date:20220525

Re: [OpenSIPS-Users] TLS Error

2022-05-25 Thread Bogdan-Andrei Iancu


Hi Wang,

A quick googling shows that the problem is with your certificate, being 
md5 signed - and this is considered a week signature. Check this

https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 5/23/22 5:40 AM, Wang Wilson wrote:


This is my folder user rights status, and I am running Opensips3.1 
under root userprivilege.


root@wilson-VirtualBox:/etc/opensips/tls/user# ls -lrth 
/etc/opensips/tls/user


total 20K

-rw--- 1 root root 1.7K 5月  23 10:34 user-privkey.pem

-rw-r--r-- 1 root root 1.1K 5月  23 10:34 user-cert_req.pem

-rw-r--r-- 1 root root 4.2K 5月  23 10:34 user-cert.pem

-rw-r--r-- 1 root root 1.3K 5月  23 10:34 user-calist.pem

root@wilson-VirtualBox:/etc/opensips/tls/user#

Can you tell if there is anything need to pay attention?

Regards

Wilson


*From:* Users  on behalf of ideanet 
help 

*Sent:* Monday, May 23, 2022 6:53:41 AM
*To:* OpenSIPS users mailling list 
*Subject:* Re: [OpenSIPS-Users] TLS Error
Hi Wang,
Can you check the user rights of that directory? ls -lrth 
/etc/opensips/tls/user



On Mon, May 23, 2022 at 3:10 AM Wang Wilson > wrote:


Hello,

I am sending this to follow the issue that was reported on /Sep 17
13:13:06 EST 2020./

My problem is that I get the same error message, but the path to
/etc/opensips/tls/user/user-cert.pem is correct and it is not
symlink file.

I just start to explore the TLS method for us to support SIP
service. What could be the reason for this？

Thanks in advance.

Regards

Wilson


--

INFO:core:mod_init: initializing TCP-plain protocol

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init:
initializing TLS management

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init:
disabling compression due ZLIB problems

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
INFO:tls_mgm:init_tls_dom: Processing TLS domain 'default'

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
NOTICE:tls_mgm:init_tls_dom: No EC curve defined

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification
activated. Client certificates are NOT mandatory.

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined,
using default '/etc/pki/CA/'

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
ERROR:tls_mgm:load_certificate: unable to load certificate file
'/etc/opensips/tls/user/user-cert.pem'

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]:
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default'

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]: ERROR:core:init_mod:
failed to initialize module tls_mgm

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]: ERROR:core:main: error
while initializing modules

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]: INFO:core:cleanup: cleanup

May 22 22:32:45 wilson-VirtualBox
/usr/local/opensips/sbin/opensips[7437]: NOTICE:core:main: Exiting

___
Users mailing list
Users@lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] no TLS client domain found error

2022-05-25 Thread Bogdan-Andrei Iancu


Hi Jehanzaib,

For now, to get rid of that issue, just disable the tls_async in your cfg:
https://opensips.org/html/docs/modules/3.2.x/proto_tls.html#param_tls_async

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 5/21/22 5:21 AM, Jehanzaib Younis wrote:

Thank you, Ovidiu.
I Just posted my logs on github.

Regards,
Jehanzaib


On Fri, May 20, 2022 at 3:02 AM Ovidiu Sas > wrote:


Set the log_level parameter to 4 and restart opensips. Once the
error occurs, collect all the logs from the start (from syslog)
and send them to Razvan.
There’s bug tracking this issue:
https://github.com/OpenSIPS/opensips/issues/2724


For compiling tls_wolfssl, try from a clean clone.

-ovidiu

On Thu, May 19, 2022 at 08:08 Jehanzaib Younis
mailto:jehanzaib.ki...@gmail.com>> wrote:

Thanks Ovidiu,
I just checked the source code, the same bug is also present
in the opensips-3.2.6 branch. I have another issue with 3.2.6.
I am not able to compile tls_wolfssl. No issue with 3.3 though.
Now I need to check what is causing this.
I am getting the following error:

make[1]: Entering directory
`/usr/src/opensips-3.2/modules/tls_wolfssl'
configure: WARNING: unrecognized options: --disable-shared,
--enable-static
checking whether make supports nested variables... (cached) yes
./configure: line 5259: syntax error near unexpected token `2.4.2'
./configure: line 5259: `LT_PREREQ(2.4.2)'
make[1]: *** [lib/lib/libwolfssl.a] Error 2



Regards,
Jehanzaib


On Thu, May 19, 2022 at 1:35 AM Ovidiu Sas
mailto:o...@voipembedded.com>> wrote:

Please upgrade to the latest version and see if the error
persists. If yes, please run the server in debug mode and
save the logs so this issue can be investigated properly.

Thanks,
Ovidiu

On Wed, May 18, 2022 at 09:02 Jehanzaib Younis
mailto:jehanzaib.ki...@gmail.com>> wrote:

Thank you Bogdan,
That helped a lot. As you mentioned I need to start
only with server_domain or client_domain.
Now I changed my config a bit as shown below:
 (WebRTC) Client
modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
modparam("tls_mgm", "certificate",

"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
modparam("tls_mgm", "private_key",

"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
modparam("tls_mgm", "ca_list",

"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
modparam("tls_mgm", "ca_dir",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
modparam("tls_mgm", "tls_method",
"[sip.mywebphone.xx]SSLv23")
modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
modparam("tls_mgm", "require_cert",
"[sip.mywebphone.xx]1")

### This is for MS-Teams direct route
modparam("tls_mgm", "client_domain",
"dom1.formsteams.com ")
modparam("tls_mgm", "certificate",
"[dom1.formsteams.com

]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem
")
modparam("tls_mgm", "private_key",
"[dom1.formsteams.com

]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem
")
modparam("tls_mgm", "ca_list", "[dom1.formsteams.com

]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem
")
modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com

]/etc/letsencrypt/live/dom1.formsteams.com
")
modparam("tls_mgm", "tls_method",
"[dom1.formsteams.com
]SSLv23")
modparam("tls_mgm", "verify_cert",
"[dom1.formsteams.com ]1")
modparam("tls_mgm", "require_cert",
"[dom1.formsteams.com ]1")
modparam("tls_mgm", "client_sip_domain_avp"

Re: [OpenSIPS-Users] SQL Cacher+Galera Cluster

2022-05-25 Thread Bogdan-Andrei Iancu


Hi Mehdi,

Just rely on the auto-reloading
https://opensips.org/html/docs/modules/3.2.x/sql_cacher.html#param_reload_interval

Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 5/18/22 9:32 PM, Mehdi Shirazi wrote:

Hi
I plan to use SQL Cacher with Galera Cluster. After a record changes I 
want to update the cache. Using standard triggers in mariadb is not 
possible to run opensips-cli commands.

Please tell me your suggestions for the best approach.

Regards
M.Shirazi

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] TLS Error

2022-05-25 Thread Wang Wilson

Dear Bogdan-Andrei Iancu,

Thank you for the reply.

In fact I re-do the CA generation by following the Opensips TLS setting 
document (https://opensips.org/html/docs/tutorials/tls-1.4.x). From the 
request.conf I confirm that “default_md” is set to “sha1”. After I recopy the 
tls folder to the location /etc/opensips/tls and restart opensips service, it 
still shows the error message.

As for the log message, I like to check with you, if the previous three tls_mgm 
notice which tell some strange message that create such problem?

Regards
Wilson Wang

May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: 
NOTICE:tls_mgm:init_tls_dom: No EC curve defined
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: 
INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client 
certificates are NOT mandatory.
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: 
NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined, using default 
'/etc/pki/CA/'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: 
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: 
ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL 
routines:SSL_CTX_use_certificate:ca md too weak
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: 
ERROR:tls_mgm:load_certificate: unable to load certificate file 
'/etc/opensips/tls/user/user-cert.pem'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: 
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default'
May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: 
ERROR:core:init_mod: failed to initialize module tls_mgm


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] TLS Error

Re: [OpenSIPS-Users] no TLS client domain found error

Re: [OpenSIPS-Users] SQL Cacher+Galera Cluster

Re: [OpenSIPS-Users] TLS Error

4 matches

Site Navigation

Mail list logo

Footer information