Michael, There weren't any open or openat actions on the cert files (located under /home/asterisk/certs). The same is true for cert files located under /etc/asterisk/keys:
24138 stat("/etc/asterisk/keys/fullchain.pem", {st_mode=S_IFREG|0640, st_size=34 44, ...}) = 0 24138 geteuid() = 1002 24138 getegid() = 1002 24138 getuid() = 1002 24138 getgid() = 1002 24138 access("/etc/asterisk/keys/fullchain.pem", R_OK) = 0 24138 stat("/etc/asterisk/keys/privkey.pem", {st_mode=S_IFREG|0640, st_size=1704 , ...}) = 0 24138 geteuid() = 1002 24138 getegid() = 1002 24138 getuid() = 1002 24138 getgid() = 1002 24138 access("/etc/asterisk/keys/privkey.pem", R_OK) = 0 24138 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16 24138 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1 ENOPROTOOPT ( Protocol not available) 24138 setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 24138 setsockopt(16, SOL_TCP, TCP_NODELAY, [1], 4) = 0 24138 bind(16, {sa_family=AF_INET, sin_port=htons(5061), sin_addr=inet_addr("0.0 .0.0")}, 16) = 0 24138 listen(16, 5) = 0 24138 ioctl(16, FIONBIO, [1]) = 0 24138 getsockopt(16, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 24138 epoll_ctl(11, EPOLL_CTL_ADD, 16, {EPOLLIN|EPOLLERR, {u32=23894976, u64=238 94976}}) = 0 24138 accept(16, 0x1a765c0, [28]) = -1 EAGAIN (Resource temporarily unavai lable) 24138 getsockname(16, {sa_family=AF_INET, sin_port=htons(5061), sin_addr=inet_ad dr("0.0.0.0")}, [16]) = 0 In the latter case transport-tls was successfully established. On Fri, Jan 29, 2021 at 9:42 PM Michael Maier <m1278...@mailbox.org> wrote: > > On 29.01.21 at 22:33 Ruisheng Peng wrote: > > Thanks for the detailed explanation Michael. > > > > I stop the current asterisk process (started by systemd), and restart it > as > > asterisk: > > > > [asterisk@voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq > > -vvv -C /etc/asterisk/asterisk.conf > > > > > > from the log there was no attempt to even open the cert file. I edited > > /etc/asterisk/pjsip.conf to add a "method = tlsv1" line to the > > transport-tls section. Rerun the strace command, and here the part re > cert > > files: > > > > 8189 stat("/home/asterisk/certs/asterisk.crt", {st_mode=S_IFREG|0640, > > st_size=1 > > > > 212, ...}) = 0 > > > > 8189 geteuid() = 1002 > > > > 8189 getegid() = 1002 > > > > 8189 getuid() = 1002 > > > > 8189 getgid() = 1002 > > > > 8189 access("/home/asterisk/certs/asterisk.crt", R_OK) = 0 > > > > 8189 stat("/home/asterisk/certs/asterisk.key", {st_mode=S_IFREG|0640, > > st_size=8 > > > > 91, ...}) = 0 > > > > 8189 geteuid() = 1002 > > > > 8189 getegid() = 1002 > > > > 8189 getuid() = 1002 > > > > 8189 getgid() = 1002 > > > > 8189 access("/home/asterisk/certs/asterisk.key", R_OK) = 0 > > > > 8189 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16 > > > > 8189 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1 > > ENOPROTOOPT ( > > I'm missing the "open" (or "openat") and the following "read" call - > weren't there > any or didn't you post them? These are the important calls! They will > show, if the > file is used at all or not (and possibly the reason, why it is not used - > EACCESS > e.g.). > > > Thanks > Michael > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users