[OpenSIPS-Users] OpenSIPS 3- TLS MGM unable to get local issuer certificate [error=20]
Hey guys, I am struggling to make OpenSIPS 3 work with TLS. I tried various different ways to make this work but getting the same errors. SSL certs are generated via let's encrypt. Here is my config for tls_mgm module - TLS Management Module loadmodule "tls_mgm.so" # Server defination modparam("tls_mgm", "server_domain", "voip.securevoip.io") modparam("tls_mgm", "match_ip_address", "[voip.securevoip.io]155.138.204.212:5061") modparam("tls_mgm", "match_sip_domain", "[voip.securevoip.io]*") modparam("tls_mgm", "ca_dir", "[voip.securevoip.io]/usr/local/etc/opensips/tls/") modparam("tls_mgm","verify_cert", "[voip.securevoip.io]1") modparam("tls_mgm","require_cert", "[voip.securevoip.io]1") modparam("tls_mgm","tls_method", "[voip.securevoip.io]TLSv1_2") modparam("tls_mgm","certificate", "[voip.securevoip.io]/usr/local/etc/opensips/tls/cert.pem") modparam("tls_mgm","private_key", "[voip.securevoip.io]/usr/local/etc/opensips/tls/privkey.pem") modparam("tls_mgm","ca_list", "[voip.securevoip.io]/usr/local/etc/opensips/tls/fullchain.pem") modparam("tls_mgm", "tls_handshake_timeout", 300) # Client domain defination modparam("tls_mgm", "client_domain", "securevoip.io") modparam("tls_mgm", "match_ip_address", "[securevoip.io]*") modparam("tls_mgm", "match_sip_domain", "[securevoip.io]*") modparam("tls_mgm", "ca_dir", "[securevoip.io]/usr/local/etc/opensips/tls/") modparam("tls_mgm","verify_cert", "[securevoip.io]1") modparam("tls_mgm","require_cert", "[securevoip.io]1") modparam("tls_mgm","tls_method", "[securevoip.io]TLSv1_2") modparam("tls_mgm","certificate", "[securevoip.io]/usr/local/etc/opensips/tls/cert.pem") modparam("tls_mgm","private_key", "[securevoip.io]/usr/local/etc/opensips/tls/privkey.pem") I am getting these erros - Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: NOTICE:tls_mgm:verify_callback: depth = 1, verify failure Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: NOTICE:tls_mgm:verify_callback: subject = /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 4 Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: NOTICE:tls_mgm:verify_callback: issuer = /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: NOTICE:tls_mgm:verify_callback: verify error: unable to get local issuer certificate [error=20] Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: ERROR:proto_tls:tls_connect: New TLS connection to 52.114.132.46:5061 failed Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: ERROR:proto_tls:tls_connect: TLS error: 1 (ret=-1) err=Success(0) Feb 22 02:25:26 opensips3-SBC /usr/local/sbin/opensips[1538]: ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1416F086:SSL routines:tls_process_server_certificate:certificate verif I would really appreciate if someone can help me out here. Thank you___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] UAC Auth from database
Hi Razvan, Great! Thanks for answering this and my other question! ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] lua_exec in local_route
Done. Feature request: #1980 On 21.02.20 12:10, Vlad Patrascu wrote: Hi Johan, There is no workaround unfortunately so indeed you should open a feature request for this. Regards, Vlad Patrascu OpenSIPS Developer http://www.opensips-solutions.com On 2/21/20 12:48 PM, johan wrote: Hello, when I use lua_exec in local_route, I have below error: Feb 21 10:31:26 hendrix opensips[26811]: Not starting opensips: invalid configuration file! Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] Traceback (last included file at the bottom): Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] 0. /data/opensips/etc/opensips/opensips.cfg Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] CRITICAL:core:yyerror: parse error in /data/opensips/etc/opensips/opensips.cfg:1165:23-24: Command cannot be used in the block Context: when I receive an sms in ucs2, proto_smpp returns the message in utf16 big endian. I need to to convert this to utf8. You find the body in local_route as the message is created by tm. Therefore I thought to do the decoding using lua. so I assume that lua_exec is there forbidden. If this is true, should I open a feature request to add this functionality or is there a workaround ? BR, Johan. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] lua_exec in local_route
Hi Johan, There is no workaround unfortunately so indeed you should open a feature request for this. Regards, Vlad Patrascu OpenSIPS Developer http://www.opensips-solutions.com On 2/21/20 12:48 PM, johan wrote: Hello, when I use lua_exec in local_route, I have below error: Feb 21 10:31:26 hendrix opensips[26811]: Not starting opensips: invalid configuration file! Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] Traceback (last included file at the bottom): Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] 0. /data/opensips/etc/opensips/opensips.cfg Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] CRITICAL:core:yyerror: parse error in /data/opensips/etc/opensips/opensips.cfg:1165:23-24: Command cannot be used in the block Context: when I receive an sms in ucs2, proto_smpp returns the message in utf16 big endian. I need to to convert this to utf8. You find the body in local_route as the message is created by tm. Therefore I thought to do the decoding using lua. so I assume that lua_exec is there forbidden. If this is true, should I open a feature request to add this functionality or is there a workaround ? BR, Johan. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] lua_exec in local_route
Hello, when I use lua_exec in local_route, I have below error: Feb 21 10:31:26 hendrix opensips[26811]: Not starting opensips: invalid configuration file! Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] Traceback (last included file at the bottom): Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] 0. /data/opensips/etc/opensips/opensips.cfg Feb 21 10:31:26 hendrix opensips[26811]: Feb 21 10:31:26 [26823] CRITICAL:core:yyerror: parse error in /data/opensips/etc/opensips/opensips.cfg:1165:23-24: Command cannot be used in the block Context: when I receive an sms in ucs2, proto_smpp returns the message in utf16 big endian. I need to to convert this to utf8. You find the body in local_route as the message is created by tm. Therefore I thought to do the decoding using lua. so I assume that lua_exec is there forbidden. If this is true, should I open a feature request to add this functionality or is there a workaround ? BR, Johan. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips-head does not compile.
Yeah, you are right. I copy over Mak*. Will regenerate. On 21.02.20 10:34, Liviu Chircu wrote: On 21.02.2020 10:59, johan wrote: using the latest source on github master branch, the compilation gives below error: make[2]: Entering directory '/usr/src/opensips-head-new/modules/uuid' Compiling uuid.c uuid.c:26:23: fatal error: uuid/uuid.h: No such file or directory #include Hi, Johan! I can only assume you haven't re-generated your Makefile.conf from the Makefile.conf.template in a while, as the uuid module has been excluded from compilation by default ~9 months ago [1], since it relies on the "uuid-dev" package / development library (Debian). Best regards, [1]: https://github.com/OpenSIPS/opensips/commit/f2588cae ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] opensips-head does not compile.
On 21.02.2020 10:59, johan wrote: using the latest source on github master branch, the compilation gives below error: make[2]: Entering directory '/usr/src/opensips-head-new/modules/uuid' Compiling uuid.c uuid.c:26:23: fatal error: uuid/uuid.h: No such file or directory #include Hi, Johan! I can only assume you haven't re-generated your Makefile.conf from the Makefile.conf.template in a while, as the uuid module has been excluded from compilation by default ~9 months ago [1], since it relies on the "uuid-dev" package / development library (Debian). Best regards, [1]: https://github.com/OpenSIPS/opensips/commit/f2588cae -- Liviu Chircu www.twitter.com/liviuchircu | www.opensips-solutions.com OpenSIPS Summit, Amsterdam, May 2020 www.opensips.org/events OpenSIPS Bootcamp, Miami, March 2020 www.opensips.org/training ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] opensips-head does not compile.
Hello, using the latest source on github master branch, the compilation gives below error: make[2]: Entering directory '/usr/src/opensips-head-new/modules/uuid' Compiling uuid.c uuid.c:26:23: fatal error: uuid/uuid.h: No such file or directory #include ^ compilation terminated. ../../Makefile.rules:25: recipe for target 'uuid.o' failed make[2]: *** [uuid.o] Error 1 make[2]: Leaving directory '/usr/src/opensips-head-new/modules/uuid' Makefile:197: recipe for target 'modules' failed make[1]: *** [modules] Error 2 make[1]: Leaving directory '/usr/src/opensips-head-new' BR, ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users