0bWrtOVCud+mD0WeOjsxfsb6ixpjMF7wJBAI9zmnbG0/eNo/pL6NzBOP4w9rlt -sPJ4Z0avKL0ukxTWt1jjLBTiExcntzvH7b7r2e+ju0KwLvqHcNPcASDh2qcCQBQ4 -Wo+ch4yInX9y1L3iuEXOsefm/zT38oeCeqx6qLsx+imhca41vdvP8qC8jsUO9ADK -0MDkxlzZRZCRc2BXeecCQQCl+Ac9n+gtpIUFNmwvgtOnnjDAEDhGgi4lR45frT75 -t57D+YTERbn2pygttzhZ6imWMEUnSQJQSGpDAUnVsIUg ------END RSA PRIVATE KEY----- diff --git a/configs/freeDiameter/pcrf.cert.pem b/configs/freeDiameter/pcrf.cert.pem deleted file mode 100644 index ffe7a97f4..000000000 --- a/configs/freeDiameter/pcrf.cert.pem +++ /dev/null @@ -1,60 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests - Validity - Not Before: Aug 22 00:39:17 2020 GMT - Not After : Aug 20 00:39:17 2030 GMT - Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=pcrf.localdomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (1024 bit) - Modulus: - 00:b9:1f:b3:a5:74:de:31:97:ac:fa:86:1d:65:86: - c7:be:b1:25:07:01:f3:69:21:7a:6d:ec:d7:c8:ec: - e2:c9:e8:71:a1:07:ce:0e:68:e5:0f:a9:ec:f3:5e: - 5e:3e:a4:ea:27:f3:fa:65:36:2d:7c:ce:a8:70:cc: - 34:db:51:b2:28:7b:03:bf:78:06:61:7c:44:81:17: - 88:f9:c9:16:cb:2e:9f:21:4a:24:28:0a:0f:76:ef: - 63:0f:05:a4:ee:52:64:1f:4f:0b:ec:4e:6c:1b:12: - 40:43:75:ed:62:16:ec:6a:ba:15:dd:c4:b9:fa:a9: - de:2c:80:f5:84:c5:97:ec:7b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - CD:C4:C9:C1:7F:D9:34:1F:DB:08:61:27:FC:59:A2:C2:CC:19:9A:7B - X509v3 Authority Key Identifier: - keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09 - - Signature Algorithm: sha256WithRSAEncryption - 24:3a:da:a7:50:b3:42:ab:e9:87:21:b2:d9:2b:a1:44:0b:5f: - bd:ad:c9:8b:b1:ca:d5:2e:65:46:55:80:11:00:33:03:f9:04: - b1:31:a2:c9:d2:41:e0:ec:73:bc:9a:3c:31:06:cc:d0:2d:73: - 1f:b4:93:1c:b0:99:dd:14:27:64:39:7e:c5:ab:53:48:c5:25: - e8:88:fd:4e:b8:dd:64:88:b5:b4:89:8b:15:97:8b:e7:c9:fb: - 23:6c:ed:60:9b:2f:f0:99:7a:75:6c:8e:ea:09:c6:ba:ff:e9: - 81:3f:97:96:8b:00:58:5b:88:13:e8:8a:39:4c:f6:c9:06:d3: - 24:66 ------BEGIN CERTIFICATE----- -MIICszCCAhygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s -b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH -DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw -ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBaMQswCQYDVQQGEwJLTzEOMAwGA1UE -CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRkwFwYD -VQQDDBBwY3JmLmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQC5H7OldN4xl6z6hh1lhse+sSUHAfNpIXpt7NfI7OLJ6HGhB84OaOUPqezzXl4+ -pOon8/plNi18zqhwzDTbUbIoewO/eAZhfESBF4j5yRbLLp8hSiQoCg9272MPBaTu -UmQfTwvsTmwbEkBDde1iFuxquhXdxLn6qd4sgPWExZfsewIDAQABo3sweTAJBgNV -HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp -Y2F0ZTAdBgNVHQ4EFgQUzcTJwX/ZNB/bCGEn/FmiwswZmnswHwYDVR0jBBgwFoAU -ZPvI16MgF9yoOqpLK4XNvT5TSwkwDQYJKoZIhvcNAQELBQADgYEAJDrap1CzQqvp -hyGy2SuhRAtfva3Ji7HK1S5lRlWAEQAzA/kEsTGiydJB4OxzvJo8MQbM0C1zH7ST -HLCZ3RQnZDl+xatTSMUl6Ij9TrjdZIi1tImLFZeL58n7I2ztYJsv8Jl6dWyO6gnG -uv/pgT+XlosAWFuIE+iKOUz2yQbTJGY= ------END CERTIFICATE----- diff --git a/configs/freeDiameter/pcrf.conf.in b/configs/freeDiameter/pcrf.conf.in index d0cc2ec02..83d4b53b4 100644 --- a/configs/freeDiameter/pcrf.conf.in +++ b/configs/freeDiameter/pcrf.conf.in @@ -106,7 +106,7 @@ ListenOn = "127.0.0.9"; # Default : NO DEFAULT #TLS_Cred = "" , ""; #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; -TLS_Cred = "@sysconfdir@/freeDiameter/pcrf.cert.pem", "@sysconfdir@/freeDiameter/pcrf.key.pem"; +TLS_Cred = "@sysconfdir@/open5gs/tls/pcrf.crt", "@sysconfdir@/open5gs/tls/pcrf.key"; # Certificate authority / trust anchors # The file containing the list of trusted Certificate Authorities (PEM list) @@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/pcrf.cert.pem", "@sysconfdir@/freeDiameter # The directive can appear several times to specify several files. # Default : GNUTLS default behavior #TLS_CA = ""; -TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem"; +TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt"; # Certificate Revocation List file # The information about revoked certificates. diff --git a/configs/freeDiameter/pcrf.key.pem b/configs/freeDiameter/pcrf.key.pem deleted file mode 100644 index bed6dbee3..000000000 --- a/configs/freeDiameter/pcrf.key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWgIBAAKBgQC5H7OldN4xl6z6hh1lhse+sSUHAfNpIXpt7NfI7OLJ6HGhB84O -aOUPqezzXl4+pOon8/plNi18zqhwzDTbUbIoewO/eAZhfESBF4j5yRbLLp8hSiQo -Cg9272MPBaTuUmQfTwvsTmwbEkBDde1iFuxquhXdxLn6qd4sgPWExZfsewIDAQAB -An8UP2NmtWGYCv7gZ8rPT+6I7Ncf7RayaPb7DuyLDV3At6u18SSYbuCe1fcUpz2n -nGH//K9mYoaXIANMUwl083qIwxT0VbarpTCgiHT8afdISe6Bm8B8Xs0ITEikRHiG -vmI/oCbCA1DkXZlf4jpQbGdet2DyxnJTXv+W9vDkqHOhAkEA74Y+MQgf3eaz/on9 -2I5S0kvFJxBYjkAcbkzHmytA5cT45KoCIF+6oPAnBoDkLq3fUotOgWzX2pnWHzMu -+VLtrwJBAMXbhpxQflZ/4eqDYbD49ggVO8VJzl3Ch1B7ZvKW/b+6plRwsdHx0RFk -xbwz02GuJbwf6UjVW1VyaQF6fgkdzPUCQQCYhK+nQxgfkV69zxpvwbilJhBFHph1 -BAfWiFd1y+YIKROfb03pVWuePS1sa7hgrOCOTBxSN39/OAPrXAkmQ5MLAkBbNSZp -eoWy1ELNe4EWNr4b3cXu3WYfPKRqCmjbnZUdxCoWtNiUAlgxH3YzmuRvm/rTLRa6 -N3hh/FrBjrj49N7dAkA5SaCw2WFulgLRPA6QwfObrQEYkHgtF2++r9jhane5nfq3 -/kcrlFnfDfT7ITc32Hmvgj7wJud7w8ANukPXG7DU ------END RSA PRIVATE KEY----- diff --git a/configs/freeDiameter/smf.cert.pem b/configs/freeDiameter/smf.cert.pem deleted file mode 100644 index 610168e4a..000000000 --- a/configs/freeDiameter/smf.cert.pem +++ /dev/null @@ -1,60 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=ca.localdomain, C=KO, ST=Seoul, L=Nowon, O=Open5GS, OU=Tests - Validity - Not Before: Aug 22 00:39:17 2020 GMT - Not After : Aug 20 00:39:17 2030 GMT - Subject: C=KO, ST=Seoul, O=Open5GS, OU=Tests, CN=smf.localdomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (1024 bit) - Modulus: - 00:ad:d6:cb:88:33:51:23:72:f1:16:29:2a:df:b7: - 75:d7:38:9e:da:18:b6:27:73:a8:60:ec:04:8f:d0: - cd:c6:2e:10:ff:bd:c3:c2:a3:d7:53:e7:9e:73:07: - 07:a9:59:16:b1:7f:92:79:4d:d8:ee:5a:c7:ed:ef: - 37:83:8a:7d:94:08:41:0b:34:68:27:a5:4b:7d:cb: - 29:fb:85:c0:21:6e:17:72:32:29:7a:28:be:94:31: - 56:d2:85:9f:4b:b1:33:6f:f9:eb:01:9c:e7:2f:68: - 94:6b:91:58:a7:80:04:94:3c:b3:19:96:91:31:f7: - c4:81:98:2b:85:8f:5c:f0:fd - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 91:4B:EF:65:02:0D:C8:85:FA:4A:3F:29:C0:10:3C:1B:AE:E4:AD:A4 - X509v3 Authority Key Identifier: - keyid:64:FB:C8:D7:A3:20:17:DC:A8:3A:AA:4B:2B:85:CD:BD:3E:53:4B:09 - - Signature Algorithm: sha256WithRSAEncryption - a3:6e:4f:00:bd:1a:62:b9:86:0f:35:f6:18:8d:15:61:a2:bc: - 05:07:f1:73:8d:70:6f:e1:34:f1:ae:87:26:87:13:0b:c8:d8: - 29:16:70:02:12:73:36:f9:de:43:26:12:7d:9f:d2:20:7c:e2: - 76:47:0b:14:ba:67:e5:5a:0d:22:3b:00:c8:35:ab:dd:b1:9a: - e5:75:b0:86:89:02:15:32:b3:e9:48:c3:e0:38:e1:56:4c:fd: - aa:12:96:00:6d:a6:c3:ab:b0:8c:4b:ab:b2:4c:c2:08:26:ab: - d6:3f:26:95:4a:da:b8:dd:9a:f8:fe:b9:c2:e3:7a:a3:2f:2c: - 7f:df ------BEGIN CERTIFICATE----- -MIICsjCCAhugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBoMRcwFQYDVQQDDA5jYS5s -b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMQ4wDAYDVQQH -DAVOb3dvbjEQMA4GA1UECgwHT3BlbjVHUzEOMAwGA1UECwwFVGVzdHMwHhcNMjAw -ODIyMDAzOTE3WhcNMzAwODIwMDAzOTE3WjBZMQswCQYDVQQGEwJLTzEOMAwGA1UE -CAwFU2VvdWwxEDAOBgNVBAoMB09wZW41R1MxDjAMBgNVBAsMBVRlc3RzMRgwFgYD -VQQDDA9zbWYubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -AK3Wy4gzUSNy8RYpKt+3ddc4ntoYtidzqGDsBI/QzcYuEP+9w8Kj11PnnnMHB6lZ -FrF/knlN2O5ax+3vN4OKfZQIQQs0aCelS33LKfuFwCFuF3IyKXoovpQxVtKFn0ux -M2/56wGc5y9olGuRWKeABJQ8sxmWkTH3xIGYK4WPXPD9AgMBAAGjezB5MAkGA1Ud -EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj -YXRlMB0GA1UdDgQWBBSRS+9lAg3IhfpKPynAEDwbruStpDAfBgNVHSMEGDAWgBRk -+8jXoyAX3Kg6qksrhc29PlNLCTANBgkqhkiG9w0BAQsFAAOBgQCjbk8AvRpiuYYP -NfYYjRVhorwFB/FzjXBv4TTxrocmhxMLyNgpFnACEnM2+d5DJhJ9n9IgfOJ2RwsU -umflWg0iOwDINavdsZrldbCGiQIVMrPpSMPgOOFWTP2qEpYAbabDq7CMS6uyTMII -JqvWPyaVStq43Zr4/rnC43qjLyx/3w== ------END CERTIFICATE----- diff --git a/configs/freeDiameter/smf.conf.in b/configs/freeDiameter/smf.conf.in index 77b881076..a21a9dbb4 100644 --- a/configs/freeDiameter/smf.conf.in +++ b/configs/freeDiameter/smf.conf.in @@ -106,7 +106,7 @@ ListenOn = "127.0.0.4"; # Default : NO DEFAULT #TLS_Cred = "" , ""; #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; -TLS_Cred = "@sysconfdir@/freeDiameter/smf.cert.pem", "@sysconfdir@/freeDiameter/smf.key.pem"; +TLS_Cred = "@sysconfdir@/open5gs/tls/smf.crt", "@sysconfdir@/open5gs/tls/smf.key"; # Certificate authority / trust anchors # The file containing the list of trusted Certificate Authorities (PEM list) @@ -114,7 +114,7 @@ TLS_Cred = "@sysconfdir@/freeDiameter/smf.cert.pem", "@sysconfdir@/freeDiameter/ # The directive can appear several times to specify several files. # Default : GNUTLS default behavior #TLS_CA = ""; -TLS_CA = "@sysconfdir@/freeDiameter/cacert.pem"; +TLS_CA = "@sysconfdir@/open5gs/tls/ca.crt"; # Certificate Revocation List file # The information about revoked certificates. diff --git a/configs/freeDiameter/smf.key.pem b/configs/freeDiameter/smf.key.pem deleted file mode 100644 index f0581961f..000000000 --- a/configs/freeDiameter/smf.key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCt1suIM1EjcvEWKSrft3XXOJ7aGLYnc6hg7ASP0M3GLhD/vcPC -o9dT555zBwepWRaxf5J5TdjuWsft7zeDin2UCEELNGgnpUt9yyn7hcAhbhdyMil6 -KL6UMVbShZ9LsTNv+esBnOcvaJRrkVingASUPLMZlpEx98SBmCuFj1zw/QIDAQAB -AoGAV1x1hmn7oav22mMv56PD9be/pOz8RZFLEgIqPLf7YVfvNQaBpYQ/ByyEJVxo -DkP2Mpdg3dMwbIB0ru8j39guSO0evsCG95u5L3lUMLFh/+WTt4W0g4+9y0qD1dUy -y7kk+gKLlbPvyRNr+CiEnpz/rxdWC3J+tVBsWJGNjBGtZWECQQDdn5q7FUrF6HHQ -O5iJYCbeL+Xn4Ajwrr4M9OeGhMz4pTTtE45jjGi2ykFa9TJFMqjLuClBXw5FkIOe -S4unTO7JAkEAyM268Z558xHHnRl6uEN1NrqqpdXtZYnK9lm4/kZRs2mKm/98fjf0 -GiHwiKqONP7si4ARE2Ws1wKmXmCe0nNGlQJBAMw8KFCd95FYe4IlWZXHySnaxCki -WbrLnhK8opxhx66gOJz996sfmuRQkVfsPE5uuAU9Cq/WlIVg/xoijmk3yZkCQEFu -YCsZM62TrpKvWcCvIoOZ4b817Sw38S3C4LfiW/71NhhM8NkEDINzabhusvXr11JB -gc7rQ52wHFwGadoze90CQF9qOBatpIFlEDkhzKofRILCWIzSrfhFdcCZqe6K8G10 -ngbk3Xg3I0I+qWViDivOm689SC9xniF7wJ1XH0BRBKE= ------END RSA PRIVATE KEY----- diff --git a/configs/meson.build b/configs/meson.build index ba7a917e4..f5fdcfdcc 100644 --- a/configs/meson.build +++ b/configs/meson.build @@ -22,6 +22,9 @@ conf_data.set('sysconfdir', sysconfdir) conf_data.set('libdir', libdir) conf_data.set('localstatedir', localstatedir) +open5gs_builddir = meson.build_root() +conf_data.set('open5gs_builddir', open5gs_builddir) + freediameter_extensions_builddir = join_paths( meson.build_root(), 'subprojects', 'freeDiameter', 'extensions') conf_data.set('freediameter_extensions_builddir', diff --git a/configs/non3gpp.yaml.in b/configs/non3gpp.yaml.in index fe35cb4f0..f8f6bd9b6 100644 --- a/configs/non3gpp.yaml.in +++ b/configs/non3gpp.yaml.in @@ -2,6 +2,17 @@ db_uri: mongodb://localhost/open5gs logger: +tls: + enabled: no + server: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testserver.key + cert: @open5gs_builddir@/configs/open5gs/tls/testserver.crt + client: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testclient.key + cert: @open5gs_builddir@/configs/open5gs/tls/testclient.crt + parameter: # no_nrf: true # no_scp: true diff --git a/configs/open5gs/amf.yaml.in b/configs/open5gs/amf.yaml.in index 286f81184..0a69f3bd0 100644 --- a/configs/open5gs/amf.yaml.in +++ b/configs/open5gs/amf.yaml.in @@ -21,6 +21,44 @@ logger: file: @localstatedir@/log/open5gs/amf.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/amf.key +# cert: /etc/open5gs/tls/amf.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/amf.key +# cert: /etc/open5gs/tls/amf.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/amf.key + cert: @sysconfdir@/open5gs/tls/amf.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/amf.key + cert: @sysconfdir@/open5gs/tls/amf.crt + # # amf: # @@ -29,7 +67,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -37,20 +75,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/amf.key +# cert: /etc/open5gs/tls/amf.crt +# amf: # sbi: -# - tls: -# key: amf.key -# pem: amf.pem # -# o SBI Server(https://127.0.0.5:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/amf.key +# cert: /etc/open5gs/tls/amf.crt +# amf: # sbi: # - addr: 127.0.0.5 -# tls: -# key: amf.key -# pem: amf.pem # - addr: ::1 # -# o SBI Server(http://amf.open5gs.org:80) +# o SBI Server(https://amf.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# amf: # sbi: # - name: amf.open5gs.org # @@ -332,12 +381,24 @@ amf: # addr: 127.0.1.10 # port: 7777 # -# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80) +# o SBI Client(https://127.0.1.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/amf.key +# cert: /etc/open5gs/tls/amf.crt +# scp: # sbi: # - addr: 127.0.1.10 -# tls: -# key: scp.key -# pem: scp.pem +# - addr: ::1 +# +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# scp: +# sbi: # - name: scp.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) @@ -376,12 +437,24 @@ scp: # addr: 127.0.0.10 # port: 7777 # -# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80) +# o SBI Client(https://127.0.0.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/amf.key +# cert: /etc/open5gs/tls/amf.crt +# nrf: # sbi: # - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: ::1 +# +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: +# sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) diff --git a/configs/open5gs/ausf.yaml.in b/configs/open5gs/ausf.yaml.in index f4bcfe83b..54e314a33 100644 --- a/configs/open5gs/ausf.yaml.in +++ b/configs/open5gs/ausf.yaml.in @@ -21,6 +21,44 @@ logger: file: @localstatedir@/log/open5gs/ausf.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/ausf.key +# cert: /etc/open5gs/tls/ausf.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/ausf.key +# cert: /etc/open5gs/tls/ausf.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/ausf.key + cert: @sysconfdir@/open5gs/tls/ausf.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/ausf.key + cert: @sysconfdir@/open5gs/tls/ausf.crt + # # ausf: # @@ -29,7 +67,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -37,20 +75,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/ausf.key +# cert: /etc/open5gs/tls/ausf.crt +# ausf: # sbi: -# - tls: -# key: ausf.key -# pem: ausf.pem # -# o SBI Server(https://127.0.0.11:443, http://[::1]:80) +# o SBI Server(http://127.0.0.11:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/ausf.key +# cert: /etc/open5gs/tls/ausf.crt +# ausf: # sbi: # - addr: 127.0.0.11 -# tls: -# key: ausf.key -# pem: ausf.pem # - addr: ::1 # -# o SBI Server(http://ausf.open5gs.org:80) +# o SBI Server(https://ausf.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# ausf: # sbi: # - name: ausf.open5gs.org # @@ -157,12 +206,24 @@ ausf: # addr: 127.0.1.10 # port: 7777 # -# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80) +# o SBI Client(https://127.0.1.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/ausf.key +# cert: /etc/open5gs/tls/ausf.crt +# scp: # sbi: # - addr: 127.0.1.10 -# tls: -# key: scp.key -# pem: scp.pem +# - addr: ::1 +# +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# scp: +# sbi: # - name: scp.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) @@ -201,12 +262,24 @@ scp: # addr: 127.0.0.10 # port: 7777 # -# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80) +# o SBI Client(https://127.0.0.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/ausf.key +# cert: /etc/open5gs/tls/ausf.crt +# nrf: # sbi: # - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: ::1 +# +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: +# sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) diff --git a/configs/open5gs/bsf.yaml.in b/configs/open5gs/bsf.yaml.in index 7ca701bd5..d28482d29 100644 --- a/configs/open5gs/bsf.yaml.in +++ b/configs/open5gs/bsf.yaml.in @@ -23,6 +23,44 @@ db_uri: mongodb://localhost/open5gs logger: file: @localstatedir@/log/open5gs/bsf.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/bsf.key +# cert: /etc/open5gs/tls/bsf.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/bsf.key +# cert: /etc/open5gs/tls/bsf.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/bsf.key + cert: @sysconfdir@/open5gs/tls/bsf.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/bsf.key + cert: @sysconfdir@/open5gs/tls/bsf.crt + # # bsf: # @@ -31,7 +69,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -39,20 +77,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/bsf.key +# cert: /etc/open5gs/tls/bsf.crt +# bsf: # sbi: -# - tls: -# key: bsf.key -# pem: bsf.pem # -# o SBI Server(https://127.0.0.15:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/bsf.key +# cert: /etc/open5gs/tls/bsf.crt +# bsf: # sbi: -# - addr: 127.0.0.15 -# tls: -# key: bsf.key -# pem: bsf.pem +# - addr: 127.0.0.5 # - addr: ::1 # -# o SBI Server(http://bsf.open5gs.org:80) +# o SBI Server(https://bsf.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# bsf: # sbi: # - name: bsf.open5gs.org # @@ -159,12 +208,24 @@ bsf: # addr: 127.0.1.10 # port: 7777 # -# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80) +# o SBI Client(https://127.0.1.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/bsf.key +# cert: /etc/open5gs/tls/bsf.crt +# scp: # sbi: # - addr: 127.0.1.10 -# tls: -# key: scp.key -# pem: scp.pem +# - addr: ::1 +# +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# scp: +# sbi: # - name: scp.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) @@ -203,12 +264,24 @@ scp: # addr: 127.0.0.10 # port: 7777 # -# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80) +# o SBI Client(https://127.0.0.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/bsf.key +# cert: /etc/open5gs/tls/bsf.crt +# nrf: # sbi: # - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: ::1 +# +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: +# sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) diff --git a/configs/open5gs/meson.build b/configs/open5gs/meson.build index 9b0849210..0888065a2 100644 --- a/configs/open5gs/meson.build +++ b/configs/open5gs/meson.build @@ -46,3 +46,5 @@ foreach file : open5gs_conf meson.add_install_script(python3_exe, '-c', install_conf.format(gen, open5gs_sysconfdir)) endforeach + +subdir('tls') diff --git a/configs/open5gs/nrf.yaml.in b/configs/open5gs/nrf.yaml.in index a43fcf194..f2f488000 100644 --- a/configs/open5gs/nrf.yaml.in +++ b/configs/open5gs/nrf.yaml.in @@ -21,6 +21,44 @@ logger: file: @localstatedir@/log/open5gs/nrf.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/nrf.key +# cert: /etc/open5gs/tls/nrf.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/nrf.key +# cert: /etc/open5gs/tls/nrf.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/nrf.key + cert: @sysconfdir@/open5gs/tls/nrf.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/nrf.key + cert: @sysconfdir@/open5gs/tls/nrf.crt + # # nrf: # @@ -37,22 +75,33 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/nrf.key +# cert: /etc/open5gs/tls/nrf.crt +# nrf: # sbi: -# tls: -# key: nrf.key -# pem: nrf.pem # -# o SBI Server(https://127.0.0.10:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/nrf.key +# cert: /etc/open5gs/tls/nrf.crt +# nrf: # sbi: -# - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: 127.0.0.5 # - addr: ::1 # -# o SBI Server(http://nrf.open5gs.org:80) +# o SBI Server(https://nrf.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: # sbi: -# name: nrf.open5gs.org +# - name: nrf.open5gs.org # # o SBI Server(http://127.0.0.10:7777) # sbi: @@ -87,10 +136,10 @@ logger: # nrf: sbi: - addr: + - addr: - 127.0.0.10 - ::1 - port: 7777 + port: 7777 # # scp: @@ -102,12 +151,24 @@ nrf: # addr: 127.0.1.10 # port: 7777 # -# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80) +# o SBI Client(https://127.0.1.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/nrf.key +# cert: /etc/open5gs/tls/nrf.crt +# scp: # sbi: # - addr: 127.0.1.10 -# tls: -# key: scp.key -# pem: scp.pem +# - addr: ::1 +# +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# scp: +# sbi: # - name: scp.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) diff --git a/configs/open5gs/nssf.yaml.in b/configs/open5gs/nssf.yaml.in index 695ac704e..d4c69f2f6 100644 --- a/configs/open5gs/nssf.yaml.in +++ b/configs/open5gs/nssf.yaml.in @@ -21,6 +21,44 @@ logger: file: @localstatedir@/log/open5gs/nssf.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/nssf.key +# cert: /etc/open5gs/tls/nssf.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/nssf.key +# cert: /etc/open5gs/tls/nssf.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/nssf.key + cert: @sysconfdir@/open5gs/tls/nssf.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/nssf.key + cert: @sysconfdir@/open5gs/tls/nssf.crt + # # nssf: # @@ -29,7 +67,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -37,20 +75,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/nssf.key +# cert: /etc/open5gs/tls/nssf.crt +# nssf: # sbi: -# - tls: -# key: nssf.key -# pem: nssf.pem # -# o SBI Server(https://127.0.0.14:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/nssf.key +# cert: /etc/open5gs/tls/nssf.crt +# nssf: # sbi: -# - addr: 127.0.0.14 -# tls: -# key: nssf.key -# pem: nssf.pem +# - addr: 127.0.0.5 # - addr: ::1 # -# o SBI Server(http://nssf.open5gs.org:80) +# o SBI Server(https://nssf.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# nssf: # sbi: # - name: nssf.open5gs.org # @@ -212,12 +261,24 @@ nssf: # addr: 127.0.1.10 # port: 7777 # -# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80) +# o SBI Client(https://127.0.1.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/nssf.key +# cert: /etc/open5gs/tls/nssf.crt +# scp: # sbi: # - addr: 127.0.1.10 -# tls: -# key: scp.key -# pem: scp.pem +# - addr: ::1 +# +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# scp: +# sbi: # - name: scp.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) @@ -256,12 +317,24 @@ scp: # addr: 127.0.0.10 # port: 7777 # -# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80) +# o SBI Client(https://127.0.0.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/nssf.key +# cert: /etc/open5gs/tls/nssf.crt +# nrf: # sbi: # - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: ::1 +# +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: +# sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) diff --git a/configs/open5gs/pcf.yaml.in b/configs/open5gs/pcf.yaml.in index 63ada49fc..5f9fedc54 100644 --- a/configs/open5gs/pcf.yaml.in +++ b/configs/open5gs/pcf.yaml.in @@ -23,6 +23,44 @@ db_uri: mongodb://localhost/open5gs logger: file: @localstatedir@/log/open5gs/pcf.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/pcf.key +# cert: /etc/open5gs/tls/pcf.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/pcf.key +# cert: /etc/open5gs/tls/pcf.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/pcf.key + cert: @sysconfdir@/open5gs/tls/pcf.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/pcf.key + cert: @sysconfdir@/open5gs/tls/pcf.crt + # # pcf: # @@ -31,7 +69,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -39,20 +77,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/pcf.key +# cert: /etc/open5gs/tls/pcf.crt +# pcf: # sbi: -# - tls: -# key: pcf.key -# pem: pcf.pem # -# o SBI Server(https://127.0.0.13:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/pcf.key +# cert: /etc/open5gs/tls/pcf.crt +# pcf: # sbi: -# - addr: 127.0.0.13 -# tls: -# key: pcf.key -# pem: pcf.pem +# - addr: 127.0.0.5 # - addr: ::1 # -# o SBI Server(http://pcf.open5gs.org:80) +# o SBI Server(https://pcf.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# pcf: # sbi: # - name: pcf.open5gs.org # @@ -170,10 +219,18 @@ pcf: # sbi: # - addr: 127.0.1.10 # tls: -# key: scp.key -# pem: scp.pem +# key: /etc/open5gs/tls/pcf.key +# cert: /etc/open5gs/tls/pcf.crt # - name: scp.open5gs.org # +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify peer +# +# sbi: +# - name: scp.open5gs.org +# tls: +# cacert: /etc/open5gs/tls/ca.crt +# # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) # If prefer_ipv4 is true, http://127.0.1.10:80 is selected. # @@ -210,12 +267,24 @@ scp: # addr: 127.0.0.10 # port: 7777 # -# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80) +# o SBI Client(https://127.0.0.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/pcf.key +# cert: /etc/open5gs/tls/pcf.crt +# nrf: # sbi: # - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: ::1 +# +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: +# sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) diff --git a/configs/open5gs/scp.yaml.in b/configs/open5gs/scp.yaml.in index cfdbdce74..548d48361 100644 --- a/configs/open5gs/scp.yaml.in +++ b/configs/open5gs/scp.yaml.in @@ -23,6 +23,44 @@ db_uri: mongodb://localhost/open5gs logger: file: @localstatedir@/log/open5gs/scp.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/scp.key +# cert: /etc/open5gs/tls/scp.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/scp.key +# cert: /etc/open5gs/tls/scp.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/scp.key + cert: @sysconfdir@/open5gs/tls/scp.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/scp.key + cert: @sysconfdir@/open5gs/tls/scp.crt + # # scp: # @@ -31,7 +69,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -39,20 +77,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/scp.key +# cert: /etc/open5gs/tls/scp.crt +# scp: # sbi: -# - tls: -# key: scp.key -# pem: scp.pem # -# o SBI Server(https://127.0.1.10:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/scp.key +# cert: /etc/open5gs/tls/scp.crt +# scp: # sbi: -# - addr: 127.0.1.10 -# tls: -# key: scp.key -# pem: scp.pem +# - addr: 127.0.0.5 # - addr: ::1 # -# o SBI Server(http://scp.open5gs.org:80) +# o SBI Server(https://scp.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# scp: # sbi: # - name: scp.open5gs.org # @@ -126,13 +175,25 @@ scp: # addr: 127.0.1.11 # port: 7777 # -# o SBI Client(https://127.0.1.11:443, http://next-scp.open5gs.org:80) +# o SBI Client(https://127.0.1.11:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/next-scp.key +# cert: /etc/open5gs/tls/next-scp.crt +# scp: # sbi: # - addr: 127.0.1.11 -# tls: -# key: next-scp.key -# pem: next-scp.pem -# - name: next-scp.open5gs.org +# - addr: ::1 +# +# o SBI Client(http://next-scp.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# scp: +# sbi: +# - name: scp.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) # If prefer_ipv4 is true, http://127.0.1.11:80 is selected. @@ -169,10 +230,18 @@ scp: # sbi: # - addr: 127.0.0.10 # tls: -# key: nrf.key -# pem: nrf.pem +# key: /etc/open5gs/tls/scp.key +# cert: /etc/open5gs/tls/scp.crt # - name: nrf.open5gs.org # +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify peer +# +# sbi: +# - name: nrf.open5gs.org +# tls: +# cacert: /etc/open5gs/tls/ca.crt +# # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) # If prefer_ipv4 is true, http://127.0.0.10:80 is selected. # diff --git a/configs/open5gs/smf.yaml.in b/configs/open5gs/smf.yaml.in index 9d7df1ad3..9b7ad5083 100644 --- a/configs/open5gs/smf.yaml.in +++ b/configs/open5gs/smf.yaml.in @@ -21,6 +21,44 @@ logger: file: @localstatedir@/log/open5gs/smf.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/smf.key +# cert: /etc/open5gs/tls/smf.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/smf.key +# cert: /etc/open5gs/tls/smf.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/smf.key + cert: @sysconfdir@/open5gs/tls/smf.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/smf.key + cert: @sysconfdir@/open5gs/tls/smf.crt + # # smf: # @@ -29,7 +67,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -37,20 +75,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/smf.key +# cert: /etc/open5gs/tls/smf.crt +# smf: # sbi: -# - tls: -# key: smf.key -# pem: smf.pem # -# o SBI Server(https://127.0.0.4:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/smf.key +# cert: /etc/open5gs/tls/smf.crt +# smf: # sbi: -# - addr: 127.0.0.4 -# tls: -# key: smf.key -# pem: smf.pem +# - addr: 127.0.0.5 # - addr: ::1 # -# o SBI Server(http://smf.open5gs.org:80) +# o SBI Server(https://smf.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# smf: # sbi: # - name: smf.open5gs.org # @@ -497,10 +546,18 @@ smf: # sbi: # - addr: 127.0.1.10 # tls: -# key: scp.key -# pem: scp.pem +# key: /etc/open5gs/tls/smf.key +# cert: /etc/open5gs/tls/smf.crt # - name: scp.open5gs.org # +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify peer +# +# sbi: +# - name: scp.open5gs.org +# tls: +# cacert: /etc/open5gs/tls/ca.crt +# # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) # If prefer_ipv4 is true, http://127.0.1.10:80 is selected. # @@ -537,12 +594,24 @@ scp: # addr: 127.0.0.10 # port: 7777 # -# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80) +# o SBI Client(https://127.0.0.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/smf.key +# cert: /etc/open5gs/tls/smf.crt +# nrf: # sbi: # - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: ::1 +# +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: +# sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) diff --git a/configs/open5gs/tls/amf.crt b/configs/open5gs/tls/amf.crt new file mode 100644 index 000000000..ad9b6a95d --- /dev/null +++ b/configs/open5gs/tls/amf.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjVaFw0zMjExMDgyMzM3MjVaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD2FtZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAL5q1eXK8wzvyymrEpxLgdGg8ArHUiGk0BerkwIwOvkJRkqolQx1CVV+ +SZAsnLxrt1+DEb9PTEpqrAXXAWxGtjDCW8FARPFfhziq4B0NPHuTtXusvT+9xF0I +EY/HFyO/3EYh5vRh5gGZdW5Ukgh4We4Zw/lw0d2BFA2/L5Xz4zOV1P3vSeATyNMq +4mPWD5xUs0utUzOevmom/+vMO8HGecKv8dpdcM45Gget5pH9OwT0nEAOusW8vYZK +kCVKNFAvfyCOVzVG82jS8XARrMGzFPfnrkadYrf/sV4OQ7hLc4ZdO83kXubOoCJm +xrxp7Z8aaXjNEpGW2dZQqU9w57SP9sMCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQU2olHBnRSjS69sZRJT5rFpHAQDhcwHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAIEUFoQQ1yuR4apyUddE26Hm +tnYmXWaTFtL3D98rSj+mwyUOOPD/r7JcsK36XUj8bbMZ4avxMJpYhQGV7x8LG1t1 +3mKlq9JAvLzIREe7zvR8BbOmPu8AVO2Z4uCGrSAa1BsxGgobZ5E2btPHR5RVWiQS +yYhaIjBuUlPqpa20Pc5cKhZKa8bgfdVs/gsZVwa7T6Xr+hMiSlH0uGIUx85oW4sY +MidmaMRM1dabSo6nTLcQA0k7h3iC4nZ1MpyMpzt98vZCzVZzWlcJ7AW+py9xKUlN +48TKTdqHSwt5R9cLnrR7fSVzoPrS9H7KHcemP3poSN/E0PlD+Wou8AFBGBgle8o= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/amf.csr b/configs/open5gs/tls/amf.csr new file mode 100644 index 000000000..6e4c22a5d --- /dev/null +++ b/configs/open5gs/tls/amf.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPYW1mLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmrV5crzDO/LKasSnEuB0aDwCsdSIaTQ +F6uTAjA6+QlGSqiVDHUJVX5JkCycvGu3X4MRv09MSmqsBdcBbEa2MMJbwUBE8V+H +OKrgHQ08e5O1e6y9P73EXQgRj8cXI7/cRiHm9GHmAZl1blSSCHhZ7hnD+XDR3YEU +Db8vlfPjM5XU/e9J4BPI0yriY9YPnFSzS61TM56+aib/68w7wcZ5wq/x2l1wzjka +B63mkf07BPScQA66xby9hkqQJUo0UC9/II5XNUbzaNLxcBGswbMU9+euRp1it/+x +Xg5DuEtzhl07zeRe5s6gImbGvGntnxppeM0SkZbZ1lCpT3DntI/2wwIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAGaPpZwtBx66RzpY4jkjHuIjxD4SQop5XbzfNr+l +HupHV/maWqEwlExTiRqQLUYJ01f4d6y/X8ABU4dyXbaqzWBEBtNg8uIifXLyGcfw +yzn9zzuE6Vlj2366ssJEP+YFYetrzGYkj4SrXQG7k9ZIM7cTTzD/ZjOAX4VI61LZ +VXpEOUsjdP9BcxwI6U17NkFePLfLKByp0uTwECFonIyxzlJLSTbk9xtzPtxA7pax +F/ZrQBEsTdzFQoZca1ZH3UTnmjpcbYJwOpzzlSfrMJs9sv42MZlBuSGzn8xq88xy +KylL9BUn7ZCOhawIz4FEi335e9aq8xcZXnx40OBMOTFE+xo= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/amf.key b/configs/open5gs/tls/amf.key new file mode 100644 index 000000000..89f3f7428 --- /dev/null +++ b/configs/open5gs/tls/amf.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC+atXlyvMM78sp +qxKcS4HRoPAKx1IhpNAXq5MCMDr5CUZKqJUMdQlVfkmQLJy8a7dfgxG/T0xKaqwF +1wFsRrYwwlvBQETxX4c4quAdDTx7k7V7rL0/vcRdCBGPxxcjv9xGIeb0YeYBmXVu +VJIIeFnuGcP5cNHdgRQNvy+V8+MzldT970ngE8jTKuJj1g+cVLNLrVMznr5qJv/r +zDvBxnnCr/HaXXDOORoHreaR/TsE9JxADrrFvL2GSpAlSjRQL38gjlc1RvNo0vFw +EazBsxT3565GnWK3/7FeDkO4S3OGXTvN5F7mzqAiZsa8ae2fGml4zRKRltnWUKlP +cOe0j/bDAgMBAAECggEAU0sRaLTXj4ufH4l9GRAwZ73R8q0QwLXC7u+23Siyyzfi +3wqSNEJHxHV7AU16fDNUIbwIOdqaoRy7Rcywiyf9TyPdlhGidsEWOdQJN7wP/nB0 +3PYJTIYajKVYZT+t4A3vcWAoEjN2tLFnfE0TGhBnKi9sGcNfkdiCKKc+TgZCls/M ++ltrp3+QVH9UO6AMj74mNjNSN6EQOcsO8BUqNnzTsJ5mkTLfLyfoerWXtZlppXZM +/0gyYshP+SN4d3Iuj1NUlM3LLTAx/hg08u3ioBURcRBF0wSIkywpgC9SdqAWKWsX +V6BEIbNwRQk+0V782HTWaZ8H9aCRg6MOk5KO137r1QKBgQDkF5lApIoDAkVb0tFI +wyRNnoNtv0HitbXGLGKS3KGyPPqCLgdnngeEgEqB8ejqjkMzdOmn0eaSmg/yml5O +Vkkw1nSmYholzEbEzl7A34f3AOLMx5hegTjiJe3MrBjZN2qoyDJH8xikl+XFyV5J +sNZe6uRyFozIRrzEPMxgW+R3hQKBgQDVtys66kqUz+5EGwY/n6kIV3ip8zp08KQj +Q+a/h/2EZWvulKLv+Wcr8bwSqOs/ZSaKKgK6VOUK76CYQcHDIHuJEd6TEOC32wLM +uhsjX+aVcTuWPHmGZdJxk5JCI1W0NIxdLVJKg5J1nAmsfRmhtk3yG+C+1i7PSQRT +Y1m/92SzpwKBgQCpM3hUI7rdkImzHCh0OY5spfIJL5/IddNqNvLIzzKD7ghHGa4U +h348JI8g5jtKBE6FlWzfOS46Al9iMHFU211gBTZzVsLe1zKIPC6+FRPff6C/GDFH +qcRwvoIxGlk0iY9ttVTXWtYlAylIF6ECOVRNBSKCH4g/6XmOeSuDL6fDoQKBgQCk +UWouqTdgxaKnwLOENakMXdzLptR6Vw+Mgcen2dJlemmLDcNdiT/3PKzjF/eQTaBd +OMHSLDXSu72Zc22cLpxtHk0ofCCbnAvCBxGYmEK9AkvTTnoNiLpOUy1wJqTdok2N +0qvj2NfCD5AsjB8qA/ZYQXECqcFh5P0rdEbsXzWRHwKBgQCM/GGUXWI0LrkcQpDY +dpO1C161b+zNJHWwM+7cL2kM9azVwW3CNq1YV7c+GRuJG8YyToIYJJfIIUSiAFH0 +97J/JoQ2a/1baMXNaZf06WATtjsFywtG+O8FwZs9rAQ7oDeSe7l5jP5Mw/WjY/Kq +BKoi+9Nz8JldcTIi1rj/YyuHag== +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/ausf.crt b/configs/open5gs/tls/ausf.crt new file mode 100644 index 000000000..f2dae2caa --- /dev/null +++ b/configs/open5gs/tls/ausf.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjVaFw0zMjExMDgyMzM3MjVaMEsxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX +BgNVBAMMEGF1c2YubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC4kKPcYH2eCayT80Ye9dBf6JmJGwfpkkHlwSlMNW8hh/aCEhDF8pj6 +8xU1Wqqptxs6hHHyLMdtqw9AlnOZlOZdTh8zwA5ExR+vf0IPK/bCDkRtUwBlyOUy +LsEOoqMbdTEhGmriykQS0t7O63vsPeiX6oF31AgaNfI5glxZpjUI61rKcHTxCYAX +XALSnIw13fnaQxz2ucmnioTToM28X0GA4ByGs8zgPkAf8F+tDYr+vfiYPZ0ELmLY +AXJCdK4e/VzY1DsfkqnWCCbVZYg/sCjxFIa77PEQ8rUJ0VBdKE0n+O6hqR/7lL6g +Idrk9Vh0LWueQI+cNy/IcVQbBOJaPVZXAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD +VR0OBBYEFBxp6AfQv4qeBrN5tM2WjNjC23pkMB8GA1UdIwQYMBaAFLFq+pyZvAQq +Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBBnrBNSkmzMM5TTBrzCmgo +GktZJy5iM5394OSNKwYdIAxFUotIP7PKwE4GGA9fMauYw+Q5AictubsZEW6Pc4SK +wtvgDUkCmtOitdMxRGYa7lmVpLxsyCvyMVTH5eKvSWQeMBomOP6WR4Huzj+RGcTc +dU3BbNByNMnGGoXO0WYoW6nal/cEIaogYtH2JM7v3otDztGN5ixmvkNxmd9ewLEu +jYkcpqY6WPpK7TM55fBr4f7N5Tin7GM8lE/SQfnJzREsCDPrkLoEuB6DXG7dgjvA +ZdrM3eD77xamzT3nA0/5Up2bDoQLtYMph0muVfDrOKL+pzrtSrR6CnkPVgX2aWrF +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/ausf.csr b/configs/open5gs/tls/ausf.csr new file mode 100644 index 000000000..1a75d7241 --- /dev/null +++ b/configs/open5gs/tls/ausf.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQYXVzZi5sb2NhbGRvbWFpbjELMAkGA1UE +BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALiQo9xgfZ4JrJPzRh710F/omYkbB+mS +QeXBKUw1byGH9oISEMXymPrzFTVaqqm3GzqEcfIsx22rD0CWc5mU5l1OHzPADkTF +H69/Qg8r9sIORG1TAGXI5TIuwQ6ioxt1MSEaauLKRBLS3s7re+w96JfqgXfUCBo1 +8jmCXFmmNQjrWspwdPEJgBdcAtKcjDXd+dpDHPa5yaeKhNOgzbxfQYDgHIazzOA+ +QB/wX60Niv69+Jg9nQQuYtgBckJ0rh79XNjUOx+SqdYIJtVliD+wKPEUhrvs8RDy +tQnRUF0oTSf47qGpH/uUvqAh2uT1WHQta55Aj5w3L8hxVBsE4lo9VlcCAwEAAaAA +MA0GCSqGSIb3DQEBCwUAA4IBAQBUpX2wR4LNsuhCeFLjjiJKClOdkqKel/U2gCr5 +pW7JisU1pnSBW1ZnI0usssGQeejJUvS+24fTb4aQp68DJ4E70s4N6M+oMyUlCIhH +5ELkG/rlXtir4/l7WP/vF5M1F0bPKLCA51nRfV9tvBR1nAVFfr5ZBGWo8vZBKz9v +v43beNjJxmCkurN7j78WP0TYEs7ehGCXh0mDtW6SurKpnWswsjInKtyUR470XHwt +cVJy0HelsBsqpf6I9SlY2J7SakGPDtqARkIisKA6vO4sZdKP0aYapY3nCB5rLvNH +mC28DCX1R0gqBoHTML0lNUiGEsDe4R4O70dHvWHdZr+zPow6 +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/ausf.key b/configs/open5gs/tls/ausf.key new file mode 100644 index 000000000..1d3202fc5 --- /dev/null +++ b/configs/open5gs/tls/ausf.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4kKPcYH2eCayT +80Ye9dBf6JmJGwfpkkHlwSlMNW8hh/aCEhDF8pj68xU1Wqqptxs6hHHyLMdtqw9A +lnOZlOZdTh8zwA5ExR+vf0IPK/bCDkRtUwBlyOUyLsEOoqMbdTEhGmriykQS0t7O +63vsPeiX6oF31AgaNfI5glxZpjUI61rKcHTxCYAXXALSnIw13fnaQxz2ucmnioTT +oM28X0GA4ByGs8zgPkAf8F+tDYr+vfiYPZ0ELmLYAXJCdK4e/VzY1DsfkqnWCCbV +ZYg/sCjxFIa77PEQ8rUJ0VBdKE0n+O6hqR/7lL6gIdrk9Vh0LWueQI+cNy/IcVQb +BOJaPVZXAgMBAAECggEAIqhShNb/r7YMWKn1kGnDa8cfUa4oQbWLt0ua6Cseh7Li +2NDwomMoU/Nil6bDZmQycj4dsYa0GkVlc1DtOzlJOtspI8wcQdCsXwWsD3JHf3Az +bD4KVJKxa0d5TDjBHS5X/+nYiWbG+qvrV/rDRfzoGOLZ1fkUXmuj5SW0FseNrPNH +VaRrC+YdnFfOs1m+U7PZQmxSrp3C9FxQWCg1xTXT4vnOeoqsJLDQX6njCI6AONPD +9vfeGLMD3D45Bk06xfv1zFz7oNgdu0TbOISiDKewUJX1MIpZbaDvx0LO7dBeJBWI +x7yZymTy6B7cspyO9WuC7B3uvSZb4Dj0kmityXze0QKBgQDk/6QY2FMZbOpC0xuw +8T67sxiF9omr23lxWZD+2PMe4IgcD3mijr50bg+pnoZ/R1cPs9IRT27gtuKdpQlS +FOrV9kmJqXGGMO8R2edafzGRim3M+oKVOC8KuI0z/euGTKtKpozMKaoUF68nrMx4 +/7ybauLVYOuWDEqI+Fu6/yY+MQKBgQDOU8OOe5oW3BcNY3/yq+PWlaI9qEehsJTn +kyMvzn5YbKg5yfF6rexm04pY9WCOZfOzvP5NdwwG/InR86YaVOxuuiDE/4WMip18 +rDLabGhlcxsja137c14h8hr936xcF2A4Nd5Q6GYOtCMYNAvCTSAgI98jyiwDGxsY +vXl7WdQTBwKBgQCgZa8698q89FzhkZzDwzZ9omR68MRda80UZ/f3iV5BMmQjw3Mf +OXyNcMnntPHgFMgWZ42sMkcnfvIcGYz9wUj7tRatJdIue/f4OPijmpPNrXhbKtxs +SH4qtDmzQRfHacxQ7XeRSV2n1S8KSy6tUfN5qNRZQRnCb7mFVvBpem3/AQKBgEIs +VUzuUXZBcldF8TRIctNQvG8f+JFgC/HVm/RqOtVrS+z02rDo9SfpcrajRCuHgUjF +NZ5srvvSpPUkOsK5N/cvVPE5roBruKTSqaCqIjVfXHXYqpTJ5IfomUWRJjuG98Iv +bLTwREM0/Qh3MMpJaCNGvftBjSoV2HPv2PV50u2jAoGBALbTtPaHLmSjTE6L675y +Qb440nmgkI+5jl/KX21Gjnes5OqqVmmFzz/1fj1/ZwGpbzp10jdBG2zKChATMsjl +xqPq6G0Gu5RKUeRbT64at3e1+aukU1W4L05GAS8FQru4qixKVK5be/24bmTLTpJ8 +tm0reJD9N9KJQouyqctAnf1O +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/bsf.crt b/configs/open5gs/tls/bsf.crt new file mode 100644 index 000000000..cc896dc5d --- /dev/null +++ b/configs/open5gs/tls/bsf.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD2JzZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKOY6GHHkFrexUafHFilmA+vsnx7tfbFS7Mkk41QmSXR2+xjG1MenpOQ +kOJdDq5tFm8SsBIqaNmyTM1Tx2j6vT01KnludLJait4Q1F8o5npF5YFwMegVf06o +ZcDrsFpdyIi1EjoFt1bhM02j1GkRVzfIycPi3xrJ1croWWtIj0J/CN4TkoAYaqUW +8B2pccwVbb4jvUyGU61xIARkm/pHIYrCEjiuWP99imbROSUMBX9ne/krtgsJYylZ +XPvZiZkrAXCFHx2KKrm9zOaXeYHSCEiHJQRAaSJICJA2COz3zzN8XpIJVP8paiXF +B5oFoUwex/VdZ/a0m8jm05++jcHXVIECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQUgkNWEi5vGgi/rNh4n4WI3VkWdxQwHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAE4+FPquzZPJfAg3namKryWe +zJjibTvvZenRDoYhkJ9HWhi4tPvLAUqCHLe8sUfxcf5k17T+u7pYfK/+1IpGomWh +Y6OxrxnNK4bnhxTFEch9j90x+cLyAAKVzDAotAgI/OoBQgqiSo0I3pe6MBVPZVIH +Ga5aghA1u9QsLOr7XcuHLAXzMpYPq+6vjHTy1cSi3csQcVNLo67pB3l+b9o1lVGz +6Y8V1L5n19OQ+gbCOSQrGXPAivWWJIDvKW6mtinFLNZ2f1/WDvkh9L/nSFNUsNOj +uWqheRX7FegwvwpjhFfe7TdLQg4OZ5Q82JRFiVmcwx3cDRHPe8BlIdkkTmJvilo= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/bsf.csr b/configs/open5gs/tls/bsf.csr new file mode 100644 index 000000000..743db7099 --- /dev/null +++ b/configs/open5gs/tls/bsf.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPYnNmLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5joYceQWt7FRp8cWKWYD6+yfHu19sVL +sySTjVCZJdHb7GMbUx6ek5CQ4l0Orm0WbxKwEipo2bJMzVPHaPq9PTUqeW50slqK +3hDUXyjmekXlgXAx6BV/TqhlwOuwWl3IiLUSOgW3VuEzTaPUaRFXN8jJw+LfGsnV +yuhZa0iPQn8I3hOSgBhqpRbwHalxzBVtviO9TIZTrXEgBGSb+kchisISOK5Y/32K +ZtE5JQwFf2d7+Su2CwljKVlc+9mJmSsBcIUfHYoqub3M5pd5gdIISIclBEBpIkgI +kDYI7PfPM3xekglU/ylqJcUHmgWhTB7H9V1n9rSbyObTn76NwddUgQIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAGh+iW6t1TL6ylPvzJpICuoSitSF2FsxbfNBpu+o +rZpVlwUsJNRzofxoU7HGEJ8gIAs3MmkkMacaAnZ+o2sHuxtyVnHlXWBfFdRmJIW8 +WikaJTDV2s3lSgntvQJk9PiRtRJfUAO+z78WQisLah/lxKjDEUQs1PTKPbtQTj2O +S4ys26g0OsBwRV11qB93EEQFjz9eExYk18CKgmzntTU5yOJJ3PFj8rjvyyybNtdY +WulE9Ht0rcBZcsDfYw2DvOaz50MtUviTjAZxFHLuyE8igbjy3H5BORFOp5Vm2ybH +/YUwcmvXBiszycaG0JRL+vOIEXAc1lsgmfg3er1QK5N2u7o= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/bsf.key b/configs/open5gs/tls/bsf.key new file mode 100644 index 000000000..de2ea11bb --- /dev/null +++ b/configs/open5gs/tls/bsf.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjmOhhx5Ba3sVG +nxxYpZgPr7J8e7X2xUuzJJONUJkl0dvsYxtTHp6TkJDiXQ6ubRZvErASKmjZskzN +U8do+r09NSp5bnSyWoreENRfKOZ6ReWBcDHoFX9OqGXA67BaXciItRI6BbdW4TNN +o9RpEVc3yMnD4t8aydXK6FlrSI9CfwjeE5KAGGqlFvAdqXHMFW2+I71MhlOtcSAE +ZJv6RyGKwhI4rlj/fYpm0TklDAV/Z3v5K7YLCWMpWVz72YmZKwFwhR8diiq5vczm +l3mB0ghIhyUEQGkiSAiQNgjs988zfF6SCVT/KWolxQeaBaFMHsf1XWf2tJvI5tOf +vo3B11SBAgMBAAECggEAAlCr87PItz99LlPauWatA2ZQrd4sj9ugh85IBAVAqJJK +5OJNaQCHPRZ79WccmcNvkIZ0vUoSOifxuitiCFpZhpnnsiiZ8ErzmYNGlRrpoY/3 +CK0VOLgCqWLcz0VKlWnLuGMLGSz66GjnEmWD0FGTcNW3pLzzfDAgZVbiyo/QHrBS +mhayw3ceTgggFDeqBXEpG3w1CeWIdOLafdQ7fCUkv34Qww9/kJ7gERbX4eoAHZMO +fwkkOZ6xsKxH4tKOEAo4hkTnTo95P9n5UpvDGG/8fKV4vkto9KMWnCUSMUZz/t0Y +G/Jv5aHOQJkfnzS1QtfgfZiHGbto5R5oOGZsy0NdkQKBgQDbJgQwVErskpYGNJwc +tOcz3gooTEkE9tTsX6mT5cCtY2A59k/y6rXSv8X1es2CCkDFLqGHuOW/TBG6ZE9d +8JrQVqQbjLe3kcdRdHlwdfzaj9HfQa/ZBZ2gGzhzqrB9Cry7v14F8vQ1M4qWtEXn +XhWFbR3YP8qjFs3eKLS7DC3x0QKBgQC/G4DJPXvivz+M6iQOYWZH6aO+00Lrm0iv +UsHPphP3LbIz3cDSAqXRTG18oOikmFCQkfNCRzB55JFwf6Udd/A3CdrIQ4rsqEWn +kgtY2ZKkU2ZFtCs5wOiD9gk9CnsAb6D8rSaiKkp1X7VMssyoMrHkBFXvQKHtXuCk +OkEqR56zsQKBgQC43sst0g4aoFY7CeqgNOPN14QOFryKmYdpmBHAGFOAcZLdkrJD +JEkabnka6uuuxeN59CqECjCWPh++c5yYjL6s/koWi5D4JNxWFMHVY1NZNXZAtnMX +yyr7w7rNqLKV6ZbpczhoIFpu/vnsxEssMSxKkJBauwXAqx4kSYadPFsN4QKBgQCT +2SVDi0ui2q7ByArpDTViAUFrSmoFePc8nFvQ1/2uRy4MrkyUrPO3/tbdimcxn50E +m8WEyyqXwts6G6aUK8wt6HPYZ1i9SlnJEFWzAXBPrS38Uyz122aHYPs4vDj412PG +1/aBkxJTyB2tHs7yeXXin/ATzv73c2V76I2ttgbzoQKBgF3J7l1yUQ+4yxMUF9PI +Ta1S87ShIM6B6XgzmdGYyn27lB9jAvmnwNe4pLd5GXZsvIZi8FuQQ9WNPEl78Nj1 +8kSBwSi/MZS1/fiLyP+IaGuaKrfYbEzIlT2rXSgO9IG1gdfO/MouuL4+brynXeDS +BUuR/ojPd0aSsdGhNFvcwUYA +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/ca.crt b/configs/open5gs/tls/ca.crt new file mode 100644 index 000000000..60f49647b --- /dev/null +++ b/configs/open5gs/tls/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgIUWqr1d8XhDsM5Gk5y7G9u6KeTF1wwDQYJKoZIhvcNAQEL +BQAwSTEXMBUGA1UEAwwOY2EubG9jYWxkb21haW4xCzAJBgNVBAYTAktPMQ4wDAYD +VQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUwHhcNMjIxMTExMjMzNzI1WhcN +MzIxMTA4MjMzNzI1WjBJMRcwFQYDVQQDDA5jYS5sb2NhbGRvbWFpbjELMAkGA1UE +BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfs1L9v9DIXY21LuT8+Gvkmie4Zc1fN +OXP+rZAwZYiQpu9Awtk/L2YgAnJ9zXCNrL8DoGJGWGp9KyN3LJeFu6XUbyXgYDWu +Beg6LN6OUPv30zdjm6iIwEmBtiBgL5HYJZunP3b/OdABIJu9foeWdKVuT+jFNlHK +f6Arod4sVGp2kc6owkGgYE920m04a4UsYuDGhpGvIAv/r5/SBNdKuysF6gE5YHHv +4Hk8RnrxrRwQIGasMAlguwhNfbNqupQ1cxcOtMTBZ8KMv+dji+2f5PI0tmmbSeJO +nENk+A/i0JiuBH6szjZ3ylAuMiMZ42FqFLb9k3FHV/YosxZlzTyFldECAwEAAaNT +MFEwHQYDVR0OBBYEFLFq+pyZvAQqQohl136+YHCiDtpAMB8GA1UdIwQYMBaAFLFq ++pyZvAQqQohl136+YHCiDtpAMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAK01l12RIId/hjjaQy0pEbB8LU0DV9KYw3ibkFTrVnxXdAtOEvsAAGOX +s5hwltZChJJyIVEh5uwAHUMrOs3MazAMhD/FiWBeqeHjh60BTR66tof2Gll1uPRR +D7HHg8E2q01OQmZ1zhj25gd5FP7OSAgXh71TfB6CpRC/gPtYv4vrfe7ca7ZCXKM8 +h3sQxwAMajjHzIKn4ZbqzUfP+ALpOGokbCo+a83PlZgTrG0wHH5MheGQmGKUQaMP +THXAPNaAaoKXbA8rup/fzdinBG0aj5op8bNS+iZUKOLws6M2Zrns2UQ+PxkhlSoa +soOVoABREvi8iSj0hkEFrVdp8loESs0= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/ca.key b/configs/open5gs/tls/ca.key new file mode 100644 index 000000000..5c3c6633d --- /dev/null +++ b/configs/open5gs/tls/ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDn7NS/b/QyF2Nt +S7k/Phr5JonuGXNXzTlz/q2QMGWIkKbvQMLZPy9mIAJyfc1wjay/A6BiRlhqfSsj +dyyXhbul1G8l4GA1rgXoOizejlD799M3Y5uoiMBJgbYgYC+R2CWbpz92/znQASCb +vX6HlnSlbk/oxTZRyn+gK6HeLFRqdpHOqMJBoGBPdtJtOGuFLGLgxoaRryAL/6+f +0gTXSrsrBeoBOWBx7+B5PEZ68a0cECBmrDAJYLsITX2zarqUNXMXDrTEwWfCjL/n +Y4vtn+TyNLZpm0niTpxDZPgP4tCYrgR+rM42d8pQLjIjGeNhahS2/ZNxR1f2KLMW +Zc08hZXRAgMBAAECggEACK8vkDOK+00w5ejN+PZEYEv3IjlFvmXq3tMMgLevNZvl +BFRyd1wMVFCihtL7HFnRvB1Qph1oNiSVtvBBdTMGwcDgoJR0Rc5MXlO/Vl4R3j17 +ZTmPnJHyUU5QGYpAfb+QOPHcSIJqEcXZCLvhvwX9PCyTRW4NCKcCfGbl2sHiL1JL +BQ4++zPfjqoK7sJ+WC6bcEYQLpRHZSIZm+kzlBNUyWdtY9WzT8mTdfpzS4X8sZIH +DrmUFufMkgyciN7qt/jBhps/4/S4yjrbRcOsltcg/1Oba7ayC+vGyzGeGPGA1ddS ++bprG7+nUGRvo/bTC5YxVpIXSlOXizpwpzufpyV+GQKBgQDrVVROaG4dcUKdg35y +dLjhRcAAgR2gRJYxG2tYRGsDhBWAvVqJ5MwY919j4kdwQ6UBTnWgCFsByiv6OX6P +kK5Em8ImLEOPHn0nIYNFst5S9GfeEPaCo2jtH1k8KJYbIsUWg8toONv54Ee1VxXV +r6kS9H66zOC0GlayNazQV85JvwKBgQD8SuFHrKrGdo1Wa49LnWRQsTF0rkBXXUR8 +2NC3SiwyrCH8A+nGv4msbkKRcEOQjkbAthYjdhSXdYFtNLYsYa3VCsMDGV3YwA4w +LhjHUsdt2W8Wl26Oo+WcDa22NjTyc5kk827EsgB52N8ug/ylVP01AVr5kEeQ/t+T +yzQzeftkbwKBgAccINvtk8YX8edIXb2fgSZtMQvS2s5IxDDfnzKffowwpWWqUt3v +p6rpblxaLcZahNWxRSR8nCNFtGZu7j/wIxO3kPoORExCo41XGdw1NzpSYAD5ijkQ +Ls9bLxr+LurK9iFkAfU4Io0+FWyJIQO/tt/3uwxxvCg004G21W3F+VmJAoGBAPJZ +U7IwERP3yakcRVgTZsuEisdUo4XImAN9mnCXFYHPjA20DJrYXv1+JP/kYWK46Qox +X27M/NbJD3zBx8U2R2+AmPefJGETjA2IGlFOGThSR73h1Ve75NJU6WtBAvdrR88Q +8HSNsJtbUngyXTzMOTbziFp21+hWjJpB9nEEWhKNAoGAVLy+5NBYg3XUSZRDhjgG +D4LyKf7PjaleMceeZHlhOfG03pjnqZ6vEH6g86fUj4CT4m9JNJPtmhTu8vb96h9X +EVuEkfctkYy8KPmmqqiasZb8viMA3yz4o0gY2Vh/ZgEuFTjLVANmrP4FnPPQSLPX +OoF11bTHRPDa1vAN0sBCVoY= +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/hss.crt b/configs/open5gs/tls/hss.crt new file mode 100644 index 000000000..006de594d --- /dev/null +++ b/configs/open5gs/tls/hss.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD2hzcy5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALljW/sKEWWc9NmMz8NpkskbjXtlhkduRWDapIKLTdUUjl+xP2Rbve0l +ag7Gxw/bX3IkSKQcHwiT1+QMD+CgCcMMd9txI4nVkCP/7+YQVGfEe+2iclp1CrM8 +P7a2oaG3LzzS8Xz+iTWFW+eLE20B4QHygCyQwN14IPGYLkzQvGAe8MfiBfOCIJnm +t4NKGyXGs31Tvbl5+Wzpm6hIXvlqPUEgjHXNtC6u6FQdCPPxcWwt2O8zT9aB5B4G +n/914qWlzurUTlnhYg8HV9L+iyidD66v8JMiKQ9xuPNWMKdoxaw034qH3Dg9in9j +Jqdk3AJdvuqjdmQvPBoOFBQKDcYW06kCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQU5GTunEyNMXr1ZZTh79w1hSC6wDYwHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBADYTkXOb9Kx31MN3LSLCz+ky +KEi3Pio+eI65vTByclmfu/ej2AmGMmHylJQ2RpHzbWOe2MPmpFyI/yfqR7ZoIcfs +soEnYk3vi4Ul7ooYqWTIvAl24/g5ujb9vZ2+7ZtiyFsTNG3kB/zdtS6X6CUk+e3H +GbYTHjxvN+VmFJmCJjQpSMTQC9JGuqof3z+R7OODyJG24aw2g7rVtSDW3J0rvDgc +1RylH/D2KJMBGjo/JlXB6y6wCTu9iLQ5prqk7YunFlpLxjsEdqrQ+yukLhwRH93x +C0GQA6rMQEhC3paBukP2ePAJoGCqanipp/oJ6OJLnKqVDha69IXPSJLEhqAqtX4= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/hss.csr b/configs/open5gs/tls/hss.csr new file mode 100644 index 000000000..b330380b4 --- /dev/null +++ b/configs/open5gs/tls/hss.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPaHNzLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWNb+woRZZz02YzPw2mSyRuNe2WGR25F +YNqkgotN1RSOX7E/ZFu97SVqDsbHD9tfciRIpBwfCJPX5AwP4KAJwwx323EjidWQ +I//v5hBUZ8R77aJyWnUKszw/trahobcvPNLxfP6JNYVb54sTbQHhAfKALJDA3Xgg +8ZguTNC8YB7wx+IF84Igmea3g0obJcazfVO9uXn5bOmbqEhe+Wo9QSCMdc20Lq7o +VB0I8/FxbC3Y7zNP1oHkHgaf/3XipaXO6tROWeFiDwdX0v6LKJ0Prq/wkyIpD3G4 +81Ywp2jFrDTfiofcOD2Kf2Mmp2TcAl2+6qN2ZC88Gg4UFAoNxhbTqQIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBABWDs9H10OPMkVJspViUa7DpykmjwqgwZeobtUsn +7MRP7a4/UUA/OMEgK3HQArIE36byYQM9u80FQRVmlgdM8h3gOABNlyD+Xq/PPCdV +/+YrAWrLkPGbPgKeyAlVYlqi0j8laC9JB/5bEVh8JUxZ9RlZdYmMVITAnIAUfmJ+ +avGxytm5bss//Vat89HlUvPt5NzrmR2YgxzH5PmMx6AB13JIItg05YBE/KPZd+KC +CsLyCzjZj7GJ12l1X8nI/EN032kRPQD/0knq1rt2gyxs45pzA1XGJNiFMFEnJ7Oh +jIeFnbnGxBvx6hu8tOky41OubB1erMok0UV9XpT987tPA/Y= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/hss.key b/configs/open5gs/tls/hss.key new file mode 100644 index 000000000..cceb9cbd7 --- /dev/null +++ b/configs/open5gs/tls/hss.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Y1v7ChFlnPTZ +jM/DaZLJG417ZYZHbkVg2qSCi03VFI5fsT9kW73tJWoOxscP219yJEikHB8Ik9fk +DA/goAnDDHfbcSOJ1ZAj/+/mEFRnxHvtonJadQqzPD+2tqGhty880vF8/ok1hVvn +ixNtAeEB8oAskMDdeCDxmC5M0LxgHvDH4gXzgiCZ5reDShslxrN9U725efls6Zuo +SF75aj1BIIx1zbQuruhUHQjz8XFsLdjvM0/WgeQeBp//deKlpc7q1E5Z4WIPB1fS +/osonQ+ur/CTIikPcbjzVjCnaMWsNN+Kh9w4PYp/YyanZNwCXb7qo3ZkLzwaDhQU +Cg3GFtOpAgMBAAECggEAO2h5PdnMmGTzW9HRdHwc80BWlvACV1qhdfeq10Cf2QQk +2cp5l4YEt32RXpnZiZ3RmMjC1IBEe6GxAd3RqrhuWGhi8lnvuwhKkBbAwFeETNp8 +ojq37X/rRWOtwTYGVsXWp+WrSFRjENkjCfCZ8Yk0G0UkSOO8QlxwJiuPzsLnUt+b +wO/bahViAu7c+CyPouw0+MJmysZba1DSRoYSAYF6yzOolOOfk9HIEcfFyY+wCO6d +hRVcGe5FgFS6hsBC2RLDrKc4sp1VoWOSkI8MfsTsnSvIdWHKLqvmdDlhoEgLJQ2C +BuPX9J50oa9naLb0FszZNjsF1o1xNXvdzzCvWXIYXwKBgQDWCjlJDte/o48jFbvV +aIa7jkChD6NWlMhGv6wRftblNU2WxzwQNiDxKo2OK3o2OZaOkXD7u/GrUzsOAnRs +N+4I340UQz9C7tfzUmsFjS4ju+xxeaPQX1Wmnz5HSN5mxU34y3FvLdyeitUbadNL +CbSeLXI+qzMoecrUp30qHsKarwKBgQDduzhI0xQS3BAWxVz63vMv/Pp7dCjgg/VC +ULYv2d4z5twS9fRwCzyhtmOPRQzHOvgxPbU/MF9DW/uXzAGPFYZSzfWuJcv4u1mp +Ha48GZcxA3C3HWpimsn9yZjcdWG7QV2BV6RgMwH0nUIxZHxQ7I6gplJasZN5dwlZ +glPAAOetJwKBgF8cV+xQ/ioYQgizJa5lLkm1op5vVoOoxX46uflkRZXAo+O2UMhb +ZTQFVrWwODRUTsS3eF9EWtVovLsy+A0GpW2n+QbiAwB5Jdjn7Mqgu7oBTcX26YY0 +dtj9tizzAnDkiAtgS929oWWKB7yQv+V+QJZxV2zlomwAAtOQQZwv4wXdAoGATReE +8D0DY7NDnMcuFsNhhjPM2xN+CuGWamIpleWIDj+cELOXM0WU5RzG7M8zLCnilSxB +UiD9XiwjA5oYiKkRNMULQGs/ydFJ0TTSmW7EVHQ/wkrl7DapOCXZkfz15+dIHWpd +al0RtvzeQNIRLwmwZUaup33KKpcqlwZrG/y0kE0CgYEAtSp7JuJWnFCRBGYzITFG +3gILjbzWxKquho7vOjlOZ9Jn0zHAMjMFaa5jO+jDVeFTo2ma6vJNjkrwwSt2ta5j +RL3+dBFB8uFgihY68j2yP8OeTuMOUevinbKgySMcTP7mlLzya/SAk9bZFqTJEB6w +CA6ghp5l+Pzf2ziJKd3nc0c= +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/meson.build b/configs/open5gs/tls/meson.build new file mode 100644 index 000000000..f20cb9857 --- /dev/null +++ b/configs/open5gs/tls/meson.build @@ -0,0 +1,63 @@ +# Copyright (C) 2022 by Sukchan Lee + +# This file is part of Open5GS. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +tls_sysconfdir = join_paths(open5gs_sysconfdir, 'tls') +meson.add_install_script(python3_exe, '-c', + mkdir_p.format(tls_sysconfdir)) + +tls_security = ''' + ca.crt + amf.key + ausf.key + bsf.key + hss.key + mme.key + nrf.key + nssf.key + pcf.key + pcrf.key + scp.key + smf.key + udm.key + udr.key + amf.crt + ausf.crt + bsf.crt + hss.crt + mme.crt + nrf.crt + nssf.crt + pcf.crt + pcrf.crt + scp.crt + smf.crt + udm.crt + udr.crt + testserver.key + testserver.crt + testclient.key + testclient.crt +'''.split() + +foreach file : tls_security + gen = configure_file( + input : file, + output : file, + configuration : conf_data) + meson.add_install_script(python3_exe, '-c', + install_conf.format(gen, tls_sysconfdir)) +endforeach diff --git a/configs/open5gs/tls/mme.crt b/configs/open5gs/tls/mme.crt new file mode 100644 index 000000000..57d3843d8 --- /dev/null +++ b/configs/open5gs/tls/mme.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD21tZS5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAOfRYYARkQf16dejrenOv9VbNAInKLH5BByRobC/FXYs/1ZEpE26QQpj +ElSZfdc9ri6tlGm8JzsWdeospR10abH9wu/80lerrOJFsGAKC55tLbO0N71Odlk0 +UZms/Efets+4Y2N/ubgq1RStl6IhqkmUOgfbvX69h7+po4PILGMixbZiQTW9DwH+ +aZJ9Gb3YScewikE3J6E0RPf43ABX9roI1oU078n2nj7qZlCNd0zJ9vOXQiQOdcW3 +8PKHlrobulMYh5SmG5ASidZzexHy6csKiH/Rr2EC4mZTYBepb3QZy8+ad9b5Cl74 +yuCcKGf95xui1E+YqGBM9Gi5+HNdr3ECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQUVhByp4/5SHL0qj7sf6dXxrcO6L8wHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAJTHO3re3/Tc9YeMs3Z+Kog6 +9z3Rb+OJ5nB56Y7nXVpJ70piUpTSVwPxK1r5a6QqHO9tTTgp5kp5i3u1H3cYnn3q +r9if/lkNotdrOl1uwI9Kb3eb+4iwZe4VUnhDvWbC3oWVHcyZheS95qxuW/HfErxU +eZakK1J5rynrd0R8fZiJBfpYeBfOczshDlLZ8G40gwmGcHBTJYQ6bYJjjA1jQXzF +n1fE6WQBu7q79eX9w0U5Sf5Xo9Ale5Y7o6ud2aZT6F83Upt1G83BhEvQ8vrseTD6 +SHme/cpGXmSToBs9hJfrPuDzIkjGG/kjiVsFalHiaUtVbGvMqVa2iaHZ3HBzIro= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/mme.csr b/configs/open5gs/tls/mme.csr new file mode 100644 index 000000000..fc8937766 --- /dev/null +++ b/configs/open5gs/tls/mme.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPbW1lLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59FhgBGRB/Xp16Ot6c6/1Vs0AicosfkE +HJGhsL8Vdiz/VkSkTbpBCmMSVJl91z2uLq2UabwnOxZ16iylHXRpsf3C7/zSV6us +4kWwYAoLnm0ts7Q3vU52WTRRmaz8R962z7hjY3+5uCrVFK2XoiGqSZQ6B9u9fr2H +v6mjg8gsYyLFtmJBNb0PAf5pkn0ZvdhJx7CKQTcnoTRE9/jcAFf2ugjWhTTvyfae +PupmUI13TMn285dCJA51xbfw8oeWuhu6UxiHlKYbkBKJ1nN7EfLpywqIf9GvYQLi +ZlNgF6lvdBnLz5p31vkKXvjK4JwoZ/3nG6LUT5ioYEz0aLn4c12vcQIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBACCmqKiZ7lalTo2IacCqfhzE9XCzwltNoygocky7 +aEed7vSX/3pxf4x7ASphZd1gytnePc3bVvqChxFKkgTOUCLd6KTcKsPuXhVPcr6C +0/f3APspWyvZX/sYMLHpS+b1BkO6Uego3ZM9FauEP1kynNHy6Bf0h5BL3YB7yYBJ +nj9UaGWpEAs4LivGWD+4iici2a1GfhS++PBD8dSd6ipELCEOkTuTZoFquZF66cfC +3q+Isd29jbIiO40LnQg3Qi75ECXw7Rgzn5rr0eclIEv50fayyd1vWAG5yXbSOyxT +L/ZBnNDXSLtZV1DMHEvB7rlhXvLEK0874QDtYcQEOltgVOY= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/mme.key b/configs/open5gs/tls/mme.key new file mode 100644 index 000000000..b91a78f5b --- /dev/null +++ b/configs/open5gs/tls/mme.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDn0WGAEZEH9enX +o63pzr/VWzQCJyix+QQckaGwvxV2LP9WRKRNukEKYxJUmX3XPa4urZRpvCc7FnXq +LKUddGmx/cLv/NJXq6ziRbBgCguebS2ztDe9TnZZNFGZrPxH3rbPuGNjf7m4KtUU +rZeiIapJlDoH271+vYe/qaODyCxjIsW2YkE1vQ8B/mmSfRm92EnHsIpBNyehNET3 ++NwAV/a6CNaFNO/J9p4+6mZQjXdMyfbzl0IkDnXFt/Dyh5a6G7pTGIeUphuQEonW +c3sR8unLCoh/0a9hAuJmU2AXqW90GcvPmnfW+Qpe+MrgnChn/ecbotRPmKhgTPRo +ufhzXa9xAgMBAAECggEAHPsdqSueXzQ8pZ32XjkKiCtXP1T9mZur38B1yjQRWaKl +fKJR4iUWACzuO+UBM6P9PyOp3rrMMsRg6G49aYcbYZ+mZmdL3/RRRZZ4cYE//kXg +RUuTU6zX+dijF5xl4RGe9tgH64aqcAjsIPd/cfWrJXi3n9zg/f5xgUy9aaUK+4zp +K77vv6ir3PjtHdQOqDTHblLdXJBDtNprF6Q3kvzWLdVptM2jhtsfhoZ5J4RnrkGm +e9VwUksWnWK6NU3ezYndN2zDe8fkwRKWmLD/DLMrWxOd/E+1T2sUsiTYytxhCMpR ++x9hQZ8P1ogWivYZe0aEwzEcr9SR7sOafdnF+pFnswKBgQD/4fFSHI+c/nL0d0TR +72BfNieuelnaxWzbsPDC8/7YzRd4g25uWCwoyMxzVntVSAdADmI2aD6REfIejLro +m27AvEkMvXCBJIn6ZD6a/GVvLGAiJt060Y3znyRm2xCsynnfw+4RAK3Rs3Vqu4EC +igHytUCKRsU1F3PeFYBABSKdswKBgQDn7JyG4uFl8YB3dm47SiaVxSNHVNnIKQJD +kULqgxLV0jWbMyXx/brS+tp0ABwavRFYxhl3f1wm/ZBk7YnFCTxrpwG3E1MPu4bn +fMJqVEbGFfJEkBePpB+3o2VFGYCrC8wsQx9+RsM98+f+jETqIn7J/j8W9Ht4Y1J/ +2mlWubqUSwKBgQDFugBSJQPMmsqVobwqRUFBEYXkS2M3rCsMMFQ7MXQSb5jdZSJm +XffxpAhob8FqCvifRP4bcL44N5fSh4i+yazxfg0srQ5MnMGKHQBLnxF6sN2wRjvZ +gaihQq5MVKcz/lni0XIa7V1jl7r5uN5d6erLc8flkf49olvElvS9g7pWBQKBgBNX +3q45WgdAnzBXhlYXlyRCrvCSGR/im7e689PPXtDKmYH6QB3wxZY3KeUm5TEtt7ap +vxICY1M1LsfcL/NpE8r+wNveFr1nLJc+BpELumNnDS++vNhUHfkY/adHuz2I3FyM +tKG5kSsnnp/SXyUP/3clZ2motmuSDR1wv/xlvTQFAoGBAKDDpj2v3u6R5qWWWb4C ++kO41YOGAlx52pcukmPV682CQZyJHdWFG3YHNeJaSBMVayHN+roIbnZQHJGTbS0B +jOMxgRyt6a86uGBHQ9PUDRrtOH8hcM4Wg5RnKip5GGHWnZYXH421p2ErpDE3ZAO2 +nt+0/3cXT4rENRXogOlzP3aG +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/nrf.crt b/configs/open5gs/tls/nrf.crt new file mode 100644 index 000000000..687d389c6 --- /dev/null +++ b/configs/open5gs/tls/nrf.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD25yZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJYwtO+kISwKZjSQlQ9eQNtF1/DpUFi8qrupceRuPtlAwsEFaly8BRiH +bCuBcRdGjrIgHtoyFJDW3wi3veKn+xkUoSTcIdHahGwon6nryW049ef5tV2CtNqf +RovgVACdKh7QIruIyqUhJUED+lm4s18aJjKb8QYne4jl18unM5xQkdHfL2bRh7Ce +BZV9/GxjYyNGcLQUWf1Qme3dqLvq539XACxBr8NqmYSDJGlrSRG0i4z0Faa2Znnn +epOTyRuttBrRgsebzszh1evg/zWgc5hsMDr4DoPVOfWfAihNkXmq2LF5kZsBqXdr +kQS6rZsxV4KRF1ynafMNxp0E2I768ZECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQUofXRxrSK7mNyrNQCStGT0rE5vJAwHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAHAaED78OABG0UPbkWUG1Bqd +kWPiZVKySEj1zc8dOqCcgn79VGH8TruxK+/dHwQY/YClq/8o9tZzfFOwc/OdtdfO +dk4AxHwyA+5zJMBWOaGOAIFzPkrRY7RIQnUlkL9FgRg/3hel70TyjBsRm5QEUCPF +p100S0TS5AACJm5gcC7QPfx0Pz1EPsK0q8nm0V1zAus/mDY67jJcbkCGwH839J3s +rVzMrnXEVeoubEr0u4fPB4ulsT1uufnmRPjO+Gw4ToqW+QB8aUX1y0PdxaV2K17g +HD7N6TaLZzXLZDhXB183tMKgOMTzAN/+sDofLUgAT/npO35bAbMmbisCk8Alha0= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/nrf.csr b/configs/open5gs/tls/nrf.csr new file mode 100644 index 000000000..e870777e6 --- /dev/null +++ b/configs/open5gs/tls/nrf.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPbnJmLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljC076QhLApmNJCVD15A20XX8OlQWLyq +u6lx5G4+2UDCwQVqXLwFGIdsK4FxF0aOsiAe2jIUkNbfCLe94qf7GRShJNwh0dqE +bCifqevJbTj15/m1XYK02p9Gi+BUAJ0qHtAiu4jKpSElQQP6WbizXxomMpvxBid7 +iOXXy6cznFCR0d8vZtGHsJ4FlX38bGNjI0ZwtBRZ/VCZ7d2ou+rnf1cALEGvw2qZ +hIMkaWtJEbSLjPQVprZmeed6k5PJG620GtGCx5vOzOHV6+D/NaBzmGwwOvgOg9U5 +9Z8CKE2RearYsXmRmwGpd2uRBLqtmzFXgpEXXKdp8w3GnQTYjvrxkQIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAD7FDen5uEbzgzjW6w3vbyKw/irx+s59YS9zLnrc +K1l4C/eGUxOjXzL1i5th6TJ6y+860OalWfui1JMfdKFXAz4a/wGhZGbGsQelau7r +lQTH1nlm+b5BGShGg0R053FuX3PK8vKBpZzPRuyn9n6unc/PKzoRjub5FXKZnrVJ +8rDz2HXi7ZdxBrU3FUU8dbiTuROgsrCEldyndxhD7vH4mJIPM/0+j8aAU0t9GbRK +pX2Jo1z0Z83NxKegAtMXho0IoEpESEMZmYStBreOY2mp38Zw3+hEJV7SP3nLxr68 +J/c1HVddfoLt7N6mKvIuVbWK7OxkeFLVGGq2o1/Gs+PkVjw= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/nrf.key b/configs/open5gs/tls/nrf.key new file mode 100644 index 000000000..8b963976e --- /dev/null +++ b/configs/open5gs/tls/nrf.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWMLTvpCEsCmY0 +kJUPXkDbRdfw6VBYvKq7qXHkbj7ZQMLBBWpcvAUYh2wrgXEXRo6yIB7aMhSQ1t8I +t73ip/sZFKEk3CHR2oRsKJ+p68ltOPXn+bVdgrTan0aL4FQAnSoe0CK7iMqlISVB +A/pZuLNfGiYym/EGJ3uI5dfLpzOcUJHR3y9m0YewngWVffxsY2MjRnC0FFn9UJnt +3ai76ud/VwAsQa/DapmEgyRpa0kRtIuM9BWmtmZ553qTk8kbrbQa0YLHm87M4dXr +4P81oHOYbDA6+A6D1Tn1nwIoTZF5qtixeZGbAal3a5EEuq2bMVeCkRdcp2nzDcad +BNiO+vGRAgMBAAECggEADL0D06F5mMknAwVSRzPoz1A8sPew813JI1KLUOMS3I1U +F1f0vfnKetqdj5ESfPVki/ISe9IskV5QG2auKceykd2Aj2ZGTgy5F41YgWp4spVW +sf6pZc18tmA09Q8pQMYTuPpRP9Op0Fif1sRWGv8B46qNm9RDHJEDtsg7xc+gHn1L +oeMNin1jZvypm/ZHv0gv2s+/ziOP9ZLcEsI/Zp8ljlGMJJ4Gv5bpZyZB6MCrC1xI +2EOBIeQbO/DnvKw5tiflIiiE+UoTcLvRiX0yxS9IpcYTpV65uwsBsmj+yeg9eunh +ZhoQNnEYeTwHpdzCX0ZO0IwTacb/gElutJ1n/FlMUwKBgQDKHh9UZYx1ejPrCzKT +jyoiXClNEt14Ze3bh3hIgDLaENq24jadNYOfTyCwPd1CGYYkgnNlY8VWBtisafRW +g7e28VGrzaEoYZ0S8p1vNsMabM1oWnq/P/oy0vY9YFvth7lZdlegDj8om+7tA0L/ +q0bDpcU0rQhLzxGExJaLJUjlIwKBgQC+OrTxkfrPvK/CIXole2Gu/Se/5smWNxGc +LNuX39vgIzPvSf1I9rHCr4omqHoeFooujTckfNKR1yc6x/a0jPjDD35ztmPmSKs+ +8PCmhaq3yfjYnt2+0oZd3KVZ9acayNJ205/YVYxG27Gn8s2V2TnEHMXO18NZxPnL +KHKDCGm7uwKBgDf7L+JIXicLueWYLGICfUEXFblrSDxYvxDW7NHn8C3GDU4qScYx +VEuDtyIZgHcWarkiCKREhhvVuZ3Hmw17Xh8lp+FWCxUMNF1TJZfwKwneqOYGaYkf +R0VceSd20P9xYD0PMiX6zDOLPRoYlS4LWoZGG+EDLBETQV7stGXF5fLRAoGAa4xN +WHYr0t7ej2bV4/MJmyFNI9WbCu4/aoiB7i+F5AaDCjpOlL3EaklMVebSg8hCf2cf +UeWwNvvpFfaPqCw7SCyuVUU83akgCAm4RK01g4sQwYev3n6vsMlaQq37t8zqEHw8 +1tYm5Li4jDddu+aAHjwWKYcaztnqT82iUCqlfJkCgYEAyK8xQfiWNPWADHILRDy0 +xtI415k+skYDx77dSmancF/10PGaZRO+UWI/EfweV8lR6ChSf9MuJxKZXOGupv/N +2MY5qTAJ0WluunA/bGRS7VSzetq0ZC2LOLlARqvZQQSVINq406eUjhLzdwJZaR8z +dtlKQ+91L56ELsd1XZ5DZfQ= +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/nssf.crt b/configs/open5gs/tls/nssf.crt new file mode 100644 index 000000000..0aeb86f79 --- /dev/null +++ b/configs/open5gs/tls/nssf.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDXDCCAkSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjZaFw0zMjExMDgyMzM3MjZaMEsxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX +BgNVBAMMEG5zc2YubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDIrtclpBRox3SHlIWyxwKH/u77/UP+ML6C6AQOfsI6j7+G3o73cqIb +zVlpFCfuy7Xh6+Y6uLqLQccNFlj0ckX/k+T3wR3Xpj6YAJ3W9ynPcgDWDK75Mlta +YDR1r69mkZ+SvDAE2gjHgv9zb5Jujyd3s419wHv5qzJQmgEMmIfRhP3sBJNw5+GB +D226dIR4QWmySrNku3BpTXrmKT8piStnnpWvEaoIBrYcAhUvFkETpWv2FIJyQJGH +Ku5894DuK2kEdxhA2MTAeEOxRnq9Xfv4Qq9JpyYNRLSfpUeSeJW3ZjCYan+mpciA +y7QPY2dG/RraGPvkGtTmlBEUMV2kThYjAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD +VR0OBBYEFKDi3dKxojvcTkXTSa6mQwULPtKBMB8GA1UdIwQYMBaAFLFq+pyZvAQq +Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ5p0AF6bwFB2IaCdcpPix +Ai8kh73og4G1fi6+5m0Es0Sj9atAS2jFerPw4w8qLlWQCQUu5c9TFRmC29PmYMKd +1uPFfxOoaw6ohnfqbrmZyNOFpKLSYAi7VAcmVTt2ErolVAkWxknVTNFbC4QtgqOl +vH7WF6UjRXpkGdEcDewBcNjo/GpMacTsMGpQrb09JH8Sfvi+O+RDJY3kYI8e8glx +ejonu+gKXxCEZf0ALI/dIGyDIDTG30nShCMSBjOy+VjVFt2W9PFYykEc0yOpa+jX +C0nbS8zvC0KnCFeIomYUTbkOj3mgEWKa+gewXkFA3+i8XxOPBbmsXU4cWyVJ3sBp +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/nssf.csr b/configs/open5gs/tls/nssf.csr new file mode 100644 index 000000000..10533f264 --- /dev/null +++ b/configs/open5gs/tls/nssf.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQbnNzZi5sb2NhbGRvbWFpbjELMAkGA1UE +BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiu1yWkFGjHdIeUhbLHAof+7vv9Q/4w +voLoBA5+wjqPv4bejvdyohvNWWkUJ+7LteHr5jq4uotBxw0WWPRyRf+T5PfBHdem +PpgAndb3Kc9yANYMrvkyW1pgNHWvr2aRn5K8MATaCMeC/3Nvkm6PJ3ezjX3Ae/mr +MlCaAQyYh9GE/ewEk3Dn4YEPbbp0hHhBabJKs2S7cGlNeuYpPymJK2eela8RqggG +thwCFS8WQROla/YUgnJAkYcq7nz3gO4raQR3GEDYxMB4Q7FGer1d+/hCr0mnJg1E +tJ+lR5J4lbdmMJhqf6alyIDLtA9jZ0b9GtoY++Qa1OaUERQxXaROFiMCAwEAAaAA +MA0GCSqGSIb3DQEBCwUAA4IBAQCFIub4/cIs9fJihlSgOfkqR5BVjv+UZgKocmPz +wACPxgLeXGzH+8aQvCnsmb9p8A7r4CamKkpzeJHuYyzLj2wqTaif0gsAvVnjkksi +uyxZtkWV9HDKgWYIaJnCYtKvAl7qKiY6DDk7McqPcGnI5zjYakxi6pLE2ZC0TUH2 +M0Zy54Tzj7rC889TfwGjbPIPm4mqliy7isxDJed1yiFizG0RT3CFB2qnjxqoU3sa +x0fYGWP7mcNuioBU2VyPHkc8/8lNM9sR7+K5Ne8Orq8ooeb/kTdvGZJ5MX67W2Bz +g+TwAs7ZPD4+ZGNIihlIMl2w8aOibYKmdIR6sc/01GHDhmV+ +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/nssf.key b/configs/open5gs/tls/nssf.key new file mode 100644 index 000000000..b4eb3be5a --- /dev/null +++ b/configs/open5gs/tls/nssf.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIrtclpBRox3SH +lIWyxwKH/u77/UP+ML6C6AQOfsI6j7+G3o73cqIbzVlpFCfuy7Xh6+Y6uLqLQccN +Flj0ckX/k+T3wR3Xpj6YAJ3W9ynPcgDWDK75MltaYDR1r69mkZ+SvDAE2gjHgv9z +b5Jujyd3s419wHv5qzJQmgEMmIfRhP3sBJNw5+GBD226dIR4QWmySrNku3BpTXrm +KT8piStnnpWvEaoIBrYcAhUvFkETpWv2FIJyQJGHKu5894DuK2kEdxhA2MTAeEOx +Rnq9Xfv4Qq9JpyYNRLSfpUeSeJW3ZjCYan+mpciAy7QPY2dG/RraGPvkGtTmlBEU +MV2kThYjAgMBAAECggEAHfOlE250cq781WogCkQUPKKanewkRGvsrd0IaKFtRmWY +pah8mLH4lUMGH94Xl6xlGQhRnwdd0Cr2anL2E9slAgrbbEmGYAk6jl/ehEGfcTay +qT/QsvYGbGwEvbaFlz66HPcOs6qsZMVIcGeBPhRfmkindX1Prj5pjrNtif5knFXZ +YezQyv32wsXn0blE6Nfz7s6udA2JOhEj9hbl7VpK5Diq9X7zXD9eLlEB2vcF06xW +u3mMZHCN0Bl9Ftq0KM3Mn56GjqIKMXZpQOZGL6hwKbQQRgLAwWqGGkQASsd+zpIJ +i4NTibBDQarf6Wiob6SluEkpeaCim3cvf+lpHYCnAQKBgQDc/1StN7SB5Hpw6ApF +RkWQb996UnmM7DUQp4G13iGww4iC9+pC/F6vb3WwcjITmxdLbSWPrMByTPzUIk+y +kkBRD/TaAfPqSRsect9DjMhNyjxjSYL46jH7sR9VhebmuL4LhD2OpSPNGsnJwZ7O +GcWWGRcEgQdMiXZTLpZhgJ+tXwKBgQDod9TRgADMMKFF55qCa5M+a/Jp2s6pgFBN +BY8S0JApcOec0EyUZZ4fKX+vzP2PvQj4ITbEwsnnYDxGUIp76Wgo6ZvD50nSaxCC +/liDY0pPEOFTIootByPVj56nrpBQ5Rcuon7DcIS2z7kCnoDZ3d52UTqXjuu1sQet +8B7L8OVJvQKBgQDICwvgG+t2JJY8u54IZPq1Kr8035ENYgcKw0WjlaYTdnuMadMQ +vZcL4K28gTIZEys76Fm2ux4cmNnHQCO6Na6ocfQmntvmuDQnFL5KTBZIbAbLrRA0 +NvH1rbf6V1HSiWnlzNdX1t4YW+ZKjcwtLaDwJFf0iMNNoaSM2T/glGh1qwKBgEB5 +5AQLTa1Um5Zo61ja/2bjx8OGVaV7mkoSjaE5SZLE5uh+eY77NEUOXITlBTrVwmQX +yjn+kMNk1LLn6dD+Zs5aJMLMJpR+74B1jRU798NAOk61mL9uaIj2IZn+d7aII8ri +dOg+EAEoUfchATnsKKSGWQrqMAQfyrJ6lAAam229AoGALHAQxLc2fXztnZ7g2ftw +YsjutOSPPf+xBWZBVILYQMdY7Y3bEMIuz0oJqWSnvJ5ZMz09JQwoz9EzM1PL7GJ6 +PVlNNqqWdHtDlFamXS4rUXdsJLbKdoHy51bG1qIc5euYutpSUpKuc4n/g6erz7RD +iJue+kVzeFjZeLSMFeoN5dQ= +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/pcf.crt b/configs/open5gs/tls/pcf.crt new file mode 100644 index 000000000..0833ef40b --- /dev/null +++ b/configs/open5gs/tls/pcf.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD3BjZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANJDzsbZ910GqsJTS2Z+FKu3KnNHtPUvtJ4/pXdz6b2s9ECm0bPpTofQ +7N17yvv1GmEoBiCEpoz13q6ZZ/CCW4PLXUTXQzKsB3HVbm7luJA9JziKbXnSrGnp +SQk97HWN1RYdTKQKi46JaEg8MfyImeopyHQUmYbyg6oJSm/8JyXT9LAil8BJeLgS +JpOGvhE+Pus1+7XS9hswr/zz/6jiy2i6Cc5AKxF1Qp1qp69/8EMBFPRtxiHkwnQR +jMS3A7sk8N4z2P6JlRx3uBHvrActS7Q2IAUZHCqGPO+atdWjPpZmDJTTkiBcPBid +xNBM1efy4xtCbJm3bXQStVgELdXxZwkCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQUAPQBjYhnG8101VwEMOb7qk7Lix4wHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBADjP6PVyrc5X0Av/FvkODQ0f +9FcVH36olgqHMXH8HMtSaLhWB/NdOoeMfNnrZKlJJe12t05vd1b6c495Xg5bCpCn +14wjUg/TM4FijXECGl0KT/VvPd+DI6sJiDgJB6wwVQoujY8c8k3inPoRBmPY56C6 +6UeD+NA3rUKnCas2yKq+eR2l+U48nfN9Sxdj5/LAQeY6CEaKKAdLZoN5YyxzZfTZ +esG7mPpj5c7+oF2SBk7NEf+3yT8aZ2Uy20GXwLnQYk9d92AWUtBywe1LXgJxY3Yi +snDuwEymRteXODzjMp6JXsCUwZ7e2e2QvTdDASx1QREidr9z/ddcpnXQWwQncHA= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/pcf.csr b/configs/open5gs/tls/pcf.csr new file mode 100644 index 000000000..2b70e3146 --- /dev/null +++ b/configs/open5gs/tls/pcf.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPcGNmLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kPOxtn3XQaqwlNLZn4Uq7cqc0e09S+0 +nj+ld3Ppvaz0QKbRs+lOh9Ds3XvK+/UaYSgGIISmjPXerpln8IJbg8tdRNdDMqwH +cdVubuW4kD0nOIptedKsaelJCT3sdY3VFh1MpAqLjoloSDwx/IiZ6inIdBSZhvKD +qglKb/wnJdP0sCKXwEl4uBImk4a+ET4+6zX7tdL2GzCv/PP/qOLLaLoJzkArEXVC +nWqnr3/wQwEU9G3GIeTCdBGMxLcDuyTw3jPY/omVHHe4Ee+sBy1LtDYgBRkcKoY8 +75q11aM+lmYMlNOSIFw8GJ3E0EzV5/LjG0JsmbdtdBK1WAQt1fFnCQIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBACom4xjdCg4uDodIeninSNXwaOFK4g3zI6aIDyi2 +FhBxDcutDAAJHnXTOxVNWHan09UiYUeCRlh22NXfOXTAkR2cWDDizIGlcw7IUPal +5+AqgyoBqZ1sD51+oDkZArZad07HbaBgkHoCDBDnGcWC7E6tpd1MniVuv5xPGp+g +TIEKR9wEiHsUEePON9rrIqntgvpq8LpHVv9+BDdn6AEbkAim0U/IvHcmCjIzwp+8 +N2iFBuqngt/P/v/A0/eL06qqWIpVuVpBIYDdd6JrMMM3QWcATiFTVX19Dpov0dRN +2iR9zsWC2Z/NYPQzGoJyKees7prTXpOyS/s8LLMTAKGnxdY= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/pcf.key b/configs/open5gs/tls/pcf.key new file mode 100644 index 000000000..4c01d3fdb --- /dev/null +++ b/configs/open5gs/tls/pcf.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDSQ87G2fddBqrC +U0tmfhSrtypzR7T1L7SeP6V3c+m9rPRAptGz6U6H0Ozde8r79RphKAYghKaM9d6u +mWfwgluDy11E10MyrAdx1W5u5biQPSc4im150qxp6UkJPex1jdUWHUykCouOiWhI +PDH8iJnqKch0FJmG8oOqCUpv/Ccl0/SwIpfASXi4EiaThr4RPj7rNfu10vYbMK/8 +8/+o4stougnOQCsRdUKdaqevf/BDART0bcYh5MJ0EYzEtwO7JPDeM9j+iZUcd7gR +76wHLUu0NiAFGRwqhjzvmrXVoz6WZgyU05IgXDwYncTQTNXn8uMbQmyZt210ErVY +BC3V8WcJAgMBAAECggEAEobL/ORuscEpIZcyQRUh4CFy+ZZbYPEzom/sNfK+KSrI +mLu6JXaMp1Xm0Psb3whxKxdaNtpJTIlLdinpKR1rT9kG3k5zSs8ylrqeEOJn2Tmy +L36u97ly3KAkAc71e0Qkft7VBm0xb702tYqsQtqMaUAGPAgmoOfUZxKLfwOCNYhn +FvD76Qvv2jOwO0UvDzrlOdDsLiDPqYGR+4VhJOGEBVzZnQeQswbhTEj9JTBNc6Dn +Gvh5ZxhaV82yxpB8J0JVWESb3w6KDnDpCskW8IVznjr4D2hxjQRjDXx4IMcWtCVg +BnEknKR74uSaKZza5jwGf6XwoA1YlkCNbEmGeZn8yQKBgQDlFGx/KkSNIeDOUuFQ +9la4jBjBf0RQkost9h10SVgk7UhnUOdhAzd8gygAdL8opesoVyY2lbIhv62iH+94 +5Eoh0mLT9siKjR/d56wyQRccrjoHLt91GnD6qKeGO0hbI5QeeKbdDrbCgzEpm385 +u0HYLhlkM+bpPnMDaai5wgnPpQKBgQDq+Vx2K9lNHN/Gdz7vq0xn/oGeiT0EWQAl +nGD9E03f1QYsSA0DqX3MWJ+7rmXHxZcT4HC1DNcgpG27mEnIVxw3n3JoPWaY5DKd +BXvQEA+SaNfXj+nEQft/mFgVGmadhnS8IgTk3obAQXVWXrgV/0xO4YaQH4D/08Zp +eeWr7neclQKBgBceZoy24VA0+REZgC/BjKL3UJBGnchb4bvzuKlBtamUYNg8a/14 +a6MfQWw6XAhoJkFd+jdMCDwrsgRIoMxcjba4Gs01fKuu7mZguRohQ4nbc3PCIT8a +Ogix+KYtWXIJNyuUFZL9pygeQVnnnYFgCpccn+di7Yzgho7znNmSYZcZAoGASOpi +r+UBhLVuF5dPd24vwqGutXSe86durT0ut7ny03+2b61YJIfHGs9xmfsPaIO/UxK1 +xukaJO4Bg1JJqxqlDfmztfc/zDgcIK/f8Pva6TMRr7nf7+AN3FV5F+teZomf1fW0 +kRUgua5WbBvughz8IApKCJVOIZUlH/wMsmLIyVUCgYBL9vzRI1RliwBWZRRHGuuX +Eg2x3GUvIAMbA7Yfpd08VCkxPGrNtPjb+nPbV5zHf0lSrKsBzCtgy6WAulhUGTBw +tfcU//wg+1MDb7OY3ZBy0+8e0FDfS674DnD4YT7E+RoEqSrNPJ7v+Z1+LjkQPU/k +58Nf0K4LaLiLah5T6dNIeA== +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/pcrf.crt b/configs/open5gs/tls/pcrf.crt new file mode 100644 index 000000000..621c33cfd --- /dev/null +++ b/configs/open5gs/tls/pcrf.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDXDCCAkSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEsxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGTAX +BgNVBAMMEHBjcmYubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDMiA6Y/1qYyV3CMfVer498oPZNlnjciFECal71JbgigzvUUAIXT5tx +KQUWKTjeyhbCGHMekwuyyUoljo6jMIoYFL5m1DKS6GV9mQgOhj2QpDEN44FFWm4B +BRM+pHxXr71h51lXffH6l+wt1O7Y76ok2ZIxB8vzUUfKzmeg6wUQntS4oWuzZCHl +5Ca/5FaDcty6H4ixE1O3+dRHPmbT+aWrZwekZyrOXYnOd4jNlJ9mz8STXLP+mEEH +X3VbPkBOwFOHNq44WHYzZNj0CEjVghWWtse0T5V3QWluYxiBmJF3q9sWNe6bn9FI +qOeJue5TzhqsldDZ75qhmvpRn7Kn+hz5AgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYD +VR0OBBYEFGyP1+kC3lw5HoXa6O9i41J/tZZqMB8GA1UdIwQYMBaAFLFq+pyZvAQq +Qohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQBkZI1BdcoRFyQGCb5AhiXc +Su7MlrdPBACUvXqF4R1OeNUAa6dwlFVINxZmrFYrJ2MCo+4KBURXEBjugLloWGTP +ChsM7eRoFniCQChWkEjoaTe8wDIWYSyZ6tBfiDgdM87uP4rbK9HO7C5lByj9QtAz +OHYbkv5NEi5j+S0i9et9jjXoHjtqBRnlzF3lSWc461CkJA1Dgv6jldY+ozhxJlPq +ZWvLc+8B44pgsQYkwpsg3CFESNAUa02h7qynswdmaB4AtPON13qjPzZxuawVco6K +Fuy68CkHwwUTk3Qq2Nd5DLE5yOstiUOpJJ5qlQy0Fkp2SG+FEC9Rlfbl9Eh/Yxua +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/pcrf.csr b/configs/open5gs/tls/pcrf.csr new file mode 100644 index 000000000..83237aa26 --- /dev/null +++ b/configs/open5gs/tls/pcrf.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICkDCCAXgCAQAwSzEZMBcGA1UEAwwQcGNyZi5sb2NhbGRvbWFpbjELMAkGA1UE +BhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyIDpj/WpjJXcIx9V6vj3yg9k2WeNyI +UQJqXvUluCKDO9RQAhdPm3EpBRYpON7KFsIYcx6TC7LJSiWOjqMwihgUvmbUMpLo +ZX2ZCA6GPZCkMQ3jgUVabgEFEz6kfFevvWHnWVd98fqX7C3U7tjvqiTZkjEHy/NR +R8rOZ6DrBRCe1Liha7NkIeXkJr/kVoNy3LofiLETU7f51Ec+ZtP5patnB6RnKs5d +ic53iM2Un2bPxJNcs/6YQQdfdVs+QE7AU4c2rjhYdjNk2PQISNWCFZa2x7RPlXdB +aW5jGIGYkXer2xY17puf0Uio54m57lPOGqyV0NnvmqGa+lGfsqf6HPkCAwEAAaAA +MA0GCSqGSIb3DQEBCwUAA4IBAQAmSA4jedvdB8xQrrEr5eJwAiBv72vu6t0okW/v +80cLid140/stZSNHdJ7dXlXWhyWfCxS6dMVuXhYBgRCucwVpMjU2CX/ukhzT0JQW +kTrdWCsrqzHnD/ukGQXA1fvaMHTLUzcBe/CznS/H3pVkSjdtiENZhxZwghigI0dP +hePe2O2GmhKXCl+mtD08Wo9cD5NuDj937Wa0x9JHsjsoKxBRVvdmOXBrAZ+8p2k1 +nwwadBpUpGLbMDS19CMGOXjRpITE1lhXFDn1xtQRAM0eYE93jLzUE+i+o90CR24Q +g21BL9lz3emPLDHgKB1PXdp2azdfd+cyVzDVGrzEFdFoqxNT +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/pcrf.key b/configs/open5gs/tls/pcrf.key new file mode 100644 index 000000000..eee24198c --- /dev/null +++ b/configs/open5gs/tls/pcrf.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMiA6Y/1qYyV3C +MfVer498oPZNlnjciFECal71JbgigzvUUAIXT5txKQUWKTjeyhbCGHMekwuyyUol +jo6jMIoYFL5m1DKS6GV9mQgOhj2QpDEN44FFWm4BBRM+pHxXr71h51lXffH6l+wt +1O7Y76ok2ZIxB8vzUUfKzmeg6wUQntS4oWuzZCHl5Ca/5FaDcty6H4ixE1O3+dRH +PmbT+aWrZwekZyrOXYnOd4jNlJ9mz8STXLP+mEEHX3VbPkBOwFOHNq44WHYzZNj0 +CEjVghWWtse0T5V3QWluYxiBmJF3q9sWNe6bn9FIqOeJue5TzhqsldDZ75qhmvpR +n7Kn+hz5AgMBAAECggEAAyK73I8fp7OAnztOWHkHEWFTXV2m9TSWz1troMUHBWpv +JqJiYdKb3riDBjO0FkBRaIDg9PFKrt9Epn5AxBI4r8VTpPZwXw22jp4jwDtBIuBN +izm3b+WCxbu6740shdihJeja1wtMhCvDmHFJByTnfiCiy+MjdpPCrsKK1q37uiU6 +NwQM96hwi6TYTX/i2FcTgB8TtPmy0hKiN5pUdWYGNq8xjNAKarNptELveOkTDmCc +dlpqS+4ii5BrADrNDjuP7FS4KnBn45vEB+y13OAPrY2TvbfQDBI4i5HdCVw3zo0c +NOf+TpJykg+Cxa/WqutX8im/3X8K8WymkcfdZ1I0QQKBgQDdadXvCrJNz8j5o2OU +ClCvkFnPoCiySCT19/RN6C45C/LiWi67OxcD1kr3uWMjblPwXoyrfZnxjraOpeaM +fVXnzNbqD+Rnre5/YskvU5hcgoKrAMSgcwa2wc/DKPrgj83PWaxrxLKCguPIh6zk +DTvAFsx13SBQuRQwiAVyJY6KIQKBgQDsex/TndN4+kxdPhZMENExoqZ9wBvLFuvq +q6ODTSDw/yahPlmAAuqyIYq3NY8Qdi4IEKnna6wVVBtZU313TADVntIKT+1xsdHp +SLKChdFggqdUXIS1/FOCosoWCaFHe0jM/YVxn+QpooZLWtEjTofxGbfEiQf+sKPV ++KDED5wn2QKBgQCM/wazMLaXAojTIA8biO4UvvHSXAVOcs7Gq92xdvdocIl9RzyX +Emv3j5Ex66aMO4fMfAlMc7GCuATdFhyYvn/kGveJGhGzTHmiOUAwmSVfU+TuDJEq +M9XEr+skNoZ8VlcTgeFgx2N95Og1HOEmYJ76Fgqhy+z2OsX2mcgOBoicwQKBgEah +R5I201CQwXof7xzs8O44PC3W0PZJdFD0zrOKt8oDCxChxK19MYfeiMXLk11BTuJN +x9E80XrVUg3N5+1Xn/AtrWIzGSIaEC3y7o4ZVb3TiBKkR2brZC3iXSVT3v2wjr/b +AJ49OTJOPnoHN+upquSR39ctblvdejGQPsQQPX2RAoGBAMPEbxnbW+4ueDqDLjZa +Sycio+MO8wPtsBL6g0sg80zduoBLPb0djCSiqYCTEgwtkYG9oQtKYvEycvb8h1qB +9TrLpwWTl/k1ERmjME94Kf0IJZU9KInq5zmIKAn0iIdoHjSWK78JiOMb9pw2A44V +RmU/iXW95u9YMWPrtijdc/9y +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/scp.crt b/configs/open5gs/tls/scp.crt new file mode 100644 index 000000000..092a53331 --- /dev/null +++ b/configs/open5gs/tls/scp.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD3NjcC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJ34VbJi6C7XISkQdq0pKXcTITsG8w41IxlFm4nuglYyDWsdQJf4+sGO +I+E6E8b0LVDkUljh4cRD3ZTZy/MlBC2EHIi1zP0ZRDzl6Av9qVUhCkQ5bviPmvUe +fQp63Suo4MzdzhbAipzsEC/zFDdjtjHKziV16zxjzpWoR9Qhr8YzLWT4t2wxJVP8 +lOlgAdkWYPDW6/PAz9PNmJ0xuhtMC04Ia+RHxFi4xeH4umBcp2cHbdup8fW+sI4Q +RSg6449FiL4XlElggMpNlixcvNE6umzCAS5rJj2FIODd1i4J7JJjbs2nxZWJQTj5 +B5mpvFr5UlkKAxNVDfEC1jNzkS7ttscCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQUGcbPg++D5U187URxcjqTsqmmAogwHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAD3hPDcxv6j4n92UC/+XSsLQ +cR0gZH454Y52Tocee1MgbQeDQauJAVtu4A79reBDmL8pVF14auBzLqLdyBTxAfOn +4hcbw9OjxF/eKeNvYXL4tNu4KzZOoZuUiM78wnvJQObRp+30/dIUHt5B2nuKdStI +kHgQrUXMuvJBCzmDKqiyDkkY8gN6/no6LzHQcpC7KiAhhQZ9s6IIgg8ulVqgeLXd +Ia7Jit1Abm68+JDifwof3IGF6fzjxmWNzifxlVSgbMWMOnmgIVXojZrS2ofiJ2es +VvLkGvyeCQtUV0NuGNS5QHyKN68mfDNRbk7A5gcr4ga9YzXHc9aQ5VJZyDvax3I= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/scp.csr b/configs/open5gs/tls/scp.csr new file mode 100644 index 000000000..00ff2844a --- /dev/null +++ b/configs/open5gs/tls/scp.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPc2NwLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfhVsmLoLtchKRB2rSkpdxMhOwbzDjUj +GUWbie6CVjINax1Al/j6wY4j4ToTxvQtUORSWOHhxEPdlNnL8yUELYQciLXM/RlE +POXoC/2pVSEKRDlu+I+a9R59CnrdK6jgzN3OFsCKnOwQL/MUN2O2McrOJXXrPGPO +lahH1CGvxjMtZPi3bDElU/yU6WAB2RZg8Nbr88DP082YnTG6G0wLTghr5EfEWLjF +4fi6YFynZwdt26nx9b6wjhBFKDrjj0WIvheUSWCAyk2WLFy80Tq6bMIBLmsmPYUg +4N3WLgnskmNuzafFlYlBOPkHmam8WvlSWQoDE1UN8QLWM3ORLu22xwIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAFRCjdAFXqzb4Hb9ssaABrW9nDwO+ZTGiMeQg122 +RJ8TiH0jq3qurRdq6owPDJiqVVNklCdba93fB9TRqXf3E8RKswp9JfM3OfVdpgT6 +gYoQcJOVsY1iyDbC/RQZvDGprAF/zUI/7+Lgb41CHU3rd2XOVgZtJf3NeBHV2ZmH +VMnPW8t2KSxtDiCNuAePfFnmUfSYZfTqpyswO5nO+qyfazyH1teLKcnjrHi5yCXD +r32l1W7sP46pQukJjLgEKQA+ekA7pTmqENJLY9a01yY42N/ZB35fXNuxeJNS0I8Q +Zo4AoFwBWINSTiOF4/n1OSIctmkxc/51dKNLWu3kZSOholA= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/scp.key b/configs/open5gs/tls/scp.key new file mode 100644 index 000000000..a09c2acf4 --- /dev/null +++ b/configs/open5gs/tls/scp.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCd+FWyYugu1yEp +EHatKSl3EyE7BvMONSMZRZuJ7oJWMg1rHUCX+PrBjiPhOhPG9C1Q5FJY4eHEQ92U +2cvzJQQthByItcz9GUQ85egL/alVIQpEOW74j5r1Hn0Ket0rqODM3c4WwIqc7BAv +8xQ3Y7Yxys4ldes8Y86VqEfUIa/GMy1k+LdsMSVT/JTpYAHZFmDw1uvzwM/TzZid +MbobTAtOCGvkR8RYuMXh+LpgXKdnB23bqfH1vrCOEEUoOuOPRYi+F5RJYIDKTZYs +XLzROrpswgEuayY9hSDg3dYuCeySY27Np8WViUE4+QeZqbxa+VJZCgMTVQ3xAtYz +c5Eu7bbHAgMBAAECggEAFJLs2lxeYAddxsLhqgDT6THBILZxfna2OQrjTI4XRJGl +RL+dE432XrIcAy/0tnND2aa7AN9+b3jlSYcqNGMsTZ9IthdzeL1LMWFCHRmu7art +cuBGDzJo3KbZYz2IQ7DtglEbD8SI6RIns48FoYcnigmfWqqmdgmLtNsja8HtajM4 +nF9CZQvGkpM5DxXm5K6OigkZ9JKHkvw3a3uglH5uNTmf5UqMSktQQUks996lNlcF +ncjJeagOazWk5suG/fR8y7jrf2JrhcKwuYSg8jEFwf/ykAKuy0SNHU1TfF0ply9w +84HvMScv2nRsdB3cT0J2yfGhV1+y6S1tCkA1EhOWCQKBgQDY7V65kKaFJhyZDIrT +vZoJMCWfYAYe9It64LLuGl+K2b7HQWMa8AONy8PV1NPIoMzX+AKmfvo7Yt6WL4tW +lNdmQIcVPYnoPfGW+9si6ajByQuaLMYzFKXYsMmazNuIxgx/+4x7U4NJmtHxKhyW +izy8M0D2GY5wPQqKDYD5Ew2MDwKBgQC6bGsTVoUp3RyQfuH8zCCavOjJCk36pyYX +U7NToCNaDzA4j69NiDY3AQi4qjLN+qIuNh7WLi9VUubwaqiwVvzBiKe4AfVPlh2R +cOtXJZxCmZ0pcsSsMvv5JbQVLbmOTU5OVUBx1IosakXFyPbX0+HlRTCXQWV9/WGU +Rk1PvmZRyQKBgBApp3wmBfI3w7u3joR2RQrYNoVobyxRRi8ynMJW3rWGwcsw2QSB +y5H+E6pUAC+bo4eX6AKlxVk1ZaZFBpm930q0FhyECElwjBaWz14LkNJXe3DSUzYt +HKpHic3p45WORBIpGO97anXKfkf8vkKNP0o6e2Waw90i/y0IEor8W28LAoGBALQZ +nfBWu9tP5BKsogKp6i3Tp0jiDafD54bNtAdsQ/rzhXB/T6qll0rYUuakduSL6Dag +znW4tL3Hk5hcUo/Z2eHW9cFNEwNKUVJ7NsFAco/c+/pZCCwcLVXr2OhE/mi9wpLm +xZWy8bIrETEdD2w/JJNsnp7h7P0k1yp6KKKLnSoRAoGAEZOB+A1EGllcsEMX23jZ +SfECJntHZomP1GvstLvaQNlSC5lDmT6KO7Rw2RNEDJPyfelO/A17CICpDGU2NndC +hI4zzywqqsLfCaYpPz1CD/BzP4ugyXM8W/kP4w8hSlHdqgyNi+iWqeBzsrZXtHLT +4XJt75eQQ48u+NWkaQ4kLY4= +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/smf.crt b/configs/open5gs/tls/smf.crt new file mode 100644 index 000000000..66d9f90fd --- /dev/null +++ b/configs/open5gs/tls/smf.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD3NtZi5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMrZsOPjIlGG8FptBo7fdxaEKusuBoQEfSV/8KoQovMca1yn3SEiFNdv +dDG2RusBCzZ6K/bjTieYpkUuTH5nTPQiz0MRM0ErlxUXKrosZ8aalRNajveq3fgR +K7pa1tnS4iEArMwtr1Fgj4jA5B48pOQrS5vmx8w5JCaPXJ9HPjTwdFubXSfMT9fT +qcP/E9Z13zfhDZ1TStz0hYIanQZlp2BTJJgZQJ5kJsdEsp5Ect+t3ZVwDxT90iFo +1X96dR/xf0DEKHxmybrahhmePvzEETgz03McVEUVBdQMMvDnqyXicLNzLJICY0Yw +KzGeAg9Lh3PVjUnx/ctGdp8BCJRRkS0CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQU6p4PokOU3iROPZzUmvS88xnI/QcwHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBACpTSu1iB2ZWmTrR6zvnn57p +xuE7udN7M52yG58N5k+f9cwXwmvvo//VK5AkJLqc/qBERwOC1yUQPTotBq8K0dF7 +Gx+zyG7o24GjZYgJvqIADEE0pWLTN6GkkYTzYXQwfv9kPDpAWbXl2bsYoY8610ce +rRCQE7FkGuITR5mqKbJbvMSAwiH7gZ5yjjWXaUB1b6zzXiPOvME23IewgnddB3Ab +zkGqgYO2qCcelkE5ciFl75d+DovfMXQDU1qGV6s0NTEqIWy5BnYj2jKoJJp2zKfE +nOhyty5eh08CrH3PbYjmU5pNP7/ibG0oVJR5xLx5SWlPCbkEImcOwUH1cCoxEbU= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/smf.csr b/configs/open5gs/tls/smf.csr new file mode 100644 index 000000000..ace7d3fed --- /dev/null +++ b/configs/open5gs/tls/smf.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPc21mLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytmw4+MiUYbwWm0Gjt93FoQq6y4GhAR9 +JX/wqhCi8xxrXKfdISIU1290MbZG6wELNnor9uNOJ5imRS5MfmdM9CLPQxEzQSuX +FRcquixnxpqVE1qO96rd+BErulrW2dLiIQCszC2vUWCPiMDkHjyk5CtLm+bHzDkk +Jo9cn0c+NPB0W5tdJ8xP19Opw/8T1nXfN+ENnVNK3PSFghqdBmWnYFMkmBlAnmQm +x0SynkRy363dlXAPFP3SIWjVf3p1H/F/QMQofGbJutqGGZ4+/MQRODPTcxxURRUF +1Awy8OerJeJws3MskgJjRjArMZ4CD0uHc9WNSfH9y0Z2nwEIlFGRLQIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAL883rfAD6ZTH1sxq7vdKax9V7R01o8b7IdQcV7M +nwZx0wIH4ZGef6LwUXfWa07X8DxlySPxiMwRitkKWtJ1D63AgsfUhi9UOHj6IWjW +skMVn/uczTq7eIZIjICftHVVvYd7HteMYxDLrLwWCSCE8P+UIE23eHrY391QOXjY +J3OUXb2kvNK2snEvAL3h+tULePFsUqZix08c+L2DtjFmb2xAia/jte3Qii8nj3et +9fw6Xl2yjM/fJ+pTwPXlmALvfzSxCFyBLdMAkuB/DeXeMsAEB6Z8S25lFEA3H6CD +F27mGEVKeSrH2c9O24N34vToOZ1PM5rU9dEVD71Zj107sG4= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/smf.key b/configs/open5gs/tls/smf.key new file mode 100644 index 000000000..b2df6cd54 --- /dev/null +++ b/configs/open5gs/tls/smf.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDK2bDj4yJRhvBa +bQaO33cWhCrrLgaEBH0lf/CqEKLzHGtcp90hIhTXb3QxtkbrAQs2eiv2404nmKZF +Lkx+Z0z0Is9DETNBK5cVFyq6LGfGmpUTWo73qt34ESu6WtbZ0uIhAKzMLa9RYI+I +wOQePKTkK0ub5sfMOSQmj1yfRz408HRbm10nzE/X06nD/xPWdd834Q2dU0rc9IWC +Gp0GZadgUySYGUCeZCbHRLKeRHLfrd2VcA8U/dIhaNV/enUf8X9AxCh8Zsm62oYZ +nj78xBE4M9NzHFRFFQXUDDLw56sl4nCzcyySAmNGMCsxngIPS4dz1Y1J8f3LRnaf +AQiUUZEtAgMBAAECggEADlqgK0gPziAT0vpDDAohFa1Nki3EFURyDJzEjWw286gP +qtNQEP+l5ObEnJ3u38NHpVe407Qa/C9PmLahgBJUPjRWYUMO0u5ANyRYCCuLPmEC +6ocudbUYFu00IHA8ItbK3JX9JEeZT9Na5Mztd3xIGMM9iu8mNTvX5Iihf73dV4aK +AtD1L5fCGckEJ0Va/xLta0sjdxLSYMIzacIpn9gdK7DXf9DL/eTACrf1U2ZAMQRr +plKeri4OFBjMBy68kdpPF5ZyQwj1Plx6E2Dm0eNzsdF1zSkP75BYbi3OaIJR77Xk +jp9lQvkP74e2ItzYJn9sGWhwAW2AiQt1zn+7v5eGEQKBgQDSajh8jMvFt93GgCqR +OTGR2s4k4jp2XvcEWnJJax3ksqiGHMhlvCQDV/39saTcLUvc+bymtMc5Tws2ewaS +LstUeBh/GrEMn8tQH7TXns+rq62I+CwSYzYqu2/uHBHkk1nXrTBxQ4LE/l4a6ZyT +eVHr/x4iy9KMF3WhTBJytQJfFQKBgQD2y+7s1Hh7r+THSgo1CBZRtlw0CuA5EOgM +iuglkU2cbx8q/XdXb9u6sLfldHGu3E18TYUJqPTrc3PVSEEA948qJ527PZh3VxRg +L64M7gt+g1MqyZvuRYzTZOMBcJNJpfJSnP4mPY+o2L7mNpAS2Twe2K9/zuIWyChy +g6xbVw4vuQKBgQCOGWQKYP9giHqCip20s35RdQYQjKNUu29whjB2epuWjj0XTSrc +4cEkbPE/ug+PDhwUoKeRobaFcmctJMpcQLPaWLyaYgk9cFDazH7RuxOeaPNp88e3 +pz62fxzpHhXLWuOqrvBvHVub8/jTjf7K7XywtvrAHwwSxekPxBMVWj6+vQKBgHWS +H4d5jNA3skByeDxdVuykeHZefAUTlchr4D4NY7DTi0CasWDZLA9bIrBP8dyAnPVL +pMY+VDdar+L6YeVJCk3lw5GwvVKVDGLqM/t658TkYRlwJDW1smn+lNpZvAEI6lEK +81RaXXbtkrvvYGFqVebICYtUjoaV4hbzvYdiCKMZAoGBAIFv6AMnXaWHoO4Qpnch +FCSBNckhzajPmmZ1fskWR95d9ArmrJUaA0KKMqno767zVkrDzm2fw4+q12Ba1xRe +J2KW1M12IPfZtNwSfQPYs4wej0VGScbOWve9qpA3WrLv08W63MXz7XRpeg5ZnzG/ +3bZZLfqZIBdQR9/f9ibP1h98 +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/testclient.crt b/configs/open5gs/tls/testclient.crt new file mode 100644 index 000000000..482bfc7ab --- /dev/null +++ b/configs/open5gs/tls/testclient.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYjCCAkqgAwIBAgIBDzANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMFExCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxHzAd +BgNVBAMMFnRlc3RjbGllbnQubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC/2SPBDa9KE9rRuKHp2ZNNm8X+Jgl34tocbcYiWm3I7+je +NPOiUIB6TpuP0gkwbzfhqbRdO59EmAsGjtjonwC2mTxDLWflfAUVUEGUml3b9ESf +ZUtMWh1qBBme99DL9kqqNWaXVL9xAX/yLWbdXxfc/+Zuc3j/uRVOzqGLROqfw/k7 +iKmfZvBjVrtxR/xyRa3LfjuTPnM30UA7sk0jrZH9feOCEbNeYGa12TloDh05RzU9 +RgkBL1AH7Zvha3iNlXwQLkgEpnJEeegQ/iS9pPEwgqsquBRoQTClzVGzbs5Ttpzi +ZL5q/Hf7sGE2x00v3XKNDvUPg9k7RvVZoG/fUy+VAgMBAAGjTTBLMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFEegxvp7oDrpJfd4LDD4LSGouPVnMB8GA1UdIwQYMBaAFLFq ++pyZvAQqQohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQAPDVSwdX8u25Pd +a7UNANFAf87AurQKsaeLpKu1AfZZakgu+XQ9W/5fJXCSvuVc3g+JAwxVKZfO3yae +C7vcLSughlUGbjJyVV4wn9xzbKISWwAXmBEt+pP+vJAcyCyRD2uXZjO89sCFxHmD +/Oh84m/ygiUAx+u2to55HPjNTZs9wphdyDws1lPUwxj01B84r6QPgTKBpnhOAr96 +xUYNZKAt1ycRXcoi7RNieEZP/r0j92RVA57twMGSDHpCgb7YnCXAS9ptlpHySbOK +akfqFx04eVilqKGee4NeM4rt7363Fr61H+bjkYjvS//ZS/L5ZrbNAMWmkr94Xkcj +m1BG0Bwg +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/testclient.csr b/configs/open5gs/tls/testclient.csr new file mode 100644 index 000000000..18eb9b4bd --- /dev/null +++ b/configs/open5gs/tls/testclient.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICljCCAX4CAQAwUTEfMB0GA1UEAwwWdGVzdGNsaWVudC5sb2NhbGRvbWFpbjEL +MAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/ZI8ENr0oT2tG4oenZk02b +xf4mCXfi2hxtxiJabcjv6N4086JQgHpOm4/SCTBvN+GptF07n0SYCwaO2OifALaZ +PEMtZ+V8BRVQQZSaXdv0RJ9lS0xaHWoEGZ730Mv2Sqo1ZpdUv3EBf/ItZt1fF9z/ +5m5zeP+5FU7OoYtE6p/D+TuIqZ9m8GNWu3FH/HJFrct+O5M+czfRQDuyTSOtkf19 +44IRs15gZrXZOWgOHTlHNT1GCQEvUAftm+FreI2VfBAuSASmckR56BD+JL2k8TCC +qyq4FGhBMKXNUbNuzlO2nOJkvmr8d/uwYTbHTS/dco0O9Q+D2TtG9Vmgb99TL5UC +AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAdqoupSBRB+iFdX3ULgt1sTfqxio9d +X2avV8mhQt8Ivrgw3/+iggz0y54JS+yL+tfzFu2upxmeemnImkKremt/zwQDhKJC +2yLtDBDCWIwrdQyoC8V5irUEZNwFjZn/VrZty7lFsAA46HOXPysPJuYEXMQ1JYoV +VB7N7JdfaFDGDLe7lKsOA/zK3QF1yRvFqdaNyeVP7SZ68K6JzzuP1eakp6BO0pBF +X8xQc3LlMcMSP+G+IjN5LFp+gRMpxv6BkLHFn3ahN9aUPOJb4np/uEg5Mo6fT+gc +qNW1NZ9ZkYPWfTV7SmgWfar+tKXjG7TQyLQfTDqMD+VbSZtWQFGLp5T5 +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/testclient.key b/configs/open5gs/tls/testclient.key new file mode 100644 index 000000000..b94d56a87 --- /dev/null +++ b/configs/open5gs/tls/testclient.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC/2SPBDa9KE9rR +uKHp2ZNNm8X+Jgl34tocbcYiWm3I7+jeNPOiUIB6TpuP0gkwbzfhqbRdO59EmAsG +jtjonwC2mTxDLWflfAUVUEGUml3b9ESfZUtMWh1qBBme99DL9kqqNWaXVL9xAX/y +LWbdXxfc/+Zuc3j/uRVOzqGLROqfw/k7iKmfZvBjVrtxR/xyRa3LfjuTPnM30UA7 +sk0jrZH9feOCEbNeYGa12TloDh05RzU9RgkBL1AH7Zvha3iNlXwQLkgEpnJEeegQ +/iS9pPEwgqsquBRoQTClzVGzbs5TtpziZL5q/Hf7sGE2x00v3XKNDvUPg9k7RvVZ +oG/fUy+VAgMBAAECggEABEzMuJsYKp/4d7AR+aYYX1+xB8yDSfuHbyYwZUeOGOLJ +tHtO2lHqw0hc7mkN2YGl/hSZ7Ty0yeqM1WGLxTuqc4Kf6hM2i4X6A4Yy5hlcpl1a +prue56/zDf6CstWz9B0J2OKisUcjawLBLaTXXqRZlP5BBF4/CspI9Y/Q6Uh1ks2d +dkGob3+leeDCLtggVbIE7FqdjmLI4gD9cVYvH39cTvFd3uXYRyjDtGUdbAH5MYsy +/ji8Y7ZkR+Phas0xYiJBRSKIxsdZzDDRbVDaQJM8DgUOQawtE7aQs+s8+rddR0xH +WFdQIM51vTNYENVA0BzNY3Es7roBDaeaZbD53y30kQKBgQDLDq2c5OuxS66NaHGH +UShytecC9ugeKYVALzDen/CM7Wvf/3hJw/bXrzEm+FO0h/Xz7rHBtSfOzwHbQmM/ +FZ4TxGohDhPgqR0bP0vqR9sKE9Kc4K2eRjjncd7wiVBstHMKZysyD3IQtNDJqzqw +umVFyVy1lWBGLXM+l0IuTjNwRQKBgQDx3kse4lkIxYCFW+ZjJtUs2DzyOy0Ga7BD +UkRw/tbyzD7kzj3xp9MJAeUz8vaZ+zcqQgjsfhmLMbflCuuNdREWLA17Cpejekmf +nTu8hxpEEvtESkj0aq55iessUpfLxdPZepKfz/UkDNa+mJus4QILDp/tUnGSvGIA +v0DV8AT/EQKBgCSR6SyXgec1ZSNsiv2+3RUDs64x/43nFmt/1EJT9cO7wrDd1rEa +TOt9TtHg6VpbHi2ncHYdhSTW3VO6uhsTbpvKxP5dBbFxY5+Tn7164XUIKuc8A6i8 +puTv+iHB6S0atplKCVqDs5xUpEGdx/0qJLET2dGOLH+XEelU3oNubA8tAoGAbqs7 +Diede5D7LIoPUcD7+6f5wxBmmrB9l2A2JsnESpZAFOt1lnQm8NEoMevzACPdav2K +HcPZJkKalTe47iHpro57oJgJKGkU9O653Zqn3wwcYnPnC8cgjEYaEE6+XCPpunIG +Uw+RaGxjehRT7veJust3S9zUUMLXyOW54eoQLzECgYBBTcFVoDIqJY5MSOuQTYri +lro7YcXk0kvahCSgXzdecU+ajG6+ppHvIje/h7nBZizFfsGsZQj3j9hrmxXxJn4H +4gSLHSycFGY65G6tBC4eNKi6umBi8rgw+kQ0PtY23ZDoRTdePXYT4OzQaGiGzZhO +4su2WwkXmgev/Rcan3hj1w== +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/testserver.crt b/configs/open5gs/tls/testserver.crt new file mode 100644 index 000000000..ab389a785 --- /dev/null +++ b/configs/open5gs/tls/testserver.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYjCCAkqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMFExCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxHzAd +BgNVBAMMFnRlc3RzZXJ2ZXIubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDK/mRxA7vFDetSR7J58pT+deCpXdjH6rFyebKsPRklq6aq +P8eLMj3CYG641BHNFoMygnK1SEuPXxoLqVYFOf1aZh+9OdvLPjKB37ZfikzXR5az +PRvGKOO9bM+lgviZvmgnE2sEVYtoBJAeK+ZXQkPUQ+Q3QBsdyZXFKu4uQZukW7UO +sp+IGQ5guCi+MAkppB/T6WbuTl7Hr7wjLd/eFK5rHik57D0N1f1fX7G5+K1jfFu9 +OsVYDsp3f7LB1QjZntAfE7dnddmAXdDz3FCPm7keLSrdsYSY9Q5tVqBl5yRzMcq2 +C4DQX7JcqWCfpGjm8Gnc4gmDyKV4zZPaQXiXr6TzAgMBAAGjTTBLMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFNNWx1Ixb8nBttAAziCdNf5iUfGCMB8GA1UdIwQYMBaAFLFq ++pyZvAQqQohl136+YHCiDtpAMA0GCSqGSIb3DQEBCwUAA4IBAQDeFTLtNW8hPvUB +QOBVZU4kyzOw3v7Y74lug88I92XMagWVV71lLGCzHcQodI7p0ih/3uK9CO+yuhU9 +Wkmimb3oh44wao6+R9qtYF/OdbKLvRZ9y3Fd5y5RiYJNFCuBPLGf/0UwIifP0tcI +bivpNkB5WByebbhzo7zZXz+pgMMDkLtBfvwNF9JYM6WAdEw/3cYaN6jwtwvA9/2O +wQ08z1BtuA0Cxjy+7DgFl9b7EQE4q85+TNCyl59x0vO2M9lo01C/APQ8HmCRc8Ax +YCY7zYz5AqnO3HPnQ6plYbIw1xaLEwNYDZ6sxIpCRP+g+ZDG6A3YW76n019lEm75 +02901MR9 +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/testserver.csr b/configs/open5gs/tls/testserver.csr new file mode 100644 index 000000000..35b14091e --- /dev/null +++ b/configs/open5gs/tls/testserver.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICljCCAX4CAQAwUTEfMB0GA1UEAwwWdGVzdHNlcnZlci5sb2NhbGRvbWFpbjEL +MAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQKDAhOZW9QbGFuZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMr+ZHEDu8UN61JHsnnylP51 +4Kld2MfqsXJ5sqw9GSWrpqo/x4syPcJgbrjUEc0WgzKCcrVIS49fGgupVgU5/Vpm +H70528s+MoHftl+KTNdHlrM9G8Yo471sz6WC+Jm+aCcTawRVi2gEkB4r5ldCQ9RD +5DdAGx3JlcUq7i5Bm6RbtQ6yn4gZDmC4KL4wCSmkH9PpZu5OXsevvCMt394Urmse +KTnsPQ3V/V9fsbn4rWN8W706xVgOynd/ssHVCNme0B8Tt2d12YBd0PPcUI+buR4t +Kt2xhJj1Dm1WoGXnJHMxyrYLgNBfslypYJ+kaObwadziCYPIpXjNk9pBeJevpPMC +AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQACkHItCrvQWANviVk27ntZE/Ze1/NF +W8jPeJG3V9Zemwp2QWE530gdhNy717kGJzW0Udvx57By4tS1bORlKDL7ikpPaIm3 +q2YLXzusJ3JXyD2aYoaY+uP6+gt1541aLep8eSQPgG0jJlo8VbbsrPrXj9T15Nsb +MhDlKDLZhW+JCwp53/IB8Az3s6oCUelwENOTDkmuaksTbo9NX9TJ68ByAtSqroT3 +/jHqvSpD+VVnQcWn6XE6lLNyXcFcQ/jQLKLVbdV+CLPrUORNCyB5Vy7Qxm49g4lB +H9Cx2fPDBpYw7BlFIrNU9bxLAem2lE2x+H5NbbFoMfi8Bq3q+2MWZg+a +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/testserver.key b/configs/open5gs/tls/testserver.key new file mode 100644 index 000000000..cbfeacaf6 --- /dev/null +++ b/configs/open5gs/tls/testserver.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDK/mRxA7vFDetS +R7J58pT+deCpXdjH6rFyebKsPRklq6aqP8eLMj3CYG641BHNFoMygnK1SEuPXxoL +qVYFOf1aZh+9OdvLPjKB37ZfikzXR5azPRvGKOO9bM+lgviZvmgnE2sEVYtoBJAe +K+ZXQkPUQ+Q3QBsdyZXFKu4uQZukW7UOsp+IGQ5guCi+MAkppB/T6WbuTl7Hr7wj +Ld/eFK5rHik57D0N1f1fX7G5+K1jfFu9OsVYDsp3f7LB1QjZntAfE7dnddmAXdDz +3FCPm7keLSrdsYSY9Q5tVqBl5yRzMcq2C4DQX7JcqWCfpGjm8Gnc4gmDyKV4zZPa +QXiXr6TzAgMBAAECggEAGwG1EkDJaAJIkcCpMvE+YmEDcUpjj4F0Ie36rVCkT683 +yW8ag189TpGELuyZVlxNkILrc56OiEts9yqMdRM4gkuToxoXWcHIzXTv2g6Cgk0W +HyWc/tms0aRa4e3RWP8MnfpG4s47cazTEbiMeNp/lLYtntjVYrqm8D2cb6SvP4fu +kvi7bKLhcd4l9v42oZKF5wZjynUEh+424TNxqI8OTcnT15xoOjauM9aQnbFYB0ON +tOJ5cO8Pmjbo1wfFsSntC7NrIspaTrlseOl/bK3LadLlb9UHW3GRVwIcIzEYPabU +PZcTKjzk1nAu1fpHgoCuMequxDaXSSWyDLMqwLfqoQKBgQDtcOHFJHO63SIOrwlG +OjZiMxKekjVqtbdiN+7h3FBR0+M7EZnyFO7zsfmDaN3k4m3a6idlnn9HvsEilf+K +Cc+8I0dCeBbZOs/TqVN8ZHB6MqUmtMdGIc1Fau1HYis+d4g1pbQ9tpG0OVa806rR +AkBwD+/Vm6+8uZKilq+oijSpEwKBgQDa3Dt9LFYOG6gnWHlq7uLIWnA4wHKmgEGL +AykaZgW2bxIhQa1C+460OQaCwBbBG2NlN7Lt8MXsr48epnSKROfCYIBuqlH3i2CN +ka+W7pEtnkeEnZSUMb/IF5T868xbYkzXFqJkr17o2MBMbLiM2G79dT/j83MJVc1A +FecQByNwoQKBgArrdBai9IeVf+l49045gyLFAog0ZSyBKuvjcqMEhNUej4a56oCN +oeenObhnbD0IhNDaj/FGdsgP58X1bAknJlyaqr5N048t+zzavrIr1FhqV9oN2lRJ +Xa1hm4P66c43pRYChuWHre/B61FH0sVF+zysHvWN8WkWh73efDmeEYntAoGAMcq1 +Bg9WLLOCGCF6zic3FRnuOhseel7ninbXnRfk6NJwL3y/rGOK3dmzb3/ALYLLpDV9 +0cBbZzOxvelkzihLCd/mmEbLiyP8fXjNl+sCwHwoDTXEncqLtTwYO0pyHcBJdw3B +OGLlltfpN/nsKq764VMRjAzQ+Si6H4BcJztYhsECgYEAnql7JlJlg/jUOS3hU/sM +iZ1EY7K8DFjaIOitcPcjbZqH4Ha9922MSGW4hCKMo3ncDdaDKDvrfYd9pgtrSvHd +vH1vXcVrdzuLPVzvCxlRxQbSZpK6RZT+OF1OTvg9zMu2hemMwyKNxrRmjADwuU/E +f7etkEMnboFO//fGoMXU5cc= +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/udm.crt b/configs/open5gs/tls/udm.crt new file mode 100644 index 000000000..3e7845a93 --- /dev/null +++ b/configs/open5gs/tls/udm.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjdaFw0zMjExMDgyMzM3MjdaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD3VkbS5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMnNHwgMDlTfi2x5QMvhdhGzOxCZvboqcrkHrTGkRJtUrxNjddjhSkm3 +KeRKEdcDq/t126t2CAxiYiRprKr9II1o6rq2JUZz7VU0aC9wWnZyWhIf4VIzyhz5 +G5s5cWT7IoJZ/cjmoS89e5cPv34G0jLaqz2m/Kl2zqmVozQRdDuO7Hreh9KgPs92 +kqA6XYy1z+hxUILAjpdVoTwgJm0UchF9Ibgc5+ab1XuaaYzxlYAzwcWcCibFzgGO +I6+MdTpJISJBHRzkLOsmFyJ2XpH53aRPN51yQDRnPTDfJj4og6FyFWjtIfCeBHBf +3taz6SPFPHIZhR8OIMt25T4r2bXmS68CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQUfzKzBycjEgN97TEqC+0iKaWBdVIwHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBACQXPgeUMGyWGbGPwr/cg0lC +SPiIL1s7oZQoNisbTtTqnBHo36xLTGb051o9ZTwd2xTRNJ4ue9/rDnMTK//9+6V5 +FKDOYFqikSmCtzuJFB5Q24KxdUM679feAy7v7BWTGd7LoN0dOgPCHqPT7/daxgYW +Xaip1lslx5TYNTnhrJAoVfj0VGrSrTqQqCNf3ifQDI0HRuheKC2WM6Ep7E8MyjiT +kzfsznaWul06geQn7vT4MMTHUNUI49Y2uCCgosD8Xi23Oi8qSiguCeSLcg2ns0p6 +eELtPm1xcTWoJHomDNf150ZW5swFDfE9asAWGeYqONShUp5Zim1agcuGTpp9uaQ= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/udm.csr b/configs/open5gs/tls/udm.csr new file mode 100644 index 000000000..1c11859b4 --- /dev/null +++ b/configs/open5gs/tls/udm.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPdWRtLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc0fCAwOVN+LbHlAy+F2EbM7EJm9uipy +uQetMaREm1SvE2N12OFKSbcp5EoR1wOr+3Xbq3YIDGJiJGmsqv0gjWjqurYlRnPt +VTRoL3BadnJaEh/hUjPKHPkbmzlxZPsigln9yOahLz17lw+/fgbSMtqrPab8qXbO +qZWjNBF0O47set6H0qA+z3aSoDpdjLXP6HFQgsCOl1WhPCAmbRRyEX0huBzn5pvV +e5ppjPGVgDPBxZwKJsXOAY4jr4x1OkkhIkEdHOQs6yYXInZekfndpE83nXJANGc9 +MN8mPiiDoXIVaO0h8J4EcF/e1rPpI8U8chmFHw4gy3blPivZteZLrwIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAMN+RIzcc2m7iImxiGpwIitwP8l7XLVYdZhMm90/ +SEDHmmlxebl8Re/nrt/17xKTH7xM+vjvWqieal6MT476Ye3cvk/obR7mv6f5UPoq +nmOCr9Ov3SaUy0WKEqEShs171NM6+DOLoXaN8oBWYkL8mGL4tP7lKcBTmNlM5Vuu +Y42XzLa2NO4nkm3cVTJma/hvMw9zNDwbBeH7qgfWDAL4LAC9Ea6RrYgLvgEiiJHm +J6CkrntvPfemwMguWtt3Roq0MkR3J4vyHgyfIHpJIEM1GLJhXSaEZ3cUPELrIyVs +ro8vAXGEXaxriKCCQ0BWiCPUN08Tisc9k5AKEe8Yst2M2Qg= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/udm.key b/configs/open5gs/tls/udm.key new file mode 100644 index 000000000..0280c4205 --- /dev/null +++ b/configs/open5gs/tls/udm.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJzR8IDA5U34ts +eUDL4XYRszsQmb26KnK5B60xpESbVK8TY3XY4UpJtynkShHXA6v7ddurdggMYmIk +aayq/SCNaOq6tiVGc+1VNGgvcFp2cloSH+FSM8oc+RubOXFk+yKCWf3I5qEvPXuX +D79+BtIy2qs9pvypds6plaM0EXQ7jux63ofSoD7PdpKgOl2Mtc/ocVCCwI6XVaE8 +ICZtFHIRfSG4HOfmm9V7mmmM8ZWAM8HFnAomxc4BjiOvjHU6SSEiQR0c5CzrJhci +dl6R+d2kTzedckA0Zz0w3yY+KIOhchVo7SHwngRwX97Ws+kjxTxyGYUfDiDLduU+ +K9m15kuvAgMBAAECggEAGPA7bIAo6T4y+bXGVyvGrotKulN1ieMjCFC1i5P0UonV +lPzOnH3C83cqOycYK00t3MaE3hyZBAbIgB17FCpx8mfL0kUeOCWtZ8ExOuOUmlyp +WuILs1/pE0mJqtYfeE48xoUegsxVkQP1GQb+MDHhmh1B2j2frcWb5oMyhwW9KnrX +8yoMUq0J41keGbM4nd6hYY/0mqQL4BffJd/UdLOGL5SupAYTzyELuycktMBbt8EG +CIlIOsd5ZfD5aLHiM0ZUGnK7URQBIpf//tBw6SBeYmc02CmfaLvqRLvnH9oE47/9 +0vFLDGifUY9vRuX4rBlghmy+/jzCBMRW6Rlbj8LyGQKBgQDb2UXmQ7NiMAuNTb2+ +4498QIi1ReQyyg1ONtMoZ9vXc9CwtFVdLk6JTru2VRvXIwpCWHZGsS9vWtuIk+1p +QqZYT8lRqX4TEDIjC4MG2XdGCnox4FuKPqyjESwd0O45xqfv45Nbx2NAsNOgm/xg +oJULFMuVVHMztOcH+6fQamRJxQKBgQDq/B++VMDoXnYyNmhxfSR0NPfeQuCkHlXo +kfX2cve27yI9mLKXKtNKtwlAAdhSGZ9Hbe2B1mINLpqajKUuoyD0eyNPzZGWiINH +7BM+oxIMbzRo+o2a7Eyaa12RLJ1b2O2wOPriddwa0ycx3BqTy2mzgRvSzoA9fAPY +6mHAXp164wKBgE6YJSIFj+qJLIgOg8frSE9uLrFHVCZID2uns+NdBb3HXJLfVSkj +tdXmfLrZQEOv9inzwAzTqRaRD6yK3bPkrN0jYOA9zKF6B8J5ihT3x2kVs8uC3pbU +gxkkuXXLTG8BMuZSoEqORFBLJszjFt1gawf0Hje7YhfZE0LKV5rtff7VAoGAMIMg +opCoytBFopQs99EYJ42P5qjz663/mmYX22tczL2N2h2eMSs8N96V4EsBN+HmSj7d +m8KAt6v5axLCP2CaOx746U7NUcCZKc4JIxNTdJG4xjuD5IoIPpEP3hrR2dZtK8Z3 +tS0T5c3V96szKXQDPHXZIqpTO15RBQVObQKbjHUCgYEAo6smzS8yppgd4zQaPkIK +7gRdfvIxXwcmWeVG5GeFIHmSpBsdPVgcwhbsdHoFWLBu1kU4pXsi6Mm8RQqW8GQv +TqLtQg+8UZwOUcZpwK3ubEJpPst8meVfi5KPQYgeqNHcBjOhllQWobdI1Zh6i76r +BDBpY0brm19iZHspDFURjjY= +-----END PRIVATE KEY----- diff --git a/configs/open5gs/tls/udr.crt b/configs/open5gs/tls/udr.crt new file mode 100644 index 000000000..7e8229f50 --- /dev/null +++ b/configs/open5gs/tls/udr.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAkOgAwIBAgIBDTANBgkqhkiG9w0BAQsFADBJMRcwFQYDVQQDDA5jYS5s +b2NhbGRvbWFpbjELMAkGA1UEBhMCS08xDjAMBgNVBAgMBVNlb3VsMREwDwYDVQQK +DAhOZW9QbGFuZTAeFw0yMjExMTEyMzM3MjhaFw0zMjExMDgyMzM3MjhaMEoxCzAJ +BgNVBAYTAktPMQ4wDAYDVQQIDAVTZW91bDERMA8GA1UECgwITmVvUGxhbmUxGDAW +BgNVBAMMD3Vkci5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALS3q+2uJj5htQxIoV5PjCbuUbETFbWunNBpU3n/bs5wtcl1jf/Ez8f+ +4nhN+liNHvInFyxflA9Qu2eL9/+HbZxMXlyFwcHZo82SMa+CQEoFcZQUxtPa7Zo0 +WovYJJH+XMqdFFPMQgq3VRsRkbSJJIRID0Lx1jx3RSIMMCcWTOyrGgIDOySSkNGo +8CuJ3VzsH5Httj1crrZhypGrY4rgoYO2gsc9KtI4r3hS7hHTjD1C3lDLKJj035Xu +t8g0rDe4S5DqKJ7WF+z7nIplVuVmj6HWFhW8H16fxNMohmjkHMLL7QIkyCZOYkWY +rbymCPQGYuBRKajTAoI80yj237vxiFkCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQUoc0vMqJQ773qf3xn5qGb3YTTtDUwHwYDVR0jBBgwFoAUsWr6nJm8BCpC +iGXXfr5gcKIO2kAwDQYJKoZIhvcNAQELBQADggEBAFbO+6lgHIhX9tcNDspiO/2d +BwBVruQuslYNVmKN53IS+Dr1fku49/WDo5WVd59JVV5OStLdXMZoj6103ie12GQ0 +2fTelMDLk/GRBv80OpD8vPnUKRI/uNDjGjAgle6ruMX7LZHmPfoIM4s1yIfYMEOt +R9F6BmZbRAPQX6OgHsTp6+uaCRIk6nBVJP+eIdVU+IAON7gzJIsiJesm78u+Jmvm +SdOkSsoW/mHgoDtC5EgwMHYOfuHZPPBZOa5HOFvQPhi7lgFNUVUim2iNBxYoDecF +J2i3J07fE7mvETfmfiTUfWPqGHSJG9C8zuKvHRWW0rky9Vjjcux69QyUANnyYZU= +-----END CERTIFICATE----- diff --git a/configs/open5gs/tls/udr.csr b/configs/open5gs/tls/udr.csr new file mode 100644 index 000000000..ae6a90a09 --- /dev/null +++ b/configs/open5gs/tls/udr.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjzCCAXcCAQAwSjEYMBYGA1UEAwwPdWRyLmxvY2FsZG9tYWluMQswCQYDVQQG +EwJLTzEOMAwGA1UECAwFU2VvdWwxETAPBgNVBAoMCE5lb1BsYW5lMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLer7a4mPmG1DEihXk+MJu5RsRMVta6c +0GlTef9uznC1yXWN/8TPx/7ieE36WI0e8icXLF+UD1C7Z4v3/4dtnExeXIXBwdmj +zZIxr4JASgVxlBTG09rtmjRai9gkkf5cyp0UU8xCCrdVGxGRtIkkhEgPQvHWPHdF +IgwwJxZM7KsaAgM7JJKQ0ajwK4ndXOwfke22PVyutmHKkatjiuChg7aCxz0q0jiv +eFLuEdOMPULeUMsomPTfle63yDSsN7hLkOoontYX7PucimVW5WaPodYWFbwfXp/E +0yiGaOQcwsvtAiTIJk5iRZitvKYI9AZi4FEpqNMCgjzTKPbfu/GIWQIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAHSvfRFofc40z1H15RtNFs1aISVznyWYueOMcxlN +kJ6V6SzEhGhDCssGfP3o4/ruO/EKtj01YXJOQHfdU/tNv2ukDlJTOLXx7f3CTrOZ +U28esxISCbfrMcjHUe46cRc4fO6wW1GyZAB4engShdQLzTCPi+EMp6sodQt1aVV1 +wCs2t7FI35gXoxydTn/AGzW86nmy61XHNHxhSZPAH1cE+ynfN6PI1ApCX71HgsyN +3bWt1D+hFQ4Q1t0p2W2x3jyXS/1O/7Uxr7Og8Zwvziwb+WvZRSed1dyaR/kdo7pW +aMLhY/WGaSYY72mV+fXAhhwVW7A0u8EvrRmzpu/pjonsoVE= +-----END CERTIFICATE REQUEST----- diff --git a/configs/open5gs/tls/udr.key b/configs/open5gs/tls/udr.key new file mode 100644 index 000000000..c6fe8e1ba --- /dev/null +++ b/configs/open5gs/tls/udr.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0t6vtriY+YbUM +SKFeT4wm7lGxExW1rpzQaVN5/27OcLXJdY3/xM/H/uJ4TfpYjR7yJxcsX5QPULtn +i/f/h22cTF5chcHB2aPNkjGvgkBKBXGUFMbT2u2aNFqL2CSR/lzKnRRTzEIKt1Ub +EZG0iSSESA9C8dY8d0UiDDAnFkzsqxoCAzskkpDRqPArid1c7B+R7bY9XK62YcqR +q2OK4KGDtoLHPSrSOK94Uu4R04w9Qt5QyyiY9N+V7rfINKw3uEuQ6iie1hfs+5yK +ZVblZo+h1hYVvB9en8TTKIZo5BzCy+0CJMgmTmJFmK28pgj0BmLgUSmo0wKCPNMo +9t+78YhZAgMBAAECggEADdVR7jKSl5uZ1OAB5zLaYPgE7ZOvCZ5dP1hSpR/sAtYu +miZbGWkeuRnOCuS4LTtXMzTSEanazu3QfJmCoS8kES7o2bb86QpwfxnJ3xwOsQPX +6PyKqDilz7QierovuXOxtWo+/jegVgro0za98yZ80rnj3i1eJ3h/RJ8PeAx9VK/W +nsE/aoR/AiNmdwyZRStVdsvW98GNdONc8la2Cs9fC71tbeKnL/QFSmgZpVGz606u +Y3ykNxPgcePFscS+6UR+ML5L34HtZfQV4KCAnEWUO1tXYoLDKM+h7sp03rNoGdQK +/L3xNd1jI0gcm/t0LFhBuKGrKo1pKwrONwm6LMbRkQKBgQDAep8a46jKwQbbVNnp +qSxy9l3it/TjbYuLSAuRlz8YXaJSvF/EMmTYtYQ1G4T2exkBN11UeP/tdywD+J/p +4jEI9UZz9QCjXFyleDZZfScs7SuRfKlZ6ygY+cbKb8T75rO/J/StU4VgNPtKjxzv +OZEpJwCLsZLkOj7mmqlfwSwaiQKBgQDwW2P9XF2XkcoGyEffQDX0qylekUZ8Zqq9 +UnuWmjLJxD+rbJcQiyMIKxzY5gKw1FtquBMKryfuKHiDRCTO/Sr5V4VjRG13etAN +WqPWUrjmvlutMZhvwS876wS15hyHkL9Jjbj6F0TvYRIMXTa6yLFMLVNBZFSJzfRH +aRxnfb9LUQKBgF2S/4i+BxBTGTdGIA6lrTNSrMAM+KQcXIvhAabNJeJ9mu2oINKs +QTTNwjFjaJe/rp9VwCzSCnHyztY7Z9r3mSkmvRKgmKfSvkO/loSZAJOp1dWMCnTp +ivvhapB+GADy3o3fKeedxCjKeSR9QO7YSMb97Bj9wlDsNCo+JHul2QApAoGAb5/B +3BRdUtreHDA/UKsdY7dpywVk2rlDahE4XETYeWOuvgn8Ti6P4mdDSmfnr/+vROyf +y0J1JOGetjebcJWas5m11NgejnJ21PzXQd3BCUg2g0SZKq1pJkaLNX7cmQjcDWjI +Ez1jQliubReNJ0m1LU+PbrsNl8ISRGfITTfU80ECgYEAjzlKdEB0GUyDev9yuJWb +xLPgbtQmIFJ0wcr55R1BrLlOw5nhJvHYUuAqNVwbZyDOcZT6RdC2k1uyybAupPFF +ZRFFBnGQGGXj2fiPvFyJCVcbT6QhtkvXqBRwbRakJY1FMWCw079VzcoRtt+mcgFu +u179+NNjjTx63C4ZElNl654= +-----END PRIVATE KEY----- diff --git a/configs/open5gs/udm.yaml.in b/configs/open5gs/udm.yaml.in index fef01c571..2069dfd92 100644 --- a/configs/open5gs/udm.yaml.in +++ b/configs/open5gs/udm.yaml.in @@ -21,6 +21,44 @@ logger: file: @localstatedir@/log/open5gs/udm.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/udm.key +# cert: /etc/open5gs/tls/udm.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/udm.key +# cert: /etc/open5gs/tls/udm.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/udm.key + cert: @sysconfdir@/open5gs/tls/udm.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/udm.key + cert: @sysconfdir@/open5gs/tls/udm.crt + # # udm: # @@ -29,7 +67,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -37,20 +75,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/udm.key +# cert: /etc/open5gs/tls/udm.crt +# udm: # sbi: -# - tls: -# key: udm.key -# pem: udm.pem # -# o SBI Server(https://127.0.0.12:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/udm.key +# cert: /etc/open5gs/tls/udm.crt +# udm: # sbi: -# - addr: 127.0.0.12 -# tls: -# key: udm.key -# pem: udm.pem +# - addr: 127.0.0.5 # - addr: ::1 # -# o SBI Server(http://udm.open5gs.org:80) +# o SBI Server(https://udm.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# udm: # sbi: # - name: udm.open5gs.org # @@ -163,10 +212,18 @@ udm: # sbi: # - addr: 127.0.1.10 # tls: -# key: scp.key -# pem: scp.pem +# key: /etc/open5gs/tls/udm.key +# cert: /etc/open5gs/tls/udm.crt # - name: scp.open5gs.org # +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify peer +# +# sbi: +# - name: scp.open5gs.org +# tls: +# cacert: /etc/open5gs/tls/ca.crt +# # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) # If prefer_ipv4 is true, http://127.0.1.10:80 is selected. # @@ -203,12 +260,24 @@ scp: # addr: 127.0.0.10 # port: 7777 # -# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80) +# o SBI Client(https://127.0.0.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/udm.key +# cert: /etc/open5gs/tls/udm.crt +# nrf: # sbi: # - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: ::1 +# +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: +# sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) diff --git a/configs/open5gs/udr.yaml.in b/configs/open5gs/udr.yaml.in index d8943d00a..32c648395 100644 --- a/configs/open5gs/udr.yaml.in +++ b/configs/open5gs/udr.yaml.in @@ -23,6 +23,44 @@ db_uri: mongodb://localhost/open5gs logger: file: @localstatedir@/log/open5gs/udr.log +# +# tls: +# enabled: auto|yes|no +# - auto: Default. Use TLS only if key/cert is available +# - yes: Use TLS always; +# reject if no key/cert available +# - no: Don't use TLS if there is an key/cert available +# +# o Server-side Key and Certficiate +# server: +# key: /etc/open5gs/tls/udr.key +# cert: /etc/open5gs/tls/udr.crt +# +# o Client-side does not use TLS +# client: +# enabled: no +# key: /etc/open5gs/tls/udr.key +# cert: /etc/open5gs/tls/udr.crt +# +# o Use the specified certificate to verify client +# server +# cacert: /etc/open5gs/tls/ca.crt +# +# o Use the specified certificate to verify server +# client +# cacert: /etc/open5gs/tls/ca.crt +# +tls: + enabled: no + server: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/udr.key + cert: @sysconfdir@/open5gs/tls/udr.crt + client: + cacert: @sysconfdir@/open5gs/tls/ca.crt + key: @sysconfdir@/open5gs/tls/udr.key + cert: @sysconfdir@/open5gs/tls/udr.crt + # # udr: # @@ -31,7 +69,7 @@ logger: # o SBI Server(http://:80) # sbi: # -# o SBI Server(http://:80) +# o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 @@ -39,20 +77,31 @@ logger: # port: 7777 # # o SBI Server(https://:443) +# tls: +# server: +# key: /etc/open5gs/tls/udr.key +# cert: /etc/open5gs/tls/udr.crt +# udr: # sbi: -# - tls: -# key: udr.key -# pem: udr.pem # -# o SBI Server(https://127.0.0.20:443, http://[::1]:80) +# o SBI Server(http://127.0.0.5:80, http://[::1]:80) +# tls: +# enabled: no +# server: +# key: /etc/open5gs/tls/udr.key +# cert: /etc/open5gs/tls/udr.crt +# udr: # sbi: -# - addr: 127.0.0.20 -# tls: -# key: udr.key -# pem: udr.pem +# - addr: 127.0.0.5 # - addr: ::1 # -# o SBI Server(http://udr.open5gs.org:80) +# o SBI Server(https://udr.open5gs.org:443) +# Use the specified certificate to verify client +# +# tls: +# server: +# cacert: /etc/open5gs/tls/ca.crt +# udr: # sbi: # - name: udr.open5gs.org # @@ -148,6 +197,9 @@ udr: sbi: - addr: 127.0.0.20 port: 7777 + tls: + key: @sysconfdir@/open5gs/tls/udr.key + cert: @sysconfdir@/open5gs/tls/udr.crt # # scp: @@ -163,10 +215,18 @@ udr: # sbi: # - addr: 127.0.1.10 # tls: -# key: scp.key -# pem: scp.pem +# key: /etc/open5gs/tls/udr.key +# cert: /etc/open5gs/tls/udr.crt # - name: scp.open5gs.org # +# o SBI Client(https://scp.open5gs.org:443) +# Use the specified certificate to verify peer +# +# sbi: +# - name: scp.open5gs.org +# tls: +# cacert: /etc/open5gs/tls/ca.crt +# # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) # If prefer_ipv4 is true, http://127.0.1.10:80 is selected. # @@ -203,12 +263,24 @@ scp: # addr: 127.0.0.10 # port: 7777 # -# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80) +# o SBI Client(https://127.0.0.10:443, https://[::1]:443) +# tls: +# client: +# key: /etc/open5gs/tls/udr.key +# cert: /etc/open5gs/tls/udr.crt +# nrf: # sbi: # - addr: 127.0.0.10 -# tls: -# key: nrf.key -# pem: nrf.pem +# - addr: ::1 +# +# o SBI Client(https://nrf.open5gs.org:443) +# Use the specified certificate to verify server +# +# tls: +# client: +# cacert: /etc/open5gs/tls/ca.crt +# nrf: +# sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) diff --git a/configs/sample.yaml.in b/configs/sample.yaml.in index a06017392..05ee07579 100644 --- a/configs/sample.yaml.in +++ b/configs/sample.yaml.in @@ -2,6 +2,17 @@ db_uri: mongodb://localhost/open5gs logger: +tls: + enabled: no + server: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testserver.key + cert: @open5gs_builddir@/configs/open5gs/tls/testserver.crt + client: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testclient.key + cert: @open5gs_builddir@/configs/open5gs/tls/testclient.crt + parameter: # no_nrf: true # no_scp: true @@ -221,45 +232,6 @@ nrf: - ::1 port: 7777 -# -# scp: -# -# > -# -# o SBI Client(http://127.0.1.10:7777) -# sbi: -# addr: 127.0.1.10 -# port: 7777 -# -# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80) -# sbi: -# - addr: 127.0.1.10 -# tls: -# key: scp.key -# pem: scp.pem -# - name: scp.open5gs.org -# -# o SBI Client(http://[fd69:f21d:873c:fb::1]:80) -# If prefer_ipv4 is true, http://127.0.1.10:80 is selected. -# -# sbi: -# addr: -# - 127.0.1.10 -# - fd69:f21d:873c:fb::1 -# -# o SBI Option (Default) -# - tcp_nodelay : true -# - so_linger.l_onoff : false -# -# sbi: -# addr: 127.0.1.10 -# option: -# tcp_nodelay: false -# so_linger: -# l_onoff: true -# l_linger: 10 -# -# scp: sbi: - addr: 127.0.1.10 diff --git a/configs/slice.yaml.in b/configs/slice.yaml.in index 91177cab1..11edcd7fb 100644 --- a/configs/slice.yaml.in +++ b/configs/slice.yaml.in @@ -2,6 +2,17 @@ db_uri: mongodb://localhost/open5gs logger: +tls: + enabled: no + server: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testserver.key + cert: @open5gs_builddir@/configs/open5gs/tls/testserver.crt + client: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testclient.key + cert: @open5gs_builddir@/configs/open5gs/tls/testclient.crt + parameter: # no_nrf: true no_scp: true diff --git a/configs/srslte.yaml.in b/configs/srslte.yaml.in index 7c994d052..5bcf471f8 100644 --- a/configs/srslte.yaml.in +++ b/configs/srslte.yaml.in @@ -2,6 +2,17 @@ db_uri: mongodb://localhost/open5gs logger: +tls: + enabled: no + server: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testserver.key + cert: @open5gs_builddir@/configs/open5gs/tls/testserver.crt + client: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testclient.key + cert: @open5gs_builddir@/configs/open5gs/tls/testclient.crt + parameter: # no_nrf: true # no_scp: true diff --git a/configs/volte.yaml.in b/configs/volte.yaml.in index b5909bfc6..c408ff6ab 100644 --- a/configs/volte.yaml.in +++ b/configs/volte.yaml.in @@ -2,6 +2,17 @@ db_uri: mongodb://localhost/open5gs logger: +tls: + enabled: no + server: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testserver.key + cert: @open5gs_builddir@/configs/open5gs/tls/testserver.crt + client: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testclient.key + cert: @open5gs_builddir@/configs/open5gs/tls/testclient.crt + parameter: # no_nrf: true # no_scp: true diff --git a/configs/vonr.yaml.in b/configs/vonr.yaml.in index 696b6e165..de859b7cc 100644 --- a/configs/vonr.yaml.in +++ b/configs/vonr.yaml.in @@ -2,6 +2,17 @@ db_uri: mongodb://localhost/open5gs logger: +tls: + enabled: no + server: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testserver.key + cert: @open5gs_builddir@/configs/open5gs/tls/testserver.crt + client: + cacert: @open5gs_builddir@/configs/open5gs/tls/ca.crt + key: @open5gs_builddir@/configs/open5gs/tls/testclient.key + cert: @open5gs_builddir@/configs/open5gs/tls/testclient.crt + parameter: # no_nrf: true # no_scp: true diff --git a/debian/open5gs-amf.install b/debian/open5gs-amf.install index 34795b1b8..fd3b77507 100644 --- a/debian/open5gs-amf.install +++ b/debian/open5gs-amf.install @@ -1,3 +1,5 @@ usr/bin/open5gs-amfd configs/open5gs/amf.yaml etc/open5gs +configs/open5gs/tls/amf.key etc/open5gs/tls +configs/open5gs/tls/amf.crt etc/open5gs/tls configs/systemd/open5gs-amfd.service lib/systemd/system diff --git a/debian/open5gs-ausf.install b/debian/open5gs-ausf.install index e8a401dee..4264035c4 100644 --- a/debian/open5gs-ausf.install +++ b/debian/open5gs-ausf.install @@ -1,3 +1,5 @@ usr/bin/open5gs-ausfd configs/open5gs/ausf.yaml etc/open5gs +configs/open5gs/tls/ausf.key etc/open5gs/tls +configs/open5gs/tls/ausf.crt etc/open5gs/tls configs/systemd/open5gs-ausfd.service lib/systemd/system diff --git a/debian/open5gs-bsf.install b/debian/open5gs-bsf.install index 4a870b563..d5b891d01 100644 --- a/debian/open5gs-bsf.install +++ b/debian/open5gs-bsf.install @@ -1,3 +1,5 @@ usr/bin/open5gs-bsfd configs/open5gs/bsf.yaml etc/open5gs +configs/open5gs/tls/bsf.key etc/open5gs/tls +configs/open5gs/tls/bsf.crt etc/open5gs/tls configs/systemd/open5gs-bsfd.service lib/systemd/system diff --git a/debian/open5gs-common.install b/debian/open5gs-common.install index 31606586c..b2464d717 100644 --- a/debian/open5gs-common.install +++ b/debian/open5gs-common.install @@ -1,5 +1,5 @@ usr/lib/*/libogs*.so* usr/lib/*/libfd*.so* usr/lib/*/freeDiameter/*.fdx -configs/freeDiameter/cacert.pem /etc/freeDiameter +configs/open5gs/tls/ca.crt /etc/open5gs/tls configs/logrotate/open5gs /etc/logrotate.d diff --git a/debian/open5gs-hss.install b/debian/open5gs-hss.install index 100258889..653858698 100644 --- a/debian/open5gs-hss.install +++ b/debian/open5gs-hss.install @@ -1,4 +1,6 @@ usr/bin/open5gs-hssd configs/freeDiameter/hss.* etc/freeDiameter configs/open5gs/hss.yaml etc/open5gs +configs/open5gs/tls/hss.key etc/open5gs/tls +configs/open5gs/tls/hss.crt etc/open5gs/tls configs/systemd/open5gs-hssd.service lib/systemd/system diff --git a/debian/open5gs-mme.install b/debian/open5gs-mme.install index 81839cf5f..b5981c388 100644 --- a/debian/open5gs-mme.install +++ b/debian/open5gs-mme.install @@ -1,4 +1,6 @@ usr/bin/open5gs-mmed configs/freeDiameter/mme.* etc/freeDiameter configs/open5gs/mme.yaml etc/open5gs +configs/open5gs/tls/mme.key etc/open5gs/tls +configs/open5gs/tls/mme.crt etc/open5gs/tls configs/systemd/open5gs-mmed.service lib/systemd/system diff --git a/debian/open5gs-nrf.install b/debian/open5gs-nrf.install index 3e9f6b80f..b8738f6e9 100644 --- a/debian/open5gs-nrf.install +++ b/debian/open5gs-nrf.install @@ -1,3 +1,5 @@ usr/bin/open5gs-nrfd configs/open5gs/nrf.yaml etc/open5gs +configs/open5gs/tls/nrf.key etc/open5gs/tls +configs/open5gs/tls/nrf.crt etc/open5gs/tls configs/systemd/open5gs-nrfd.service lib/systemd/system diff --git a/debian/open5gs-nssf.install b/debian/open5gs-nssf.install index 17541af1d..02c09e5fd 100644 --- a/debian/open5gs-nssf.install +++ b/debian/open5gs-nssf.install @@ -1,3 +1,5 @@ usr/bin/open5gs-nssfd configs/open5gs/nssf.yaml etc/open5gs +configs/open5gs/tls/nssf.key etc/open5gs/tls +configs/open5gs/tls/nssf.crt etc/open5gs/tls configs/systemd/open5gs-nssfd.service lib/systemd/system diff --git a/debian/open5gs-pcf.install b/debian/open5gs-pcf.install index 34cd94ba0..2f119105c 100644 --- a/debian/open5gs-pcf.install +++ b/debian/open5gs-pcf.install @@ -1,3 +1,5 @@ usr/bin/open5gs-pcfd configs/open5gs/pcf.yaml etc/open5gs +configs/open5gs/tls/pcf.key etc/open5gs/tls +configs/open5gs/tls/pcf.crt etc/open5gs/tls configs/systemd/open5gs-pcfd.service lib/systemd/system diff --git a/debian/open5gs-pcrf.install b/debian/open5gs-pcrf.install index b8aeac869..4482e31ae 100644 --- a/debian/open5gs-pcrf.install +++ b/debian/open5gs-pcrf.install @@ -1,4 +1,6 @@ usr/bin/open5gs-pcrfd configs/freeDiameter/pcrf.* etc/freeDiameter configs/open5gs/pcrf.yaml etc/open5gs +configs/open5gs/tls/pcrf.key etc/open5gs/tls +configs/open5gs/tls/pcrf.crt etc/open5gs/tls configs/systemd/open5gs-pcrfd.service lib/systemd/system diff --git a/debian/open5gs-scp.install b/debian/open5gs-scp.install index 424f2d956..9f31ece25 100644 --- a/debian/open5gs-scp.install +++ b/debian/open5gs-scp.install @@ -1,3 +1,5 @@ usr/bin/open5gs-scpd configs/open5gs/scp.yaml etc/open5gs +configs/open5gs/tls/scp.key etc/open5gs/tls +configs/open5gs/tls/scp.crt etc/open5gs/tls configs/systemd/open5gs-scpd.service lib/systemd/system diff --git a/debian/open5gs-smf.install b/debian/open5gs-smf.install index fb5d2d66a..25573c679 100644 --- a/debian/open5gs-smf.install +++ b/debian/open5gs-smf.install @@ -1,4 +1,6 @@ usr/bin/open5gs-smfd configs/freeDiameter/smf.* etc/freeDiameter configs/open5gs/smf.yaml etc/open5gs +configs/open5gs/tls/smf.key etc/open5gs/tls +configs/open5gs/tls/smf.crt etc/open5gs/tls configs/systemd/open5gs-smfd.service lib/systemd/system diff --git a/debian/open5gs-udm.install b/debian/open5gs-udm.install index aa15fce4a..9f615885b 100644 --- a/debian/open5gs-udm.install +++ b/debian/open5gs-udm.install @@ -1,3 +1,5 @@ usr/bin/open5gs-udmd configs/open5gs/udm.yaml etc/open5gs +configs/open5gs/tls/udm.key etc/open5gs/tls +configs/open5gs/tls/udm.crt etc/open5gs/tls configs/systemd/open5gs-udmd.service lib/systemd/system diff --git a/debian/open5gs-udr.install b/debian/open5gs-udr.install index 488d48c96..c1b7add73 100644 --- a/debian/open5gs-udr.install +++ b/debian/open5gs-udr.install @@ -1,3 +1,5 @@ usr/bin/open5gs-udrd configs/open5gs/udr.yaml etc/open5gs +configs/open5gs/tls/udr.key etc/open5gs/tls +configs/open5gs/tls/udr.crt etc/open5gs/tls configs/systemd/open5gs-udrd.service lib/systemd/system diff --git a/docs/_docs/platform/05-macosx-apple-silicon.md b/docs/_docs/platform/05-macosx-apple-silicon.md index 77feadd06..b22e00c9b 100644 --- a/docs/_docs/platform/05-macosx-apple-silicon.md +++ b/docs/_docs/platform/05-macosx-apple-silicon.md @@ -96,6 +96,7 @@ $ brew install mongo-c-driver gnutls libgcrypt libidn libyaml libmicrohttpd nght Configure Homebrew PATH ```bash $ export PATH="/opt/homebrew/opt/bison/bin:/opt/homebrew/bin:$PATH" +$ export PKG_CONFIG_PATH="/opt/homebrew/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" $ export LIBRARY_PATH=/opt/homebrew/lib $ export C_INCLUDE_PATH=/opt/homebrew/include $ export CPLUS_INCLUDE_PATH=/opt/homebrew/include diff --git a/docs/_docs/platform/06-macosx-intel.md b/docs/_docs/platform/06-macosx-intel.md index 29b93d454..f29b30ee4 100644 --- a/docs/_docs/platform/06-macosx-intel.md +++ b/docs/_docs/platform/06-macosx-intel.md @@ -93,12 +93,17 @@ Install the depedencies for building the source code. $ brew install mongo-c-driver gnutls libgcrypt libidn libyaml libmicrohttpd nghttp2 pkg-config libusrsctp libtins talloc ``` -Install Bison and Create soft link. +Install Bison PATH ```bash $ brew install bison $ export PATH="/usr/local/opt/bison/bin:$PATH" ``` +Configure OpenSSL PKG_CONFIG_PATH +```bash +$ export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" +``` + Install Meson using Homebrew. ```bash $ brew install meson diff --git a/lib/app/ogs-context.c b/lib/app/ogs-context.c index 1b22523f2..884528075 100644 --- a/lib/app/ogs-context.c +++ b/lib/app/ogs-context.c @@ -62,6 +62,44 @@ ogs_app_context_t *ogs_app() return &self; } +bool ogs_app_tls_server_enabled(void) +{ + if (self.tls.enabled == OGS_APP_TLS_ENABLED_AUTO) { + if (self.tls.server.key && self.tls.server.cert) + return true; + else + return false; + } else if (self.tls.enabled == OGS_APP_TLS_ENABLED_YES) { + ogs_assert(self.tls.server.key); + ogs_assert(self.tls.server.cert); + return true; + } else if (self.tls.enabled == OGS_APP_TLS_ENABLED_NO) { + return false; + } else { + ogs_error("Unknown TLS enabled mode [%d]", self.tls.enabled); + return false; + } +} + +bool ogs_app_tls_client_enabled(void) +{ + if (self.tls.enabled == OGS_APP_TLS_ENABLED_AUTO) { + if (self.tls.client.key && self.tls.client.cert) + return true; + else + return false; + } else if (self.tls.enabled == OGS_APP_TLS_ENABLED_YES) { + ogs_assert(self.tls.client.key); + ogs_assert(self.tls.client.cert); + return true; + } else if (self.tls.enabled == OGS_APP_TLS_ENABLED_NO) { + return false; + } else { + ogs_error("Unknown TLS enabled mode [%d]", self.tls.enabled); + return false; + } +} + static void recalculate_pool_size(void) { self.pool.packet = self.max.ue * OGS_MAX_NUM_OF_PACKET_BUFFER; @@ -167,6 +205,8 @@ static void regenerate_all_timer_duration(void) static void app_context_prepare(void) { + self.tls.enabled = OGS_APP_TLS_ENABLED_AUTO; + #define USRSCTP_LOCAL_UDP_PORT 9899 self.usrsctp.udp_port = USRSCTP_LOCAL_UDP_PORT; @@ -234,6 +274,27 @@ static int app_context_validation(void) return OGS_ERROR; } + if (self.tls.enabled == OGS_APP_TLS_ENABLED_YES) { + + if (!self.tls.server.key) { + ogs_error("No Server Key"); + return OGS_ERROR; + } + if (!self.tls.server.cert) { + ogs_error("No Server Certificate"); + return OGS_ERROR; + } + + if (!self.tls.client.key) { + ogs_error("No Client Key"); + return OGS_ERROR; + } + if (!self.tls.client.cert) { + ogs_error("No Client Certificate"); + return OGS_ERROR; + } + } + return OGS_OK; } @@ -268,6 +329,65 @@ int ogs_app_context_parse_config(void) ogs_yaml_iter_value(&logger_iter); } } + } else if (!strcmp(root_key, "tls")) { + ogs_yaml_iter_t tls_iter; + ogs_yaml_iter_recurse(&root_iter, &tls_iter); + while (ogs_yaml_iter_next(&tls_iter)) { + const char *tls_key = ogs_yaml_iter_key(&tls_iter); + ogs_assert(tls_key); + if (!strcmp(tls_key, "enabled")) { + const char *v = ogs_yaml_iter_value(&tls_iter); + if (!strcmp(v, "auto")) + self.tls.enabled = OGS_APP_TLS_ENABLED_AUTO; + else if (!strcmp(v, "yes")) + self.tls.enabled = OGS_APP_TLS_ENABLED_YES; + else if (!strcmp(v, "no")) + self.tls.enabled = OGS_APP_TLS_ENABLED_NO; + else + ogs_warn("unknown 'tls.enabled' value `%s`", v); + } else if (!strcmp(tls_key, "server")) { + ogs_yaml_iter_t server_iter; + ogs_yaml_iter_recurse(&tls_iter, &server_iter); + + while (ogs_yaml_iter_next(&server_iter)) { + const char *server_key = + ogs_yaml_iter_key(&server_iter); + ogs_assert(server_key); + if (!strcmp(server_key, "cacert")) { + self.tls.server.cacert = + ogs_yaml_iter_value(&server_iter); + } else if (!strcmp(server_key, "cert")) { + self.tls.server.cert = + ogs_yaml_iter_value(&server_iter); + } else if (!strcmp(server_key, "key")) { + self.tls.server.key = + ogs_yaml_iter_value(&server_iter); + } else + ogs_warn("unknown key `%s`", server_key); + } + } else if (!strcmp(tls_key, "client")) { + ogs_yaml_iter_t client_iter; + ogs_yaml_iter_recurse(&tls_iter, &client_iter); + + while (ogs_yaml_iter_next(&client_iter)) { + const char *client_key = + ogs_yaml_iter_key(&client_iter); + ogs_assert(client_key); + if (!strcmp(client_key, "cacert")) { + self.tls.client.cacert = + ogs_yaml_iter_value(&client_iter); + } else if (!strcmp(client_key, "cert")) { + self.tls.client.cert = + ogs_yaml_iter_value(&client_iter); + } else if (!strcmp(client_key, "key")) { + self.tls.client.key = + ogs_yaml_iter_value(&client_iter); + } else + ogs_warn("unknown key `%s`", client_key); + } + } else + ogs_warn("unknown key `%s`", tls_key); + } } else if (!strcmp(root_key, "parameter")) { ogs_yaml_iter_t parameter_iter; ogs_yaml_iter_recurse(&root_iter, ¶meter_iter); diff --git a/lib/app/ogs-context.h b/lib/app/ogs-context.h index a27b821d1..f445b40a9 100644 --- a/lib/app/ogs-context.h +++ b/lib/app/ogs-context.h @@ -28,6 +28,12 @@ extern "C" { #endif +typedef enum { + OGS_APP_TLS_ENABLED_AUTO = 0, + OGS_APP_TLS_ENABLED_YES, + OGS_APP_TLS_ENABLED_NO, +} ogs_app_tls_enabled_mode_e; + typedef struct ogs_app_context_s { const char *version; @@ -43,6 +49,15 @@ typedef struct ogs_app_context_s { const char *domain; } logger; + struct { + ogs_app_tls_enabled_mode_e enabled; + struct { + const char *cacert; + const char *cert; + const char *key; + } server, client; + } tls; + ogs_queue_t *queue; ogs_timer_mgr_t *timer_mgr; ogs_pollset_t *pollset; @@ -177,6 +192,9 @@ int ogs_app_context_init(void); void ogs_app_context_final(void); ogs_app_context_t *ogs_app(void); +bool ogs_app_tls_server_enabled(void); +bool ogs_app_tls_client_enabled(void); + int ogs_app_context_parse_config(void); #ifdef __cplusplus diff --git a/lib/sbi/client.c b/lib/sbi/client.c index d51703170..94252e11a 100644 --- a/lib/sbi/client.c +++ b/lib/sbi/client.c @@ -98,18 +98,22 @@ void ogs_sbi_client_final(void) curl_global_cleanup(); } -ogs_sbi_client_t *ogs_sbi_client_add(ogs_sockaddr_t *addr) +ogs_sbi_client_t *ogs_sbi_client_add( + OpenAPI_uri_scheme_e scheme, ogs_sockaddr_t *addr) { ogs_sbi_client_t *client = NULL; CURLM *multi = NULL; + ogs_assert(scheme); ogs_assert(addr); ogs_pool_alloc(&client_pool, &client); ogs_assert(client); memset(client, 0, sizeof(ogs_sbi_client_t)); - ogs_debug("ogs_sbi_client_add()"); + client->scheme = scheme; + + ogs_debug("ogs_sbi_client_add[%s]", OpenAPI_uri_scheme_ToString(scheme)); OGS_OBJECT_REF(client); ogs_assert(OGS_OK == ogs_copyaddrinfo(&client->node.addr, addr)); @@ -183,14 +187,17 @@ void ogs_sbi_client_remove_all(void) ogs_sbi_client_remove(client); } -ogs_sbi_client_t *ogs_sbi_client_find(ogs_sockaddr_t *addr) +ogs_sbi_client_t *ogs_sbi_client_find( + OpenAPI_uri_scheme_e scheme, ogs_sockaddr_t *addr) { ogs_sbi_client_t *client = NULL; + ogs_assert(scheme); ogs_assert(addr); ogs_list_for_each(&ogs_sbi_self()->client_list, client) { - if (ogs_sockaddr_is_equal(client->node.addr, addr) == true) + if (client->scheme == scheme && + ogs_sockaddr_is_equal(client->node.addr, addr) == true) break; } @@ -302,7 +309,10 @@ static connection_t *connection_add( ogs_assert(request->h.method); ogs_pool_alloc(&connection_pool, &conn); - ogs_expect_or_return_val(conn, NULL); + if (!conn) { + ogs_error("ogs_pool_alloc() failed"); + return NULL; + } memset(conn, 0, sizeof(connection_t)); conn->client = client; @@ -628,7 +638,10 @@ bool ogs_sbi_client_send_request( ogs_debug("[%s] %s", request->h.method, request->h.uri); conn = connection_add(client, client_cb, request, data); - ogs_expect_or_return_val(conn, false); + if (!conn) { + ogs_error("connection_add() failed"); + return false; + } return true; } @@ -637,6 +650,8 @@ bool ogs_sbi_client_send_via_scp( ogs_sbi_client_t *client, ogs_sbi_client_cb_f client_cb, ogs_sbi_request_t *request, void *data) { + bool rc; + ogs_assert(request); ogs_assert(client); @@ -657,7 +672,7 @@ bool ogs_sbi_client_send_via_scp( apiroot = ogs_sbi_client_apiroot(client); ogs_assert(apiroot); - path = ogs_sbi_getpath_from_uri(request->h.uri); + rc = ogs_sbi_getpath_from_uri(&path, request->h.uri); ogs_assert(path); request->h.uri = ogs_msprintf("%s/%s", apiroot, path); @@ -670,10 +685,10 @@ bool ogs_sbi_client_send_via_scp( ogs_free(old); } - ogs_expect_or_return_val(true == - ogs_sbi_client_send_request(client, client_cb, request, data), false); + rc = ogs_sbi_client_send_request(client, client_cb, request, data); + ogs_expect(rc == true); - return true; + return rc; } static size_t write_cb(void *contents, size_t size, size_t nmemb, void *data) diff --git a/lib/sbi/client.h b/lib/sbi/client.h index 889d50bb3..c5ccaa8ba 100644 --- a/lib/sbi/client.h +++ b/lib/sbi/client.h @@ -58,11 +58,6 @@ typedef struct ogs_sbi_client_s { ogs_socknode_t node; OpenAPI_uri_scheme_e scheme; - struct { - const char *key; - const char *pem; - } tls; - ogs_timer_t *t_curl; /* timer for CURL */ ogs_list_t connection_list; /* CURL connection list */ @@ -77,10 +72,12 @@ typedef struct ogs_sbi_nf_instance_s ogs_sbi_nf_instance_t; void ogs_sbi_client_init(int num_of_sockinfo_pool, int num_of_connection_pool); void ogs_sbi_client_final(void); -ogs_sbi_client_t *ogs_sbi_client_add(ogs_sockaddr_t *addr); +ogs_sbi_client_t *ogs_sbi_client_add( + OpenAPI_uri_scheme_e scheme, ogs_sockaddr_t *addr); void ogs_sbi_client_remove(ogs_sbi_client_t *client); void ogs_sbi_client_remove_all(void); -ogs_sbi_client_t *ogs_sbi_client_find(ogs_sockaddr_t *addr); +ogs_sbi_client_t *ogs_sbi_client_find( + OpenAPI_uri_scheme_e scheme, ogs_sockaddr_t *addr); void ogs_sbi_client_stop(ogs_sbi_client_t *client); void ogs_sbi_client_stop_all(void); diff --git a/lib/sbi/context.c b/lib/sbi/context.c index e3553b99e..791c6ad1e 100644 --- a/lib/sbi/context.c +++ b/lib/sbi/context.c @@ -205,8 +205,6 @@ int ogs_sbi_context_parse_config( const char *hostname[OGS_MAX_NUM_OF_HOSTNAME]; int num_of_advertise = 0; const char *advertise[OGS_MAX_NUM_OF_HOSTNAME]; - const char *key = NULL; - const char *pem = NULL; uint16_t port = self.sbi_port; const char *dev = NULL; @@ -300,22 +298,6 @@ int ogs_sbi_context_parse_config( &sbi_iter, &option); if (rv != OGS_OK) return rv; is_option = true; - } else if (!strcmp(sbi_key, "tls")) { - ogs_yaml_iter_t tls_iter; - ogs_yaml_iter_recurse(&sbi_iter, &tls_iter); - - while (ogs_yaml_iter_next(&tls_iter)) { - const char *tls_key = - ogs_yaml_iter_key(&tls_iter); - ogs_assert(tls_key); - - if (!strcmp(tls_key, "key")) { - key = ogs_yaml_iter_value(&tls_iter); - } else if (!strcmp(tls_key, "pem")) { - pem = ogs_yaml_iter_value(&tls_iter); - } else - ogs_warn("unknown key `%s`", tls_key); - } } else ogs_warn("unknown key `%s`", sbi_key); } @@ -364,9 +346,6 @@ int ogs_sbi_context_parse_config( if (addr && ogs_app()->parameter.no_ipv4 == 0) ogs_sbi_server_set_advertise( server, AF_INET, addr); - - if (key) server->tls.key = key; - if (pem) server->tls.pem = pem; } node6 = ogs_list_first(&list6); if (node6) { @@ -377,9 +356,6 @@ int ogs_sbi_context_parse_config( if (addr && ogs_app()->parameter.no_ipv6 == 0) ogs_sbi_server_set_advertise( server, AF_INET6, addr); - - if (key) server->tls.key = key; - if (pem) server->tls.pem = pem; } if (addr) @@ -495,8 +471,6 @@ int ogs_sbi_context_parse_config( int i, num = 0; const char *hostname[OGS_MAX_NUM_OF_HOSTNAME]; uint16_t port = self.sbi_port; - const char *key = NULL; - const char *pem = NULL; if (ogs_yaml_iter_type(&sbi_array) == YAML_MAPPING_NODE) { @@ -552,22 +526,6 @@ int ogs_sbi_context_parse_config( } else if (!strcmp(sbi_key, "port")) { const char *v = ogs_yaml_iter_value(&sbi_iter); if (v) port = atoi(v); - } else if (!strcmp(sbi_key, "tls")) { - ogs_yaml_iter_t tls_iter; - ogs_yaml_iter_recurse(&sbi_iter, &tls_iter); - - while (ogs_yaml_iter_next(&tls_iter)) { - const char *tls_key = - ogs_yaml_iter_key(&tls_iter); - ogs_assert(tls_key); - - if (!strcmp(tls_key, "key")) { - key = ogs_yaml_iter_value(&tls_iter); - } else if (!strcmp(tls_key, "pem")) { - pem = ogs_yaml_iter_value(&tls_iter); - } else - ogs_warn("unknown key `%s`", tls_key); - } } else if (!strcmp(sbi_key, "advertise")) { /* Nothing in client */ } else @@ -588,13 +546,14 @@ int ogs_sbi_context_parse_config( if (addr == NULL) continue; - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add( + ogs_app_tls_client_enabled() == true ? + OpenAPI_uri_scheme_https : + OpenAPI_uri_scheme_http, + addr); ogs_assert(client); OGS_SBI_SETUP_CLIENT(self.nrf_instance, client); - if (key) client->tls.key = key; - if (pem) client->tls.pem = pem; - ogs_freeaddrinfo(addr); } while (ogs_yaml_iter_type(&sbi_array) == @@ -618,8 +577,6 @@ int ogs_sbi_context_parse_config( int i, num = 0; const char *hostname[OGS_MAX_NUM_OF_HOSTNAME]; uint16_t port = self.sbi_port; - const char *key = NULL; - const char *pem = NULL; if (ogs_yaml_iter_type(&sbi_array) == YAML_MAPPING_NODE) { @@ -675,22 +632,6 @@ int ogs_sbi_context_parse_config( } else if (!strcmp(sbi_key, "port")) { const char *v = ogs_yaml_iter_value(&sbi_iter); if (v) port = atoi(v); - } else if (!strcmp(sbi_key, "tls")) { - ogs_yaml_iter_t tls_iter; - ogs_yaml_iter_recurse(&sbi_iter, &tls_iter); - - while (ogs_yaml_iter_next(&tls_iter)) { - const char *tls_key = - ogs_yaml_iter_key(&tls_iter); - ogs_assert(tls_key); - - if (!strcmp(tls_key, "key")) { - key = ogs_yaml_iter_value(&tls_iter); - } else if (!strcmp(tls_key, "pem")) { - pem = ogs_yaml_iter_value(&tls_iter); - } else - ogs_warn("unknown key `%s`", tls_key); - } } else if (!strcmp(sbi_key, "advertise")) { /* Nothing in client */ } else @@ -711,13 +652,14 @@ int ogs_sbi_context_parse_config( if (addr == NULL) continue; - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add( + ogs_app_tls_client_enabled() == true ? + OpenAPI_uri_scheme_https : + OpenAPI_uri_scheme_http, + addr); ogs_assert(client); OGS_SBI_SETUP_CLIENT(self.scp_instance, client); - if (key) client->tls.key = key; - if (pem) client->tls.pem = pem; - ogs_freeaddrinfo(addr); } while (ogs_yaml_iter_type(&sbi_array) == @@ -991,6 +933,7 @@ ogs_sbi_nf_service_t *ogs_sbi_nf_service_add( nf_service->name = ogs_strdup(name); ogs_assert(nf_service->name); nf_service->scheme = scheme; + ogs_assert(nf_service->scheme); nf_service->status = OpenAPI_nf_service_status_REGISTERED; @@ -1322,7 +1265,6 @@ ogs_sbi_nf_service_t *ogs_sbi_nf_service_build_default( ogs_uuid_t uuid; char id[OGS_UUID_FORMATTED_LENGTH + 1]; char *hostname = NULL; - OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_assert(nf_instance); ogs_assert(name); @@ -1330,26 +1272,10 @@ ogs_sbi_nf_service_t *ogs_sbi_nf_service_build_default( ogs_uuid_get(&uuid); ogs_uuid_format(id, &uuid); - ogs_list_for_each(&ogs_sbi_self()->server_list, server) { - OpenAPI_uri_scheme_e s; - - if (server->tls.key && server->tls.pem) - s = OpenAPI_uri_scheme_https; - else - s = OpenAPI_uri_scheme_http; - - if (scheme == OpenAPI_uri_scheme_NULL) { - scheme = s; - } else if (scheme != s) { - ogs_fatal("Please CHECK CONFIGURATION - sbi[%d:%s]", - nf_instance->nf_type, - OpenAPI_nf_type_ToString(nf_instance->nf_type)); - ogs_assert_if_reached(); - return NULL; - } - } - - nf_service = ogs_sbi_nf_service_add(nf_instance, id, name, scheme); + nf_service = ogs_sbi_nf_service_add(nf_instance, id, name, + ogs_app_tls_server_enabled() == true ? + OpenAPI_uri_scheme_https : + OpenAPI_uri_scheme_http); ogs_assert(nf_service); hostname = NULL; @@ -1403,12 +1329,16 @@ ogs_sbi_nf_service_t *ogs_sbi_nf_service_build_default( return nf_service; } -static ogs_sbi_client_t *find_client_by_fqdn(char *fqdn, int port) +static ogs_sbi_client_t *find_client_by_fqdn( + OpenAPI_uri_scheme_e scheme, char *fqdn, int port) { int rv; ogs_sockaddr_t *addr = NULL; ogs_sbi_client_t *client = NULL; + ogs_assert(scheme); + ogs_assert(fqdn); + rv = ogs_getaddrinfo(&addr, AF_UNSPEC, fqdn, port ? port : ogs_sbi_self()->sbi_port, 0); if (rv != OGS_OK) { @@ -1416,9 +1346,9 @@ static ogs_sbi_client_t *find_client_by_fqdn(char *fqdn, int port) return NULL; } - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } @@ -1432,9 +1362,13 @@ static ogs_sbi_client_t *nf_instance_find_client( { ogs_sbi_client_t *client = NULL; ogs_sockaddr_t *addr = NULL; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; + + scheme = ogs_app_tls_client_enabled() == true ? + OpenAPI_uri_scheme_https : OpenAPI_uri_scheme_http; if (nf_instance->fqdn) - client = find_client_by_fqdn(nf_instance->fqdn, 0); + client = find_client_by_fqdn(scheme, nf_instance->fqdn, 0); if (!client) { /* At this point, CLIENT selection method is very simple. */ @@ -1442,9 +1376,9 @@ static ogs_sbi_client_t *nf_instance_find_client( if (nf_instance->num_of_ipv6) addr = nf_instance->ipv6[0]; if (addr) { - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } } @@ -1458,8 +1392,10 @@ static void nf_service_associate_client(ogs_sbi_nf_service_t *nf_service) ogs_sbi_client_t *client = NULL; ogs_sockaddr_t *addr = NULL; + ogs_assert(nf_service->scheme); + if (nf_service->fqdn) - client = find_client_by_fqdn(nf_service->fqdn, 0); + client = find_client_by_fqdn(nf_service->scheme, nf_service->fqdn, 0); if (!client) { /* At this point, CLIENT selection method is very simple. */ @@ -1470,10 +1406,9 @@ static void nf_service_associate_client(ogs_sbi_nf_service_t *nf_service) } if (addr) { - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(nf_service->scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); - client->scheme = nf_service->scheme; + client = ogs_sbi_client_add(nf_service->scheme, addr); ogs_assert(client); } } @@ -1654,6 +1589,10 @@ ogs_sbi_xact_t *ogs_sbi_xact_add( ogs_assert(sbi_object); ogs_pool_alloc(&xact_pool, &xact); + if (!xact) { + ogs_error("ogs_pool_alloc() failed"); + return NULL; + } ogs_expect_or_return_val(xact, NULL); memset(xact, 0, sizeof(ogs_sbi_xact_t)); diff --git a/lib/sbi/conv.c b/lib/sbi/conv.c index eb54cf829..7f231a72d 100644 --- a/lib/sbi/conv.c +++ b/lib/sbi/conv.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2019 by Sukchan Lee + * Copyright (C) 2019-2022 by Sukchan Lee * * This file is part of Open5GS. * @@ -79,34 +79,26 @@ char *ogs_uridup(bool https, ogs_sockaddr_t *addr, ogs_sbi_header_t *h) char *ogs_sbi_server_uri(ogs_sbi_server_t *server, ogs_sbi_header_t *h) { ogs_sockaddr_t *advertise = NULL; - bool https = false; ogs_assert(server); - if (server->tls.key && server->tls.pem) - https = true; - advertise = server->advertise; if (!advertise) advertise = server->node.addr; ogs_assert(advertise); - return ogs_uridup(https, advertise, h); + return ogs_uridup(ogs_app_tls_server_enabled() == true, advertise, h); } char *ogs_sbi_client_uri(ogs_sbi_client_t *client, ogs_sbi_header_t *h) { - bool https = false; - ogs_assert(client); - if (client->tls.key && client->tls.pem) - https = true; - else if (client->scheme == OpenAPI_uri_scheme_https) - https = true; - - return ogs_uridup(https, client->node.addr, h); + return ogs_uridup( + ogs_app_tls_client_enabled() == true && + client->scheme == OpenAPI_uri_scheme_https, + client->node.addr, h); } char *ogs_sbi_client_apiroot(ogs_sbi_client_t *client) @@ -160,14 +152,15 @@ char *ogs_sbi_parse_uri(char *uri, const char *delim, char **saveptr) return item; } -ogs_sockaddr_t *ogs_sbi_getaddr_from_uri(char *uri) +bool ogs_sbi_getaddr_from_uri( + OpenAPI_uri_scheme_e *scheme, ogs_sockaddr_t **addr, char *uri) { int rv; struct yuarel yuarel; char *p = NULL; int port; - ogs_sockaddr_t *addr = NULL; + ogs_assert(uri); p = ogs_strdup(uri); @@ -175,64 +168,67 @@ ogs_sockaddr_t *ogs_sbi_getaddr_from_uri(char *uri) if (rv != OGS_OK) { ogs_free(p); ogs_error("yuarel_parse() failed [%s]", uri); - return NULL; + return false; } if (!yuarel.scheme) { ogs_error("No http.scheme found [%s]", uri); ogs_free(p); - return NULL; + return false; } if (strcmp(yuarel.scheme, "https") == 0) { port = OGS_SBI_HTTPS_PORT; + *scheme = OpenAPI_uri_scheme_https; } else if (strcmp(yuarel.scheme, "http") == 0) { port = OGS_SBI_HTTP_PORT; + *scheme = OpenAPI_uri_scheme_http; } else { ogs_error("Invalid http.scheme [%s:%s]", yuarel.scheme, uri); ogs_free(p); - return NULL; + return false; } if (!yuarel.host) { ogs_error("No http.host found [%s]", uri); ogs_free(p); - return NULL; + return false; } if (yuarel.port) port = yuarel.port; - rv = ogs_getaddrinfo(&addr, AF_UNSPEC, yuarel.host, port, 0); + rv = ogs_getaddrinfo(addr, AF_UNSPEC, yuarel.host, port, 0); if (rv != OGS_OK) { ogs_error("ogs_getaddrinfo() failed [%s]", uri); ogs_free(p); - return NULL; + return false; } ogs_free(p); - return addr; + return true; } -char *ogs_sbi_getpath_from_uri(char *uri) +bool ogs_sbi_getpath_from_uri(char **path, char *uri) { int rv; struct yuarel yuarel; char *p = NULL; - char *path = NULL; + + ogs_assert(uri); p = ogs_strdup(uri); rv = yuarel_parse(&yuarel, p); if (rv != OGS_OK) { - ogs_free(p); ogs_error("yuarel_parse() failed [%s]", uri); - return NULL; + ogs_free(p); + return false; } if (!yuarel.scheme) { ogs_error("No http.scheme found [%s]", uri); ogs_free(p); - return NULL; + return false; } if (strcmp(yuarel.scheme, "https") == 0) { @@ -242,26 +238,26 @@ char *ogs_sbi_getpath_from_uri(char *uri) } else { ogs_error("Invalid http.scheme [%s:%s]", yuarel.scheme, uri); ogs_free(p); - return NULL; + return false; } if (!yuarel.host) { ogs_error("No http.host found [%s]", uri); ogs_free(p); - return NULL; + return false; } if (!yuarel.path) { ogs_error("No http.path found [%s]", uri); ogs_free(p); - return NULL; + return false; } - path = ogs_strdup(yuarel.path); - ogs_assert(path); + *path = ogs_strdup(yuarel.path); + ogs_assert(*path); ogs_free(p); - return path; + return true; } char *ogs_sbi_bitrate_to_string(uint64_t bitrate, int unit) diff --git a/lib/sbi/conv.h b/lib/sbi/conv.h index 4c0542338..d53a127d2 100644 --- a/lib/sbi/conv.h +++ b/lib/sbi/conv.h @@ -39,8 +39,9 @@ char *ogs_sbi_client_uri(ogs_sbi_client_t *client, ogs_sbi_header_t *h); char *ogs_sbi_parse_uri(char *uri, const char *delim, char **saveptr); -ogs_sockaddr_t *ogs_sbi_getaddr_from_uri(char *uri); -char *ogs_sbi_getpath_from_uri(char *uri); +bool ogs_sbi_getaddr_from_uri( + OpenAPI_uri_scheme_e *scheme, ogs_sockaddr_t **addr, char *uri); +bool ogs_sbi_getpath_from_uri(char **path, char *uri); #define OGS_SBI_BITRATE_BPS 0 #define OGS_SBI_BITRATE_KBPS 1 diff --git a/lib/sbi/meson.build b/lib/sbi/meson.build index d8e2239f7..bbebc0f25 100644 --- a/lib/sbi/meson.build +++ b/lib/sbi/meson.build @@ -51,9 +51,9 @@ libsbi_inc = include_directories('.') sbi_cc_flags = ['-DOGS_SBI_COMPILATION'] -libgnutls_dep = cc.find_library('gnutls', required : true) -libssl_dep = cc.find_library('ssl', required : true) -libcrypto_dep = cc.find_library('crypto', required : true) +libgnutls_dep = dependency('gnutls', required : true) +libssl_dep = dependency('libssl', required : true) +libcrypto_dep = dependency('libcrypto', required : true) libnghttp2_dep = dependency('libnghttp2', version: '>=1.18.1') libmicrohttpd_dep = dependency('libmicrohttpd', version: '>=0.9.40') libcurl_dep = dependency('libcurl', version: '>=7.52.1') diff --git a/lib/sbi/nghttp2-server.c b/lib/sbi/nghttp2-server.c index 5082ad3e6..b94145180 100644 --- a/lib/sbi/nghttp2-server.c +++ b/lib/sbi/nghttp2-server.c @@ -201,8 +201,11 @@ static int server_start(ogs_sbi_server_t *server, ogs_assert(addr); /* Create SSL CTX */ - if (server->tls.key && server->tls.pem) { - server->ssl_ctx = create_ssl_ctx(server->tls.key, server->tls.pem); + if (ogs_app_tls_server_enabled() == true) { + ogs_assert(ogs_app()->tls.server.key); + ogs_assert(ogs_app()->tls.server.cert); + server->ssl_ctx = create_ssl_ctx( + ogs_app()->tls.server.key, ogs_app()->tls.server.cert); if (!server->ssl_ctx) { ogs_error("Cannot create SSL CTX"); return OGS_ERROR; @@ -391,10 +394,15 @@ static bool server_send_rspmem_persistent( ogs_assert(response); + if (response->status >= 600) { + ogs_error("Invalid response status [%d]", response->status); + return false; + } + stream = ogs_pool_cycle(&stream_pool, stream); if (!stream) { ogs_error("stream has already been removed"); - return true; + return false; } sbi_sess = stream->session; @@ -416,11 +424,13 @@ static bool server_send_rspmem_persistent( nvlen++; nva = ogs_calloc(nvlen, sizeof(nghttp2_nv)); - ogs_expect_or_return_val(nva, false); + if (!nva) { + ogs_error("ogs_calloc() failed"); + return false; + } i = 0; - ogs_expect_or_return_val(response->status < 600, false); ogs_assert(strlen(status_string[response->status]) == 3); add_header(&nva[i++], ":status", status_string[response->status]); @@ -510,11 +520,18 @@ static ogs_sbi_stream_t *stream_add( ogs_assert(sbi_sess); ogs_pool_alloc(&stream_pool, &stream); - ogs_expect_or_return_val(stream, NULL); + if (!stream) { + ogs_error("ogs_pool_alloc() failed"); + return NULL; + } memset(stream, 0, sizeof(ogs_sbi_stream_t)); stream->request = ogs_sbi_request_new(); - ogs_expect_or_return_val(stream->request, NULL); + if (!stream->request) { + ogs_error("ogs_sbi_request_new() failed"); + ogs_pool_free(&stream_pool, stream); + return NULL; + } stream->stream_id = stream_id; sbi_sess->last_stream_id = stream_id; @@ -561,19 +578,31 @@ static ogs_sbi_session_t *session_add( ogs_assert(sock); ogs_pool_alloc(&session_pool, &sbi_sess); - ogs_expect_or_return_val(sbi_sess, NULL); + if (!sbi_sess) { + ogs_error("ogs_pool_alloc() failed"); + return NULL; + } memset(sbi_sess, 0, sizeof(ogs_sbi_session_t)); sbi_sess->server = server; sbi_sess->sock = sock; sbi_sess->addr = ogs_calloc(1, sizeof(ogs_sockaddr_t)); - ogs_expect_or_return_val(sbi_sess->addr, NULL); + if (!sbi_sess->addr) { + ogs_error("ogs_calloc() failed"); + ogs_pool_free(&session_pool, sbi_sess); + return NULL; + } memcpy(sbi_sess->addr, &sock->remote_addr, sizeof(ogs_sockaddr_t)); if (server->ssl_ctx) { sbi_sess->ssl = SSL_new(server->ssl_ctx); - ogs_expect_or_return_val(sbi_sess->ssl, NULL); + if (!sbi_sess->ssl) { + ogs_error("SSL_new() failed"); + ogs_pool_free(&session_pool, sbi_sess); + ogs_free(sbi_sess->addr); + return NULL; + } } ogs_list_add(&server->session_list, sbi_sess); @@ -666,7 +695,7 @@ static void accept_handler(short when, ogs_socket_t fd, void *data) SSL_set_accept_state(sbi_sess->ssl); err = SSL_accept(sbi_sess->ssl); if (err <= 0) { - ogs_error("SSL_accept failed: %s", ERR_error_string(ERR_get_error(), NULL)); + ogs_error("SSL_accept failed [%s]", ERR_error_string(ERR_get_error(), NULL)); session_remove(sbi_sess); return; } diff --git a/lib/sbi/nnrf-handler.c b/lib/sbi/nnrf-handler.c index e6b8fb7f3..ac60bf111 100644 --- a/lib/sbi/nnrf-handler.c +++ b/lib/sbi/nnrf-handler.c @@ -144,6 +144,11 @@ void ogs_nnrf_nfm_handle_nf_profile( continue; } + if (!NFService->scheme) { + ogs_error("No NFService.scheme"); + continue; + } + nf_service = ogs_sbi_nf_service_find_by_id( nf_instance, NFService->service_instance_id); if (!nf_service) { @@ -182,6 +187,11 @@ void ogs_nnrf_nfm_handle_nf_profile( continue; } + if (!NFService->scheme) { + ogs_error("No NFService.scheme"); + continue; + } + nf_service = ogs_sbi_nf_service_find_by_id( nf_instance, NFService->service_instance_id); if (!nf_service) { diff --git a/lib/sbi/path.c b/lib/sbi/path.c index 26a107a4f..9668a3001 100644 --- a/lib/sbi/path.c +++ b/lib/sbi/path.c @@ -219,14 +219,16 @@ bool ogs_sbi_discover_and_send(ogs_sbi_xact_t *xact) request->h.service.name, request->h.api.version); } } else { + bool rc; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; - addr = ogs_sbi_getaddr_from_uri(request->h.uri); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, request->h.uri); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_error("Invalid URL [%s]", request->h.uri); return false; } - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); ogs_freeaddrinfo(addr); } @@ -385,17 +387,19 @@ bool ogs_sbi_send_request_to_nf_instance( return false; } } else { + bool rc; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; char buf[OGS_ADDRSTRLEN]; - addr = ogs_sbi_getaddr_from_uri(request->h.uri); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, request->h.uri); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_error("[%s:%s] Invalid URL [%s]", OpenAPI_nf_type_ToString(nf_instance->nf_type), nf_instance->id, request->h.uri); return false; } - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { ogs_error("[%s:%s] Cannot find client [%s:%d]", OpenAPI_nf_type_ToString(nf_instance->nf_type), diff --git a/lib/sbi/server.c b/lib/sbi/server.c index 79789d0c9..af5cb8aad 100644 --- a/lib/sbi/server.c +++ b/lib/sbi/server.c @@ -179,7 +179,7 @@ bool ogs_sbi_server_send_error(ogs_sbi_stream_t *stream, if (message) { problem.type = ogs_msprintf("/%s/%s", message->h.service.name, message->h.api.version); - ogs_expect_or_return_val(problem.type, false); + ogs_expect(problem.type); if (message->h.resource.component[1]) problem.instance = ogs_msprintf("/%s/%s", message->h.resource.component[0], @@ -187,7 +187,7 @@ bool ogs_sbi_server_send_error(ogs_sbi_stream_t *stream, else problem.instance = ogs_msprintf("/%s", message->h.resource.component[0]); - ogs_expect_or_return_val(problem.instance, NULL); + ogs_expect(problem.instance); } if (status) { problem.is_status = true; diff --git a/lib/sbi/server.h b/lib/sbi/server.h index 45a4efccb..c112f9330 100644 --- a/lib/sbi/server.h +++ b/lib/sbi/server.h @@ -37,11 +37,6 @@ typedef struct ogs_sbi_server_s { ogs_socknode_t node; ogs_sockaddr_t *advertise; - struct { - const char *key; - const char *pem; - } tls; - SSL_CTX *ssl_ctx; int (*cb)(ogs_sbi_request_t *request, void *data); diff --git a/misc/ipv6_netconf.sh b/misc/ipv6-netconf.sh similarity index 100% rename from misc/ipv6_netconf.sh rename to misc/ipv6-netconf.sh diff --git a/misc/make-certs.sh b/misc/make-certs.sh new file mode 100755 index 000000000..5ec44b5df --- /dev/null +++ b/misc/make-certs.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +if [ 1 -ne $# ] +then + echo You must specify output directory : ./make-certs.sh ../config/tls + exit; +fi + +rm -rf demoCA +mkdir demoCA +echo 01 > demoCA/serial +touch demoCA/index.txt + +# CA self certificate +openssl req -new -x509 -days 3650 -newkey rsa:2048 -nodes -keyout $1/ca.key -out $1/ca.crt \ + -subj /CN=ca.localdomain/C=KO/ST=Seoul/O=NeoPlane + +for i in amf ausf bsf hss mme nrf nssf pcf pcrf scp smf udm udr testserver testclient +do + openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 \ + -out $1/$i.key + openssl req -new -key $1/$i.key -out $1/$i.csr \ + -subj /CN=$i.localdomain/C=KO/ST=Seoul/O=NeoPlane + openssl ca -batch -notext -days 3650 \ + -keyfile $1/ca.key -cert $1/ca.crt \ + -in $1/$i.csr -out $1/$i.crt -outdir . +done + +rm -rf demoCA +rm -f *.pem diff --git a/misc/make_certs.sh b/misc/make_certs.sh deleted file mode 100755 index 0f1642b6f..000000000 --- a/misc/make_certs.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -if [ 1 -ne $# ] -then - echo You must specify output directory : ./make_certs.sh ./freeDiameter - - exit; -fi - -rm -rf demoCA -mkdir demoCA -echo 01 > demoCA/serial -touch demoCA/index.txt - -# CA self certificate -openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out $1/cacert.pem -keyout cakey.pem -subj /CN=ca.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests - -#mme -openssl genrsa -out $1/mme.key.pem 1024 -openssl req -new -batch -out mme.csr.pem -key $1/mme.key.pem -subj /CN=mme.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests -openssl ca -cert $1/cacert.pem -days 3650 -keyfile cakey.pem -in mme.csr.pem -out $1/mme.cert.pem -outdir . -batch - -#hss -openssl genrsa -out $1/hss.key.pem 1024 -openssl req -new -batch -out hss.csr.pem -key $1/hss.key.pem -subj /CN=hss.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests -openssl ca -cert $1/cacert.pem -days 3650 -keyfile cakey.pem -in hss.csr.pem -out $1/hss.cert.pem -outdir . -batch - -#smf -openssl genrsa -out $1/smf.key.pem 1024 -openssl req -new -batch -out smf.csr.pem -key $1/smf.key.pem -subj /CN=smf.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests -openssl ca -cert $1/cacert.pem -days 3650 -keyfile cakey.pem -in smf.csr.pem -out $1/smf.cert.pem -outdir . -batch - -#pcrf -openssl genrsa -out $1/pcrf.key.pem 1024 -openssl req -new -batch -out pcrf.csr.pem -key $1/pcrf.key.pem -subj /CN=pcrf.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests -openssl ca -cert $1/cacert.pem -days 3650 -keyfile cakey.pem -in pcrf.csr.pem -out $1/pcrf.cert.pem -outdir . -batch - -rm -rf demoCA -rm -f 01.pem 02.pem 03.pem 04.pem -rm -f cakey.pem -rm -f mme.csr.pem hss.csr.pem smf.csr.pem pcrf.csr.pem diff --git a/src/amf/namf-handler.c b/src/amf/namf-handler.c index b9fecc9c6..c8ac83b33 100644 --- a/src/amf/namf-handler.c +++ b/src/amf/namf-handler.c @@ -219,9 +219,11 @@ int amf_namf_comm_handle_n1_n2_message_transfer( *********************************************/ if (CM_IDLE(amf_ue)) { + bool rc; ogs_sbi_server_t *server = NULL; ogs_sbi_header_t header; ogs_sbi_client_t *client = NULL; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; if (!N1N2MessageTransferReqData->n1n2_failure_txf_notif_uri) { @@ -230,9 +232,9 @@ int amf_namf_comm_handle_n1_n2_message_transfer( return OGS_ERROR; } - addr = ogs_sbi_getaddr_from_uri( + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, N1N2MessageTransferReqData->n1n2_failure_txf_notif_uri); - if (!addr) { + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_error("[%s:%d] Invalid URI [%s]", amf_ue->supi, sess->psi, N1N2MessageTransferReqData-> @@ -240,13 +242,12 @@ int amf_namf_comm_handle_n1_n2_message_transfer( return OGS_ERROR;; } - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } OGS_SBI_SETUP_CLIENT(&sess->paging, client); - ogs_freeaddrinfo(addr); status = OGS_SBI_HTTP_STATUS_ACCEPTED; diff --git a/src/amf/nnssf-handler.c b/src/amf/nnssf-handler.c index 84ed75380..19050bdd7 100644 --- a/src/amf/nnssf-handler.c +++ b/src/amf/nnssf-handler.c @@ -24,14 +24,16 @@ int amf_nnssf_nsselection_handle_get( amf_sess_t *sess, ogs_sbi_message_t *recvmsg) { - amf_ue_t *amf_ue = NULL; - + bool rc; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sbi_client_t *client = NULL, *scp_client = NULL; ogs_sockaddr_t *addr = NULL; OpenAPI_authorized_network_slice_info_t *AuthorizedNetworkSliceInfo = NULL; OpenAPI_nsi_information_t *NsiInformation = NULL; + amf_ue_t *amf_ue = NULL; + ogs_assert(sess); amf_ue = sess->amf_ue; ogs_assert(amf_ue); @@ -91,8 +93,8 @@ int amf_nnssf_nsselection_handle_get( amf_nsmf_pdusession_build_create_sm_context, sess, AMF_CREATE_SM_CONTEXT_NO_STATE, ¶m); } else { - addr = ogs_sbi_getaddr_from_uri(NsiInformation->nrf_id); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, NsiInformation->nrf_id); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_error("[%s:%d] Invalid URI [%s]", amf_ue->supi, sess->psi, NsiInformation->nrf_id); ogs_assert(OGS_OK == @@ -101,14 +103,13 @@ int amf_nnssf_nsselection_handle_get( return OGS_ERROR;; } - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } OGS_SBI_SETUP_CLIENT(&sess->nssf.nrf, client); - ogs_freeaddrinfo(addr); ogs_assert(true == amf_sess_sbi_discover_by_nsi( diff --git a/src/nrf/nnrf-handler.c b/src/nrf/nnrf-handler.c index 7e706aa35..78fc17b17 100644 --- a/src/nrf/nnrf-handler.c +++ b/src/nrf/nnrf-handler.c @@ -161,12 +161,14 @@ bool nrf_nnrf_handle_nf_update(ogs_sbi_nf_instance_t *nf_instance, bool nrf_nnrf_handle_nf_status_subscribe( ogs_sbi_stream_t *stream, ogs_sbi_message_t *recvmsg) { + bool rc; int status; ogs_sbi_response_t *response = NULL; OpenAPI_subscription_data_t *SubscriptionData = NULL; OpenAPI_subscription_data_subscr_cond_t *SubscrCond = NULL; ogs_sbi_subscription_data_t *subscription_data = NULL; ogs_sbi_client_t *client = NULL; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; ogs_uuid_t uuid; @@ -243,8 +245,9 @@ bool nrf_nnrf_handle_nf_status_subscribe( ogs_strdup(SubscriptionData->nf_status_notification_uri); ogs_assert(subscription_data->notification_uri); - addr = ogs_sbi_getaddr_from_uri(subscription_data->notification_uri); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, + subscription_data->notification_uri); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_assert(true == ogs_sbi_server_send_error( stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST, @@ -253,13 +256,12 @@ bool nrf_nnrf_handle_nf_status_subscribe( return false; } - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } OGS_SBI_SETUP_CLIENT(subscription_data, client); - ogs_freeaddrinfo(addr); if (subscription_data->time.validity_duration) { diff --git a/src/nssf/context.c b/src/nssf/context.c index 316599438..5e16df74c 100644 --- a/src/nssf/context.c +++ b/src/nssf/context.c @@ -113,7 +113,6 @@ int nssf_context_parse_config(void) uint16_t port = ogs_sbi_self()->sbi_port; const char *dev = NULL; ogs_sockaddr_t *addr = NULL; - const char *key = NULL, *pem = NULL; const char *sst = NULL, *sd = NULL; ogs_sockopt_t option; @@ -183,22 +182,6 @@ int nssf_context_parse_config(void) &nsi_iter, &option); if (rv != OGS_OK) return rv; is_option = true; - } else if (!strcmp(nsi_key, "tls")) { - ogs_yaml_iter_t tls_iter; - ogs_yaml_iter_recurse(&nsi_iter, &tls_iter); - - while (ogs_yaml_iter_next(&tls_iter)) { - const char *tls_key = - ogs_yaml_iter_key(&tls_iter); - ogs_assert(tls_key); - - if (!strcmp(tls_key, "key")) { - key = ogs_yaml_iter_value(&tls_iter); - } else if (!strcmp(tls_key, "pem")) { - pem = ogs_yaml_iter_value(&tls_iter); - } else - ogs_warn("unknown key `%s`", tls_key); - } } else if (!strcmp(nsi_key, "s_nssai")) { ogs_yaml_iter_t s_nssai_iter; ogs_yaml_iter_recurse(&nsi_iter, &s_nssai_iter); @@ -259,9 +242,6 @@ int nssf_context_parse_config(void) nssf_nsi_t *nsi = nssf_nsi_add(node->addr, atoi(sst), ogs_s_nssai_sd_from_string(sd)); ogs_assert(nsi); - - if (key) nsi->tls.key = key; - if (pem) nsi->tls.pem = pem; } node6 = ogs_list_first(&list6); if (node6) { @@ -270,9 +250,6 @@ int nssf_context_parse_config(void) nssf_nsi_t *nsi = nssf_nsi_add(node6->addr, atoi(sst), ogs_s_nssai_sd_from_string(sd)); ogs_assert(nsi); - - if (key) nsi->tls.key = key; - if (pem) nsi->tls.pem = pem; } ogs_socknode_remove_all(&list); @@ -358,18 +335,14 @@ nssf_nsi_t *nssf_nsi_find_by_s_nssai(ogs_s_nssai_t *s_nssai) char *nssf_nsi_nrf_uri(nssf_nsi_t *nsi) { ogs_sbi_header_t h; - bool https = false; ogs_assert(nsi); memset(&h, 0, sizeof(h)); - if (nsi->tls.key && nsi->tls.pem) - https = true; - h.service.name = (char *)OGS_SBI_SERVICE_NAME_NNRF_DISC; h.api.version = (char *)OGS_SBI_API_V1; h.resource.component[0] = (char *)OGS_SBI_RESOURCE_NAME_NF_INSTANCES; - return ogs_uridup(https, nsi->addr, &h); + return ogs_uridup(ogs_app_tls_server_enabled() == true, nsi->addr, &h); } diff --git a/src/nssf/context.h b/src/nssf/context.h index d29bedc4c..a1d90d62b 100644 --- a/src/nssf/context.h +++ b/src/nssf/context.h @@ -50,10 +50,6 @@ typedef struct nssf_nsi_s { char *nsi_id; ogs_sockaddr_t *addr; - struct { - const char *key; - const char *pem; - } tls; ogs_s_nssai_t s_nssai; } nssf_nsi_t; diff --git a/src/pcf/npcf-handler.c b/src/pcf/npcf-handler.c index d0651f8de..6f0bef2f8 100644 --- a/src/pcf/npcf-handler.c +++ b/src/pcf/npcf-handler.c @@ -24,12 +24,15 @@ bool pcf_npcf_am_policy_contrtol_handle_create(pcf_ue_t *pcf_ue, ogs_sbi_stream_t *stream, ogs_sbi_message_t *message) { + bool rc; + OpenAPI_policy_association_request_t *PolicyAssociationRequest = NULL; OpenAPI_guami_t *Guami = NULL; uint64_t supported_features = 0; ogs_sbi_client_t *client = NULL; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; ogs_assert(pcf_ue); @@ -69,8 +72,9 @@ bool pcf_npcf_am_policy_contrtol_handle_create(pcf_ue_t *pcf_ue, return false; } - addr = ogs_sbi_getaddr_from_uri(PolicyAssociationRequest->notification_uri); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, + PolicyAssociationRequest->notification_uri); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_error("[%s] Invalid URI [%s]", pcf_ue->supi, PolicyAssociationRequest->notification_uri); ogs_assert(true == @@ -85,13 +89,12 @@ bool pcf_npcf_am_policy_contrtol_handle_create(pcf_ue_t *pcf_ue, PolicyAssociationRequest->notification_uri); ogs_assert(pcf_ue->notification_uri); - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } OGS_SBI_SETUP_CLIENT(&pcf_ue->namf, client); - ogs_freeaddrinfo(addr); supported_features = @@ -157,6 +160,7 @@ bool pcf_npcf_am_policy_contrtol_handle_create(pcf_ue_t *pcf_ue, bool pcf_npcf_smpolicycontrol_handle_create(pcf_sess_t *sess, ogs_sbi_stream_t *stream, ogs_sbi_message_t *message) { + bool rc; int status = 0; char *strerror = NULL; pcf_ue_t *pcf_ue = NULL; @@ -165,6 +169,7 @@ bool pcf_npcf_smpolicycontrol_handle_create(pcf_sess_t *sess, OpenAPI_snssai_t *sliceInfo = NULL; ogs_sbi_client_t *client = NULL; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; ogs_assert(sess); @@ -239,8 +244,9 @@ bool pcf_npcf_smpolicycontrol_handle_create(pcf_sess_t *sess, goto cleanup; } - addr = ogs_sbi_getaddr_from_uri(SmPolicyContextData->notification_uri); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, + SmPolicyContextData->notification_uri); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { strerror = ogs_msprintf("[%s:%d] Invalid URI [%s]", pcf_ue->supi, sess->psi, SmPolicyContextData->notification_uri); status = OGS_SBI_HTTP_STATUS_BAD_REQUEST; @@ -267,13 +273,12 @@ bool pcf_npcf_smpolicycontrol_handle_create(pcf_sess_t *sess, sess->notification_uri = ogs_strdup(SmPolicyContextData->notification_uri); ogs_assert(sess->notification_uri); - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } OGS_SBI_SETUP_CLIENT(&sess->nsmf, client); - ogs_freeaddrinfo(addr); if (SmPolicyContextData->ipv4_address) @@ -372,12 +377,14 @@ cleanup: bool pcf_npcf_policyauthorization_handle_create(pcf_sess_t *sess, ogs_sbi_stream_t *stream, ogs_sbi_message_t *recvmsg) { + bool rc; int i, j, rv, status = 0; char *strerror = NULL; pcf_ue_t *pcf_ue = NULL; pcf_app_t *app_session = NULL; ogs_sbi_client_t *client = NULL; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; OpenAPI_app_session_context_t *AppSessionContext = NULL; @@ -463,8 +470,8 @@ bool pcf_npcf_policyauthorization_handle_create(pcf_sess_t *sess, goto cleanup; } - addr = ogs_sbi_getaddr_from_uri(AscReqData->notif_uri); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, AscReqData->notif_uri); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { strerror = ogs_msprintf("[%s:%d] Invalid URI [%s]", pcf_ue->supi, sess->psi, AscReqData->notif_uri); status = OGS_SBI_HTTP_STATUS_BAD_REQUEST; @@ -556,13 +563,12 @@ bool pcf_npcf_policyauthorization_handle_create(pcf_sess_t *sess, app_session->notif_uri = ogs_strdup(AscReqData->notif_uri); ogs_assert(app_session->notif_uri); - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } OGS_SBI_SETUP_CLIENT(&app_session->naf, client); - ogs_freeaddrinfo(addr); memset(&session_data, 0, sizeof(ogs_session_data_t)); diff --git a/src/scp/sbi-path.c b/src/scp/sbi-path.c index c15460fa7..c692b0d01 100644 --- a/src/scp/sbi-path.c +++ b/src/scp/sbi-path.c @@ -277,11 +277,14 @@ static int request_handler(ogs_sbi_request_t *request, void *data) ogs_free(apiroot); } else if (headers.target_apiroot) { + bool rc; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; /* Find or Add Client Instance */ - addr = ogs_sbi_getaddr_from_uri(headers.target_apiroot); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri( + &scheme, &addr, headers.target_apiroot); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_error("Invalid Target-apiRoot [%s]", headers.target_apiroot); @@ -291,13 +294,12 @@ static int request_handler(ogs_sbi_request_t *request, void *data) return OGS_ERROR; } - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } OGS_SBI_SETUP_CLIENT(assoc, client); - ogs_freeaddrinfo(addr); /* Setup New URI */ @@ -412,10 +414,12 @@ static int request_handler(ogs_sbi_request_t *request, void *data) /* Find or Add Client Instance */ if (nnrf_disc) { + bool rc; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; - addr = ogs_sbi_getaddr_from_uri(nnrf_disc); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, nnrf_disc); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_error("Invalid nnrf-disc [%s]", nnrf_disc); ogs_sbi_discovery_option_free(discovery_option); @@ -424,13 +428,12 @@ static int request_handler(ogs_sbi_request_t *request, void *data) return OGS_ERROR; } - nrf_client = ogs_sbi_client_find(addr); + nrf_client = ogs_sbi_client_find(scheme, addr); if (!nrf_client) { - nrf_client = ogs_sbi_client_add(addr); + nrf_client = ogs_sbi_client_add(scheme, addr); ogs_assert(nrf_client); } OGS_SBI_SETUP_CLIENT(assoc, nrf_client); - ogs_freeaddrinfo(addr); } diff --git a/src/smf/context.h b/src/smf/context.h index 37d52c9b8..c74269bc6 100644 --- a/src/smf/context.h +++ b/src/smf/context.h @@ -56,10 +56,10 @@ typedef enum { SMF_CTF_ENABLED_AUTO = 0, SMF_CTF_ENABLED_YES, SMF_CTF_ENABLED_NO, -} smf_ctf_enabled_mode; +} smf_ctf_enabled_mode_e; typedef struct smf_ctf_config_s { - smf_ctf_enabled_mode enabled; + smf_ctf_enabled_mode_e enabled; } smf_ctf_config_t; int smf_ctf_config_init(smf_ctf_config_t *ctf_config); diff --git a/src/smf/nsmf-handler.c b/src/smf/nsmf-handler.c index c01248582..b2143933c 100644 --- a/src/smf/nsmf-handler.c +++ b/src/smf/nsmf-handler.c @@ -26,12 +26,14 @@ bool smf_nsmf_handle_create_sm_context( smf_sess_t *sess, ogs_sbi_stream_t *stream, ogs_sbi_message_t *message) { + bool rc; smf_ue_t *smf_ue = NULL; ogs_nas_5gsm_header_t *gsm_header = NULL; ogs_pkbuf_t *n1smbuf = NULL; ogs_sbi_client_t *client = NULL; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_sockaddr_t *addr = NULL; OpenAPI_sm_context_create_data_t *SmContextCreateData = NULL; @@ -148,8 +150,9 @@ bool smf_nsmf_handle_create_sm_context( return false; } - addr = ogs_sbi_getaddr_from_uri(SmContextCreateData->sm_context_status_uri); - if (!addr) { + rc = ogs_sbi_getaddr_from_uri(&scheme, &addr, + SmContextCreateData->sm_context_status_uri); + if (rc == false || scheme == OpenAPI_uri_scheme_NULL) { ogs_error("[%s:%d] Invalid URI [%s]", smf_ue->supi, sess->psi, SmContextCreateData->sm_context_status_uri); @@ -184,13 +187,12 @@ bool smf_nsmf_handle_create_sm_context( ogs_strdup(SmContextCreateData->sm_context_status_uri); ogs_assert(sess->sm_context_status_uri); - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } OGS_SBI_SETUP_CLIENT(&sess->namf, client); - ogs_freeaddrinfo(addr); if (SmContextCreateData->dnn) { diff --git a/src/smf/sbi-path.c b/src/smf/sbi-path.c index ad04230cf..102a7b8ed 100644 --- a/src/smf/sbi-path.c +++ b/src/smf/sbi-path.c @@ -24,9 +24,17 @@ int smf_sbi_open(void) { ogs_sbi_nf_instance_t *nf_instance = NULL; - ogs_sbi_nf_instance_t *nrf_instance = NULL, *scp_instance = NULL; ogs_sbi_nf_service_t *service = NULL; + /* + * SMF can only run to support 4G EPC mode. + * + * If the SMF is only running in 4G EPC mode, + * it should not send NFRegister/NFStatusSubscribe messages to the NRF. + */ + if (ogs_list_count(&ogs_sbi_self()->server_list) == 0) + return OGS_OK; + /* Initialize SELF NF instance */ nf_instance = ogs_sbi_self()->nf_instance; ogs_assert(nf_instance); @@ -47,30 +55,18 @@ int smf_sbi_open(void) ogs_sbi_nf_service_add_allowed_nf_type(service, OpenAPI_nf_type_AMF); } - /* - * SMF can only run to support 4G EPC mode. - * - * If the SMF is only running in 4G EPC mode, - * it should not send NFRegister/NFStatusSubscribe messages to the NRF. - */ - nrf_instance = ogs_sbi_self()->nrf_instance; - scp_instance = ogs_sbi_self()->scp_instance; + /* Initialize NRF NF Instance */ + nf_instance = ogs_sbi_self()->nrf_instance; + if (nf_instance) + ogs_sbi_nf_fsm_init(nf_instance); - if (NF_INSTANCE_CLIENT(nrf_instance) || NF_INSTANCE_CLIENT(scp_instance)) { - - /* Initialize NRF NF Instance */ - nf_instance = ogs_sbi_self()->nrf_instance; - if (nf_instance) - ogs_sbi_nf_fsm_init(nf_instance); - - /* Build Subscription-Data */ - ogs_sbi_subscription_data_build_default( - OpenAPI_nf_type_AMF, OGS_SBI_SERVICE_NAME_NAMF_COMM); - ogs_sbi_subscription_data_build_default( - OpenAPI_nf_type_PCF, OGS_SBI_SERVICE_NAME_NPCF_SMPOLICYCONTROL); - ogs_sbi_subscription_data_build_default( - OpenAPI_nf_type_UDM, OGS_SBI_SERVICE_NAME_NUDM_SDM); - } + /* Build Subscription-Data */ + ogs_sbi_subscription_data_build_default( + OpenAPI_nf_type_AMF, OGS_SBI_SERVICE_NAME_NAMF_COMM); + ogs_sbi_subscription_data_build_default( + OpenAPI_nf_type_PCF, OGS_SBI_SERVICE_NAME_NPCF_SMPOLICYCONTROL); + ogs_sbi_subscription_data_build_default( + OpenAPI_nf_type_UDM, OGS_SBI_SERVICE_NAME_NUDM_SDM); if (ogs_sbi_server_start_all(ogs_sbi_server_handler) != OGS_OK) return OGS_ERROR; diff --git a/tests/af/context.c b/tests/af/context.c index 8c64b29b9..f4e0bdead 100644 --- a/tests/af/context.c +++ b/tests/af/context.c @@ -266,12 +266,16 @@ af_sess_t *af_sess_find_by_pcf_app_session_id(char *pcf_app_session_id) pcf_app_session_id, strlen(pcf_app_session_id)); } -static ogs_sbi_client_t *find_client_by_fqdn(char *fqdn, int port) +static ogs_sbi_client_t *find_client_by_fqdn( + OpenAPI_uri_scheme_e scheme, char *fqdn, int port) { int rv; ogs_sockaddr_t *addr = NULL; ogs_sbi_client_t *client = NULL; + ogs_assert(scheme); + ogs_assert(fqdn); + rv = ogs_getaddrinfo(&addr, AF_UNSPEC, fqdn, port ? port : ogs_sbi_self()->sbi_port, 0); if (rv != OGS_OK) { @@ -279,9 +283,9 @@ static ogs_sbi_client_t *find_client_by_fqdn(char *fqdn, int port) return NULL; } - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } @@ -294,11 +298,15 @@ void af_sess_associate_pcf_client(af_sess_t *sess) { ogs_sbi_client_t *client = NULL; ogs_sockaddr_t *addr = NULL; + OpenAPI_uri_scheme_e scheme = OpenAPI_uri_scheme_NULL; ogs_assert(sess); + scheme = ogs_app_tls_client_enabled() == true ? + OpenAPI_uri_scheme_https : OpenAPI_uri_scheme_http; + if (sess->pcf.fqdn && strlen(sess->pcf.fqdn)) - client = find_client_by_fqdn(sess->pcf.fqdn, 0); + client = find_client_by_fqdn(scheme, sess->pcf.fqdn, 0); if (!client) { /* At this point, CLIENT selection method is very simple. */ @@ -309,9 +317,9 @@ void af_sess_associate_pcf_client(af_sess_t *sess) } if (addr) { - client = ogs_sbi_client_find(addr); + client = ogs_sbi_client_find(scheme, addr); if (!client) { - client = ogs_sbi_client_add(addr); + client = ogs_sbi_client_add(scheme, addr); ogs_assert(client); } }