[OpenSIPS-Users] OpenSIPS 3- TLS MGM unable to get local issuer certificate [error=20]
Hey guys,
I am struggling to make OpenSIPS 3 work with TLS. I tried various different
ways to make this work but getting the same errors. SSL certs are generated via
let's encrypt. Here is my config for tls_mgm module -
TLS Management Module
loadmodule "tls_mgm.so"
# Server defination
modparam("tls_mgm", "server_domain", "voip.securevoip.io")
modparam("tls_mgm", "match_ip_address",
"[voip.securevoip.io]155.138.204.212:5061")
modparam("tls_mgm", "match_sip_domain", "[voip.securevoip.io]*")
modparam("tls_mgm", "ca_dir",
"[voip.securevoip.io]/usr/local/etc/opensips/tls/")
modparam("tls_mgm","verify_cert", "[voip.securevoip.io]1")
modparam("tls_mgm","require_cert", "[voip.securevoip.io]1")
modparam("tls_mgm","tls_method", "[voip.securevoip.io]TLSv1_2")
modparam("tls_mgm","certificate",
"[voip.securevoip.io]/usr/local/etc/opensips/tls/cert.pem")
modparam("tls_mgm","private_key",
"[voip.securevoip.io]/usr/local/etc/opensips/tls/privkey.pem")
modparam("tls_mgm","ca_list",
"[voip.securevoip.io]/usr/local/etc/opensips/tls/fullchain.pem")
modparam("tls_mgm", "tls_handshake_timeout", 300)
# Client domain defination
modparam("tls_mgm", "client_domain", "securevoip.io")
modparam("tls_mgm", "match_ip_address", "[securevoip.io]*")
modparam("tls_mgm", "match_sip_domain", "[securevoip.io]*")
modparam("tls_mgm", "ca_dir", "[securevoip.io]/usr/local/etc/opensips/tls/")
modparam("tls_mgm","verify_cert", "[securevoip.io]1")
modparam("tls_mgm","require_cert", "[securevoip.io]1")
modparam("tls_mgm","tls_method", "[securevoip.io]TLSv1_2")
modparam("tls_mgm","certificate",
"[securevoip.io]/usr/local/etc/opensips/tls/cert.pem")
modparam("tls_mgm","private_key",
"[securevoip.io]/usr/local/etc/opensips/tls/privkey.pem")
I am getting these erros -
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
NOTICE:tls_mgm:verify_callback: depth = 1, verify failure
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
NOTICE:tls_mgm:verify_callback: subject =
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft
IT/CN=Microsoft IT TLS CA 4
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
NOTICE:tls_mgm:verify_callback: issuer =
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
NOTICE:tls_mgm:verify_callback: verify error: unable to get local issuer
certificate [error=20]
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
ERROR:proto_tls:tls_connect: New TLS connection to 52.114.132.46:5061 failed
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
ERROR:proto_tls:tls_connect: TLS error: 1 (ret=-1) err=Success(0)
Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]:
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verif
I would really appreciate if someone can help me out here.
Thank you___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] UAC Auth from database
Hi Razvan, Great! Thanks for answering this and my other question! ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] lua_exec in local_route
Done. Feature request: #1980 On 21.02.20 12:10, Vlad Patrascu wrote: Hi Johan, There is no workaround unfortunately so indeed you should open a feature request for this. Regards, Vlad Patrascu OpenSIPS Developer http://www.opensips-solutions.com On 2/21/20 12:48 PM, johan wrote: Hello, when I use lua_exec in local_route, I have below error: Feb 21 10:31:26 hendrix opensips[26811]: Not starting opensips: invalid configuration file! Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] Traceback (last included file at the bottom): Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] 0. /data/opensips/etc/opensips/opensips.cfg Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] CRITICAL:core:yyerror: parse error in /data/opensips/etc/opensips/opensips.cfg:1165:23-24: Command cannot be used in the block Context: when I receive an sms in ucs2, proto_smpp returns the message in utf16 big endian. I need to to convert this to utf8. You find the body in local_route as the message is created by tm. Therefore I thought to do the decoding using lua. so I assume that lua_exec is there forbidden. If this is true, should I open a feature request to add this functionality or is there a workaround ? BR, Johan. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] lua_exec in local_route
Hi Johan, There is no workaround unfortunately so indeed you should open a feature request for this. Regards, Vlad Patrascu OpenSIPS Developer http://www.opensips-solutions.com On 2/21/20 12:48 PM, johan wrote: Hello, when I use lua_exec in local_route, I have below error: Feb 21 10:31:26 hendrix opensips[26811]: Not starting opensips: invalid configuration file! Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] Traceback (last included file at the bottom): Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] 0. /data/opensips/etc/opensips/opensips.cfg Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] CRITICAL:core:yyerror: parse error in /data/opensips/etc/opensips/opensips.cfg:1165:23-24: Command cannot be used in the block Context: when I receive an sms in ucs2, proto_smpp returns the message in utf16 big endian. I need to to convert this to utf8. You find the body in local_route as the message is created by tm. Therefore I thought to do the decoding using lua. so I assume that lua_exec is there forbidden. If this is true, should I open a feature request to add this functionality or is there a workaround ? BR, Johan. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] lua_exec in local_route
Hello, when I use lua_exec in local_route, I have below error: Feb 21 10:31:26 hendrix opensips[26811]: Not starting opensips: invalid configuration file! Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] Traceback (last included file at the bottom): Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] 0. /data/opensips/etc/opensips/opensips.cfg Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] CRITICAL:core:yyerror: parse error in /data/opensips/etc/opensips/opensips.cfg:1165:23-24: Command cannot be used in the block Context: when I receive an sms in ucs2, proto_smpp returns the message in utf16 big endian. I need to to convert this to utf8. You find the body in local_route as the message is created by tm. Therefore I thought to do the decoding using lua. so I assume that lua_exec is there forbidden. If this is true, should I open a feature request to add this functionality or is there a workaround ? BR, Johan. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips-head does not compile.
Yeah, you are right. I copy over Mak*. Will regenerate. On 21.02.20 10:34, Liviu Chircu wrote: On 21.02.2020 10:59, johan wrote: using the latest source on github master branch, the compilation gives below error: make[2]: Entering directory '/usr/src/opensips-head-new/modules/uuid' Compiling uuid.c uuid.c:26:23: fatal error: uuid/uuid.h: No such file or directory #include Hi, Johan! I can only assume you haven't re-generated your Makefile.conf from the Makefile.conf.template in a while, as the uuid module has been excluded from compilation by default ~9 months ago [1], since it relies on the "uuid-dev" package / development library (Debian). Best regards, [1]: https://github.com/OpenSIPS/opensips/commit/f2588cae ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips-head does not compile.
On 21.02.2020 10:59, johan wrote: using the latest source on github master branch, the compilation gives below error: make[2]: Entering directory '/usr/src/opensips-head-new/modules/uuid' Compiling uuid.c uuid.c:26:23: fatal error: uuid/uuid.h: No such file or directory #include Hi, Johan! I can only assume you haven't re-generated your Makefile.conf from the Makefile.conf.template in a while, as the uuid module has been excluded from compilation by default ~9 months ago [1], since it relies on the "uuid-dev" package / development library (Debian). Best regards, [1]: https://github.com/OpenSIPS/opensips/commit/f2588cae -- Liviu Chircu www.twitter.com/liviuchircu | www.opensips-solutions.com OpenSIPS Summit, Amsterdam, May 2020 www.opensips.org/events OpenSIPS Bootcamp, Miami, March 2020 www.opensips.org/training ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] opensips-head does not compile.
Hello, using the latest source on github master branch, the compilation gives below error: make[2]: Entering directory '/usr/src/opensips-head-new/modules/uuid' Compiling uuid.c uuid.c:26:23: fatal error: uuid/uuid.h: No such file or directory #include ^ compilation terminated. ../../Makefile.rules:25: recipe for target 'uuid.o' failed make[2]: *** [uuid.o] Error 1 make[2]: Leaving directory '/usr/src/opensips-head-new/modules/uuid' Makefile:197: recipe for target 'modules' failed make[1]: *** [modules] Error 2 make[1]: Leaving directory '/usr/src/opensips-head-new' BR, ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
