Re: [OpenSIPS-Users] ERROR:core:parse_via: bad port

2015-07-28 Thread Nabeel 
I just found that this error only occurs on mobile network connections, not
on Wi-Fi.  So something in the mobile network IP may be malforming the via
header?

ERROR:core:parse_via: bad port
ERROR:core:parse_via:  #015#012From:
;tag=z9hG4bK88229229#015#012Call-ID:
598445986695@10.31.188.230#015#012CSeq: 1 CANCEL#015#012Contact:
#015#012Expires:
3600#015#012User-Agent: Glowcall/1.3.4/MP-S168#015#012Content-Length:
0#015#012#015#012>
ERROR:core:parse_via: parsed so far:
ERROR:core:get_hdr_field: bad via
DBG:core:set_err_info: ec: 1, el: 3, ei: 'error parsing Via'
DBG:core:get_hdr_field: error exit
INFO:core:parse_headers: bad header field
ERROR:core:parse_msg: message=#015#012From:
;tag=z9hG4bK88229229#015#012Call-ID:
598445986695@10.31.188.230#015#012CSeq: 1 CANCEL#015#012Contact:
#015#012Expires:
3600#015#012User-Agent: Glowcall/1.3.4/MP-S168#015#012Content-Length:
0#015#012#015#012>
ERROR:core:receive_msg: Unable to parse msg received from [
188.29.165.19:55041]
ERROR:core:tcp_handle_req: receive_msg failed
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] ERROR:core:parse_via: bad port

2015-07-28 Thread Nabeel 
I just found that this error only occurs on mobile network connections, not
on Wi-Fi.  So something in the mobile network IP


On 27 July 2015 at 18:42, Nabeel  wrote:

> I am using rtpproxy with OpenSIPS, I can register to the server but I get
> the following error when making a call:
>
> ERROR:core:parse_via: bad port
> ERROR:core:parse_via:   10.31.188.230:38703:-1;rport;branch=z9hG4bK66793#015#012Max-Forwards:
> 70#015#012To: 
> #015#012From:
> ;tag=z9hG4bK07391365#015#012Call-ID:
> 638873549209@10.31.188.230#015#012CSeq
> : 1
> CANCEL#015#012Contact: 
> #015#012Expires:
> 3600#015#012User-Agent: Name/1.3.4/MP-S168#015#012Content-Length:
> 0#015#012#015#012>
> ERROR:core:parse_via: parsed so far:
> ERROR:core:get_hdr_field: bad via
> DBG:core:set_err_info: ec: 1, el: 3, ei: 'error parsing Via'
> DBG:core:get_hdr_field: error exit
>
> The config I'm using:
>
> modparam("registrar","received_avp", "$avp(42)")
> modparam("usrloc","nat_bflag",6)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper", "natping_tcp", 1)
> modparam("nathelper", "sipping_bflag", 7)
> modparam("nathelper", "natping_interval", 5)
> modparam("nathelper", "sipping_from", "sip:pinger at PUBLIC-IP:5060")
> modparam("nathelper", "received_avp", "$avp(i:801)")
> modparam("nathelper", "nortpproxy_str", "")
> modparam("rtpproxy", "rtpproxy_sock", "udp:PUBLIC-IP:7890")
> modparam("nat_traversal", "keepalive_state_file", "/etc/keepalive_state")
> modparam("nat_traversal", "keepalive_interval", 5)
>
>
> How do I fix this?
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] TLS client simple testing. What is a good result when handshake works?

2015-07-28 Thread Nabeel 
Hi,

You are getting the message "self signed certificate in certificate chain"
because you haven't included your server's root certificate in the command,
with either -CApath or -CAfile option, for example add the following to the
command: -CApath /etc/ssl/certs

Then the response you receive should look like the following:

Start Time: 1438129754
Timeout   : 300 (sec)
Verify return code: 0 (ok)


On 28 July 2015 at 20:12, Rodrigo Pimenta Carvalho 
wrote:

>  Hi.
>
> I have followed the tutorial about setting up the TLS. (
> http://www.opensips.org/Documentation/Tutorials-TLS-2-1 ). Then, I have
> run the command: "
>
> openssl s_client -showcerts -debug -connect : -no_ssl2 
> -bugs", to test the handshake.
>
> But, what is an example of result for this command, telling me that 
> everything is ok?
>
> I got:
>
> CONNECTED(0003)
> ...
> ...
> ...
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ..
> ..
> ..
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1567 bytes and written 285 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol  : TLSv1
> Cipher: AES256-SHA
> Session-ID:
> Session-ID-ctx:
> Master-Key: 
> 90D6174E13EFDF2317B8F24D0AEBC5A56C3633D7DFC1BF8ADF186672CD9F26B5D812BE595775DFE6416C31DDE736D217
> Key-Arg   : None
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> Start Time: 1438110339
> Timeout   : 300 (sec)
> Verify return code: 19 (self signed certificate in certificate chain)
>
> So, did the handshake work? If not, what might be wrong?
> Any hint will be very helpful!
>
> Best Regards.
>
>
>   RODRIGO PIMENTA CARVALHO
> Inatel Competence Center
> Software
> Ph: +55 35 3471 9200 RAMAL 979
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] TLS client simple testing. What is a good result when handshake works?

2015-07-28 Thread Rodrigo Pimenta Carvalho 
Hi.

I have followed the tutorial about setting up the TLS. ( 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1 ). Then, I have run the 
command: "

openssl s_client -showcerts -debug -connect : -no_ssl2 
-bugs", to test the handshake.

But, what is an example of result for this command, telling me that everything 
is ok?

I got:

CONNECTED(0003)
...
...
...
verify error:num=19:self signed certificate in certificate chain
verify return:0
..
..
..
---
No client certificate CA names sent
---
SSL handshake has read 1567 bytes and written 285 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1
Cipher: AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 
90D6174E13EFDF2317B8F24D0AEBC5A56C3633D7DFC1BF8ADF186672CD9F26B5D812BE595775DFE6416C31DDE736D217
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1438110339
Timeout   : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

So, did the handshake work? If not, what might be wrong?
Any hint will be very helpful!

Best Regards.



RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] ERROR:core:io_watch_del: BUG - trying to del fd 38 with flags 2 1

2015-07-28 Thread Bogdan-Andrei Iancu 

Hi Rahul,

These are great news - that you finda way to reproduce it. Let me do it 
and start debugging.


I really do appreciate your effort in dealing with this error.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 24.07.2015 00:19, Gupta, Rahul wrote:


Hi Bogdan,

Almost a month ago, I have raised the issue regarding the opensips log 
file filling up with the following message


ERROR:core:io_watch_del: BUG - trying to del fd 38 with flags 2 1

Now I can reproduce it every time with the following scenario:

1)UAC and UAS are connected to opensips proxy with TCP transport

2)Connections looks good

3)Netstat shows the connection to UAC in ESTABLISHED state and the 
tcp_conn_lists of opensips also looks fine for that UAC


4)Now unplug the Ethernet cable on UAC

5)After tcp connection timeout (set to 5 mins in opensips.cfg), the 
tcp connection goes away from netstat as well as from tcp_conn_lists


6)UAS tries another tcp call to the UAC which is still unplugged

7)tcp_conn_lists shows the tcp connection to the UAC and netstat shows 
the connection in SYN_SENT state


8)After the tcp connection timeout (set to 5 mins in opensips.cfg), 
the connection goes away from netstat however it remains there in 
tcp_conn_lists and at that moment the “BUG - trying to del fd 38 with 
flags 2 1” starts printing in infinite loop.


I looked at the source code and observed the following

1)When the network cable is plugged in

The io_watch_add happens with flag IO_WATCH_READ in tcp_main.c  when 
the command is CONN_NEW


2)When the network cable is unplugged

The io_watch_add happens with flag IO_WATCH_WRITE in tcp_main.c  when 
the command is ASYNC_CONNECT


3)While doing io_watch_del after timeout, from handle_tcpconn_ev 
method, io_watch_del always uses IO_WATCH_READ to delete the fd, which 
gives this error in case of unplugged cable.


Please look into this and suggest how can I fix this issue ?

Thanks

Rahul Gupta

--

DISCLAIMER: This e-mail may contain information that is confidential, 
privileged or otherwise protected from disclosure. If you are not an 
intended recipient of this e-mail, do not duplicate or redistribute it 
by any means. Please delete it and any attachments and notify the 
sender that you have received it in error. Unintended recipients are 
prohibited from taking action on the basis of information in this 
e-mail.E-mail messages may contain computer viruses or other defects, 
may not be accurately replicated on other systems, or may be 
intercepted, deleted or interfered with without the knowledge of the 
sender or the intended recipient. If you are not comfortable with the 
risks associated with e-mail messages, you may decide not to use 
e-mail to communicate with IPC. IPC reserves the right, to the extent 
and under circumstances permitted by applicable law, to retain, 
monitor and intercept e-mail messages to and from its systems.




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

2015-07-28 Thread Rodrigo Pimenta Carvalho 
Hi.

Ticket was opened!

Regards.


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

De: users-boun...@lists.opensips.org  em nome 
de Liviu Chircu 
Enviado: terça-feira, 28 de julho de 2015 10:50
Para: users@lists.opensips.org
Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in 
OpenSIPS 2.2. What should I check? Default example worked.

Usually between 7 - 14 days, with the occasional exceptions.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 16:42, Rodrigo Pimenta Carvalho wrote:

Hi Liviu.


I have just investigated a bit more about the issue.


The problem is related to the creation of the files (following the tutorial on 
page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1).
 There is no problem to read the files (read CAKey or cert files)

I have concluded it because I replaced the OpenSIPS certificate files by others 
that I had generated in 2014 using another tutorial.


Ok. I will open a GitHub ticket now.


We are working in a project that will have to use OpenSIPS 2.2. Do you know, in 
an average, how long does it take to have a new ticket solved and closed?


Thank you very much for pointing the way of opening a Github ticket!


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

De: users-boun...@lists.opensips.org 
 em 
nome de Liviu Chircu 
Enviado: terça-feira, 28 de julho de 2015 10:30
Para: users@lists.opensips.org
Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in 
OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

It's just a web portal, you can find it here [1]. Register a new account, open 
a new issue, describe/explain it as best as you can, and we'll do our best to 
have it fixed and buried! Many thanks!

[1]: 
https://github.com/OpenSIPS/opensips/issues?q=is%3Aopen+is%3Aissue+label%3Abug

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 15:56, Rodrigo Pimenta Carvalho wrote:

Hi Liviu.


Your hint has worked.

So, could you send me the instructions on how to open a GitHub ticket? I still 
don't know how to open this, because I'm new on Git.

While you send me the instructions, I will try to use old certificate files 
that I have since 2014, just to see if the issue is about reading or creating 
the files via OpenSIPS.


Many thanks.


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

De: users-boun...@lists.opensips.org 
 em 
nome de Liviu Chircu 
Enviado: terça-feira, 28 de julho de 2015 02:54
Para: users@lists.opensips.org
Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in 
OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

Could you try to decrypt the key manually (i.e. remove the passphrase), and use 
the resulting key in OpenSIPS? You can use the following example:


cp your_key your_key.bak
openssl rsa -in your_key -out new_key

If this works for you, could you please open a GitHub ticket? Many thanks!

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote:

Hi.


1 - I have read and followed all the instructions on page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1 . It is about how to 
set up TLS in OpenSIPS 2.1. Good tutorial for beginners. But, there is no 
tutorial for it in version 2.2

2 - I have read all the instructions from page 
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . This is the 
OpenSIPS TLS Module Guide.


3 - Considering all instructions I have learnt today, I wrote the following 
configuration:





loadmodule "proto_tls.so"

modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "0")
modparam("proto_tls","tls_method", "tlsv1")

#modparam("proto_tls","certificate", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")
# This line was generated automatically, after using the make menuconfig. It 
works very well.
#modparam("proto_tls","private_key", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")   # 
This line was generated automatically, after using the make menuconfig. It 
works very well.
#modparam("proto_tls","ca_list", 
"/usr/local/opensips_proxy/etc/opensips/tl

Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

2015-07-28 Thread Liviu Chircu 

Usually between 7 - 14 days, with the occasional exceptions.

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 16:42, Rodrigo Pimenta Carvalho wrote:


Hi Liviu.


I have just investigated a bit more about the issue.


The problem is related to the creation of the files (following the 
tutorial on page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1). 
 There is no 
problem to read the files (read CAKey or cert files)


I have concluded it because I replaced the OpenSIPS certificate files 
by others that I had generated in 2014 using another tutorial.



Ok. I will open a GitHub ticket now.


We are working in a project that will have to use OpenSIPS 2.2. Do you 
know, in an average, how long does it take to have a new ticket solved 
and closed?



Thank you very much for pointing the way of opening a Github ticket!


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

*De:* users-boun...@lists.opensips.org 
 em nome de Liviu Chircu 


*Enviado:* terça-feira, 28 de julho de 2015 10:30
*Para:* users@lists.opensips.org
*Assunto:* Re: [OpenSIPS-Users] Unable to load my private key file 
(TLS) in OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

It's just a web portal, you can find it here [1]. Register a new 
account, open a new issue, describe/explain it as best as you can, and 
we'll do our best to have it fixed and buried! Many thanks!


[1]: 
https://github.com/OpenSIPS/opensips/issues?q=is%3Aopen+is%3Aissue+label%3Abug


Best regards,
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 28.07.2015 15:56, Rodrigo Pimenta Carvalho wrote:


Hi Liviu.


Your hint has worked.

So, could you send me the instructions on how to open a GitHub 
ticket? I still don't know how to open this, because I'm new on Git.


While you send me the instructions, I will try to use old certificate 
files that I have since 2014, just to see if the issue is about 
reading or creating the files via OpenSIPS.



Many thanks.


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

*De:* users-boun...@lists.opensips.org 
 em nome de Liviu Chircu 


*Enviado:* terça-feira, 28 de julho de 2015 02:54
*Para:* users@lists.opensips.org
*Assunto:* Re: [OpenSIPS-Users] Unable to load my private key file 
(TLS) in OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

Could you try to decrypt the key manually (i.e. remove the 
passphrase), and use the resulting key in OpenSIPS? You can use the 
following example:


cp your_keyyour_key.bak
openssl rsa -inyour_key  -out new_key
If this works for you, could you please open a GitHub ticket? Many 
thanks!


Best regards,
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote:


Hi.


1 - I have read and followed all the instructions on page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1 . It is 
about how to set up TLS in OpenSIPS 2.1. Good tutorial for 
beginners. But, there is no tutorial for it in version 2.2


2 - I have read all the instructions from page 
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . 
This is the OpenSIPS TLS Module Guide.



3 - Considering all instructions I have learnt today, I wrote the 
following configuration:






loadmodule "proto_tls.so"

modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "0")
modparam("proto_tls","tls_method", "tlsv1")

#modparam("proto_tls","certificate", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem") 
   # This line was generated automatically, after using the make 
menuconfig. It works very well.
#modparam("proto_tls","private_key", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem") 
 # This line was generated automatically, after using the make 
menuconfig. It works very well.
#modparam("proto_tls","ca_list", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem") # 
This line was generated automatically, after using the make 
menuconfig. It works very well.



 modparam("proto_tls", "certificate", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") 
# I want to use the files generated by me, following the 
tutorial on how to set up TLS. No problem here.
 modparam("proto_tls", "private_key", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")   
  # File also generated by me, following the tutorial. ERROR here.  
What is the problem??
 modparam("proto_tls", "ca_list", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/r

Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

2015-07-28 Thread Rodrigo Pimenta Carvalho 
Hi Liviu.


I have just investigated a bit more about the issue.


The problem is related to the creation of the files (following the tutorial on 
page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1).
 There is no problem to read the files (read CAKey or cert files)

I have concluded it because I replaced the OpenSIPS certificate files by others 
that I had generated in 2014 using another tutorial.


Ok. I will open a GitHub ticket now.


We are working in a project that will have to use OpenSIPS 2.2. Do you know, in 
an average, how long does it take to have a new ticket solved and closed?


Thank you very much for pointing the way of opening a Github ticket!


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

De: users-boun...@lists.opensips.org  em nome 
de Liviu Chircu 
Enviado: terça-feira, 28 de julho de 2015 10:30
Para: users@lists.opensips.org
Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in 
OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

It's just a web portal, you can find it here [1]. Register a new account, open 
a new issue, describe/explain it as best as you can, and we'll do our best to 
have it fixed and buried! Many thanks!

[1]: 
https://github.com/OpenSIPS/opensips/issues?q=is%3Aopen+is%3Aissue+label%3Abug

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 15:56, Rodrigo Pimenta Carvalho wrote:

Hi Liviu.


Your hint has worked.

So, could you send me the instructions on how to open a GitHub ticket? I still 
don't know how to open this, because I'm new on Git.

While you send me the instructions, I will try to use old certificate files 
that I have since 2014, just to see if the issue is about reading or creating 
the files via OpenSIPS.


Many thanks.


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

De: users-boun...@lists.opensips.org 
 em 
nome de Liviu Chircu 
Enviado: terça-feira, 28 de julho de 2015 02:54
Para: users@lists.opensips.org
Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in 
OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

Could you try to decrypt the key manually (i.e. remove the passphrase), and use 
the resulting key in OpenSIPS? You can use the following example:


cp your_key your_key.bak
openssl rsa -in your_key -out new_key

If this works for you, could you please open a GitHub ticket? Many thanks!

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote:

Hi.


1 - I have read and followed all the instructions on page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1 . It is about how to 
set up TLS in OpenSIPS 2.1. Good tutorial for beginners. But, there is no 
tutorial for it in version 2.2

2 - I have read all the instructions from page 
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . This is the 
OpenSIPS TLS Module Guide.


3 - Considering all instructions I have learnt today, I wrote the following 
configuration:





loadmodule "proto_tls.so"

modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "0")
modparam("proto_tls","tls_method", "tlsv1")

#modparam("proto_tls","certificate", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")
# This line was generated automatically, after using the make menuconfig. It 
works very well.
#modparam("proto_tls","private_key", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")   # 
This line was generated automatically, after using the make menuconfig. It 
works very well.
#modparam("proto_tls","ca_list", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem")  
 # This line was generated automatically, after using the make menuconfig. 
It works very well.


 modparam("proto_tls", "certificate", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") 
   # I want to use the files generated by me, following the tutorial on how to 
set up TLS. No problem here.
 modparam("proto_tls", "private_key", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")# 
File also generated by me, following the tutorial. ERROR here.  What is the 
problem??
 modparam("proto_tls", "ca_list", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") 
 # I want to use the files generated by me, following the tutorial

Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

2015-07-28 Thread Liviu Chircu 

Hi Rodrigo,

It's just a web portal, you can find it here [1]. Register a new 
account, open a new issue, describe/explain it as best as you can, and 
we'll do our best to have it fixed and buried! Many thanks!


[1]: 
https://github.com/OpenSIPS/opensips/issues?q=is%3Aopen+is%3Aissue+label%3Abug


Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 15:56, Rodrigo Pimenta Carvalho wrote:


Hi Liviu.


Your hint has worked.

So, could you send me the instructions on how to open a GitHub ticket? 
I still don't know how to open this, because I'm new on Git.


While you send me the instructions, I will try to use old certificate 
files that I have since 2014, just to see if the issue is about 
reading or creating the files via OpenSIPS.



Many thanks.


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

*De:* users-boun...@lists.opensips.org 
 em nome de Liviu Chircu 


*Enviado:* terça-feira, 28 de julho de 2015 02:54
*Para:* users@lists.opensips.org
*Assunto:* Re: [OpenSIPS-Users] Unable to load my private key file 
(TLS) in OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

Could you try to decrypt the key manually (i.e. remove the 
passphrase), and use the resulting key in OpenSIPS? You can use the 
following example:


cp your_keyyour_key.bak
openssl rsa -inyour_key  -out new_key
If this works for you, could you please open a GitHub ticket? Many thanks!

Best regards,
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote:


Hi.


1 - I have read and followed all the instructions on page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1 
 . It is 
about how to set up TLS in OpenSIPS 2.1. Good tutorial for beginners. 
But, there is no tutorial for it in version 2.2


2 - I have read all the instructions from page 
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . This 
is the OpenSIPS TLS Module Guide.



3 - Considering all instructions I have learnt today, I wrote the 
following configuration:






loadmodule "proto_tls.so"

modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "0")
modparam("proto_tls","tls_method", "tlsv1")

#modparam("proto_tls","certificate", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem") 
   # This line was generated automatically, after using the make 
menuconfig. It works very well.
#modparam("proto_tls","private_key", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")   
   # This line was generated automatically, after using the make 
menuconfig. It works very well.
#modparam("proto_tls","ca_list", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem") # 
This line was generated automatically, after using the make 
menuconfig. It works very well.



 modparam("proto_tls", "certificate", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem")   
  # I want to use the files generated by me, following the tutorial 
on how to set up TLS. No problem here.
 modparam("proto_tls", "private_key", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")   
  # File also generated by me, following the tutorial. ERROR here.  
What is the problem??
 modparam("proto_tls", "ca_list", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") # I want to 
use the files generated by me, following the tutorial on how to set 
up TLS. No problem here.
 modparam("proto_tls", "ca_dir", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/") 
  # I want to use the files generated by me, following the tutorial 
on how to set up TLS. No problem here.






4. All paths I'm using in such configuration are real and correct.


5. When I try to run the OpenSIPS, I always got the erro:


Jul 27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling 
compression due ZLIB problems


...

...

Enter passphrase for 
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:
Jul 27 18:02:02 [13783] ERROR:proto_tls:load_private_key: unable to 
load private key file 
'/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.



So, the file cakey.pem cann't be loaded. But, I'm running the 
OpenSIPS as a superuser.




What should I check in my files to verify whether  I have made some 
mistake?


To follow the tutorial for version 2.1 and to use the version 2.2 can 
cause troubles? I tutorial I see "TLSv1" and in the module guide I 
see "tlsv1". Is the script ca

Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

2015-07-28 Thread Rodrigo Pimenta Carvalho 
Hi Liviu.


Your hint has worked.

So, could you send me the instructions on how to open a GitHub ticket? I still 
don't know how to open this, because I'm new on Git.

While you send me the instructions, I will try to use old certificate files 
that I have since 2014, just to see if the issue is about reading or creating 
the files via OpenSIPS.


Many thanks.


RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

De: users-boun...@lists.opensips.org  em nome 
de Liviu Chircu 
Enviado: terça-feira, 28 de julho de 2015 02:54
Para: users@lists.opensips.org
Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in 
OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

Could you try to decrypt the key manually (i.e. remove the passphrase), and use 
the resulting key in OpenSIPS? You can use the following example:


cp your_key your_key.bak
openssl rsa -in your_key -out new_key

If this works for you, could you please open a GitHub ticket? Many thanks!

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote:

Hi.


1 - I have read and followed all the instructions on page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1 . It is about how to 
set up TLS in OpenSIPS 2.1. Good tutorial for beginners. But, there is no 
tutorial for it in version 2.2

2 - I have read all the instructions from page 
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . This is the 
OpenSIPS TLS Module Guide.


3 - Considering all instructions I have learnt today, I wrote the following 
configuration:





loadmodule "proto_tls.so"

modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "0")
modparam("proto_tls","tls_method", "tlsv1")

#modparam("proto_tls","certificate", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")
# This line was generated automatically, after using the make menuconfig. It 
works very well.
#modparam("proto_tls","private_key", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")   # 
This line was generated automatically, after using the make menuconfig. It 
works very well.
#modparam("proto_tls","ca_list", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem")  
 # This line was generated automatically, after using the make menuconfig. 
It works very well.


 modparam("proto_tls", "certificate", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") 
   # I want to use the files generated by me, following the tutorial on how to 
set up TLS. No problem here.
 modparam("proto_tls", "private_key", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")# 
File also generated by me, following the tutorial. ERROR here.  What is the 
problem??
 modparam("proto_tls", "ca_list", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") 
 # I want to use the files generated by me, following the tutorial on 
how to set up TLS. No problem here.
 modparam("proto_tls", "ca_dir", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/")  
# I want to use the files 
generated by me, following the tutorial on how to set up TLS. No problem here.





4. All paths I'm using in such configuration are real and correct.


5. When I try to run the OpenSIPS, I always got the erro:


Jul 27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling compression due 
ZLIB problems

...

...

Enter passphrase for 
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:
Jul 27 18:02:02 [13783] ERROR:proto_tls:load_private_key: unable to load 
private key file '/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.


So, the file cakey.pem cann't be loaded. But, I'm running the OpenSIPS as a 
superuser.



What should I check in my files to verify whether  I have made some mistake?

To follow the tutorial for version 2.1 and to use the version 2.2 can cause 
troubles? I tutorial I see "TLSv1" and in the module guide I see "tlsv1". Is 
the script case sensitive?


The issued file is: -rw--- 1 root root 1834 Jul 24 14:54 
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem. Can it be owned by 
root user, or must be another one?


I have just googled this case and I found same problem for people who was using 
wrong key file, which I think is not my case.


Any hint will be very helpful!


Thanks a lot!



RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 9

Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in OpenSIPS 2.2. What should I check? Default example worked.

2015-07-28 Thread Rodrigo Pimenta Carvalho 
Hi Liviu.


Thank you very much for the reply.


So, I will investigate about the 'issue' with the passphrase rigth now.

I also have another files (CA, keys, etc) that I had generated last year by 
following a tutorial from the software RabbitMQ. I will try those files too.

I will let you know about the results.


Best regards.




RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979

De: users-boun...@lists.opensips.org  em nome 
de Liviu Chircu 
Enviado: terça-feira, 28 de julho de 2015 02:54
Para: users@lists.opensips.org
Assunto: Re: [OpenSIPS-Users] Unable to load my private key file (TLS) in 
OpenSIPS 2.2. What should I check? Default example worked.

Hi Rodrigo,

Could you try to decrypt the key manually (i.e. remove the passphrase), and use 
the resulting key in OpenSIPS? You can use the following example:


cp your_key your_key.bak
openssl rsa -in your_key -out new_key

If this works for you, could you please open a GitHub ticket? Many thanks!

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 28.07.2015 00:34, Rodrigo Pimenta Carvalho wrote:

Hi.


1 - I have read and followed all the instructions on page 
http://www.opensips.org/Documentation/Tutorials-TLS-2-1 . It is about how to 
set up TLS in OpenSIPS 2.1. Good tutorial for beginners. But, there is no 
tutorial for it in version 2.2

2 - I have read all the instructions from page 
http://www.opensips.org/html/docs/modules/2.2.x/proto_tls.html . This is the 
OpenSIPS TLS Module Guide.


3 - Considering all instructions I have learnt today, I wrote the following 
configuration:





loadmodule "proto_tls.so"

modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "0")
modparam("proto_tls","tls_method", "tlsv1")

#modparam("proto_tls","certificate", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem")
# This line was generated automatically, after using the make menuconfig. It 
works very well.
#modparam("proto_tls","private_key", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem")   # 
This line was generated automatically, after using the make menuconfig. It 
works very well.
#modparam("proto_tls","ca_list", 
"/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem")  
 # This line was generated automatically, after using the make menuconfig. 
It works very well.


 modparam("proto_tls", "certificate", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") 
   # I want to use the files generated by me, following the tutorial on how to 
set up TLS. No problem here.
 modparam("proto_tls", "private_key", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem")# 
File also generated by me, following the tutorial. ERROR here.  What is the 
problem??
 modparam("proto_tls", "ca_list", 
"/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/cacert.pem") 
 # I want to use the files generated by me, following the tutorial on 
how to set up TLS. No problem here.
 modparam("proto_tls", "ca_dir", "/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/")  
# I want to use the files 
generated by me, following the tutorial on how to set up TLS. No problem here.





4. All paths I'm using in such configuration are real and correct.


5. When I try to run the OpenSIPS, I always got the erro:


Jul 27 18:02:02 [13783] WARNING:proto_tls:mod_init: disabling compression due 
ZLIB problems

...

...

Enter passphrase for 
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem:
Jul 27 18:02:02 [13783] ERROR:proto_tls:load_private_key: unable to load 
private key file '/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem'.


So, the file cakey.pem cann't be loaded. But, I'm running the OpenSIPS as a 
superuser.



What should I check in my files to verify whether  I have made some mistake?

To follow the tutorial for version 2.1 and to use the version 2.2 can cause 
troubles? I tutorial I see "TLSv1" and in the module guide I see "tlsv1". Is 
the script case sensitive?


The issued file is: -rw--- 1 root root 1834 Jul 24 14:54 
/home/pimenta/SISC/TLS/tls_cnf/tls/rootCA/private/cakey.pem. Can it be owned by 
root user, or must be another one?


I have just googled this case and I found same problem for people who was using 
wrong key file, which I think is not my case.


Any hint will be very helpful!


Thanks a lot!



RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979