On 29.01.21 at 22:33 Ruisheng Peng wrote:
Thanks for the detailed explanation Michael.I stop the current asterisk process (started by systemd), and restart it as asterisk: [asterisk@voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq -vvv -C /etc/asterisk/asterisk.conf from the log there was no attempt to even open the cert file. I edited /etc/asterisk/pjsip.conf to add a "method = tlsv1" line to the transport-tls section. Rerun the strace command, and here the part re cert files: 8189 stat("/home/asterisk/certs/asterisk.crt", {st_mode=S_IFREG|0640, st_size=1 212, ...}) = 0 8189 geteuid() = 1002 8189 getegid() = 1002 8189 getuid() = 1002 8189 getgid() = 1002 8189 access("/home/asterisk/certs/asterisk.crt", R_OK) = 0 8189 stat("/home/asterisk/certs/asterisk.key", {st_mode=S_IFREG|0640, st_size=8 91, ...}) = 0 8189 geteuid() = 1002 8189 getegid() = 1002 8189 getuid() = 1002 8189 getgid() = 1002 8189 access("/home/asterisk/certs/asterisk.key", R_OK) = 0 8189 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16 8189 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1 ENOPROTOOPT (
I'm missing the "open" (or "openat") and the following "read" call - weren't there any or didn't you post them? These are the important calls! They will show, if the file is used at all or not (and possibly the reason, why it is not used - EACCESS e.g.).
Thanks Michael -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
