On 29.01.21 at 22:33 Ruisheng Peng wrote:
Thanks for the detailed explanation Michael.
I stop the current asterisk process (started by systemd), and restart it as
asterisk:
[asterisk@voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq
-vvv -C /etc/asterisk/asterisk.conf
from the log there was no attempt to even open the cert file. I edited
/etc/asterisk/pjsip.conf to add a "method = tlsv1" line to the
transport-tls section. Rerun the strace command, and here the part re cert
files:
8189 stat("/home/asterisk/certs/asterisk.crt", {st_mode=S_IFREG|0640,
st_size=1
212, ...}) = 0
8189 geteuid() = 1002
8189 getegid() = 1002
8189 getuid() = 1002
8189 getgid() = 1002
8189 access("/home/asterisk/certs/asterisk.crt", R_OK) = 0
8189 stat("/home/asterisk/certs/asterisk.key", {st_mode=S_IFREG|0640,
st_size=8
91, ...}) = 0
8189 geteuid() = 1002
8189 getegid() = 1002
8189 getuid() = 1002
8189 getgid() = 1002
8189 access("/home/asterisk/certs/asterisk.key", R_OK) = 0
8189 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16
8189 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1
ENOPROTOOPT (
I'm missing the "open" (or "openat") and the following "read" call - weren't there
any or didn't you post them? These are the important calls! They will show, if the
file is used at all or not (and possibly the reason, why it is not used - EACCESS
e.g.).
Thanks
Michael
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users