Re: [OpenSIPS-Users] TLS Error
Dear Bogdan-Andrei Iancu, Thank you for the reply. In fact I re-do the CA generation by following the Opensips TLS setting document (https://opensips.org/html/docs/tutorials/tls-1.4.x). From the request.conf I confirm that “default_md” is set to “sha1”. After I recopy the tls folder to the location /etc/opensips/tls and restart opensips service, it still shows the error message. As for the log message, I like to check with you, if the previous three tls_mgm notice which tell some strange message that create such problem? Regards Wilson Wang May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client certificates are NOT mandatory. May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined, using default '/etc/pki/CA/' May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/etc/opensips/tls/user/user-cert.pem' May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default' May 26 11:49:23 wilson-VirtualBox /usr/local/opensips/sbin/opensips[5103]: ERROR:core:init_mod: failed to initialize module tls_mgm ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Hi Wang, A quick googling shows that the problem is with your certificate, being md5 signed - and this is considered a week signature. Check this https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Summit 27-30 Sept 2022, Athens https://www.opensips.org/events/Summit-2022Athens/ On 5/23/22 5:40 AM, Wang Wilson wrote: This is my folder user rights status, and I am running Opensips3.1 under root userprivilege. root@wilson-VirtualBox:/etc/opensips/tls/user# ls -lrth /etc/opensips/tls/user total 20K -rw--- 1 root root 1.7K 5月 23 10:34 user-privkey.pem -rw-r--r-- 1 root root 1.1K 5月 23 10:34 user-cert_req.pem -rw-r--r-- 1 root root 4.2K 5月 23 10:34 user-cert.pem -rw-r--r-- 1 root root 1.3K 5月 23 10:34 user-calist.pem root@wilson-VirtualBox:/etc/opensips/tls/user# Can you tell if there is anything need to pay attention? Regards Wilson *From:* Users on behalf of ideanet help *Sent:* Monday, May 23, 2022 6:53:41 AM *To:* OpenSIPS users mailling list *Subject:* Re: [OpenSIPS-Users] TLS Error Hi Wang, Can you check the user rights of that directory? ls -lrth /etc/opensips/tls/user On Mon, May 23, 2022 at 3:10 AM Wang Wilson <mailto:w...@hotmail.com>> wrote: Hello, I am sending this to follow the issue that was reported on /Sep 17 13:13:06 EST 2020./ My problem is that I get the same error message, but the path to /etc/opensips/tls/user/user-cert.pem is correct and it is not symlink file. I just start to explore the TLS method for us to support SIP service. What could be the reason for this? Thanks in advance. Regards Wilson -- INFO:core:mod_init: initializing TCP-plain protocol May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init: initializing TLS management May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init: disabling compression due ZLIB problems May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:init_tls_dom: Processing TLS domain 'default' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client certificates are NOT mandatory. May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined, using default '/etc/pki/CA/' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/etc/opensips/tls/user/user-cert.pem' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:core:init_mod: failed to initialize module tls_mgm May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:core:main: error while initializing modules May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:core:cleanup: cleanup May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:core:main: Exiting ___ Users mailing list Users@lists.opensips.org <mailto:Users@lists.opensips.org> http://lists.opensips.org/cgi-bin/mailman/listinfo/users <http://lists.opensips.org/cgi-bin/mailman/listinfo/users> ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
This is my folder user rights status, and I am running Opensips3.1 under root user privilege. root@wilson-VirtualBox:/etc/opensips/tls/user# ls -lrth /etc/opensips/tls/user total 20K -rw--- 1 root root 1.7K 5月 23 10:34 user-privkey.pem -rw-r--r-- 1 root root 1.1K 5月 23 10:34 user-cert_req.pem -rw-r--r-- 1 root root 4.2K 5月 23 10:34 user-cert.pem -rw-r--r-- 1 root root 1.3K 5月 23 10:34 user-calist.pem root@wilson-VirtualBox:/etc/opensips/tls/user# Can you tell if there is anything need to pay attention? Regards Wilson From: Users on behalf of ideanet help Sent: Monday, May 23, 2022 6:53:41 AM To: OpenSIPS users mailling list Subject: Re: [OpenSIPS-Users] TLS Error Hi Wang, Can you check the user rights of that directory? ls -lrth /etc/opensips/tls/user On Mon, May 23, 2022 at 3:10 AM Wang Wilson mailto:w...@hotmail.com>> wrote: Hello, I am sending this to follow the issue that was reported on Sep 17 13:13:06 EST 2020. My problem is that I get the same error message, but the path to /etc/opensips/tls/user/user-cert.pem is correct and it is not symlink file. I just start to explore the TLS method for us to support SIP service. What could be the reason for this? Thanks in advance. Regards Wilson -- INFO:core:mod_init: initializing TCP-plain protocol May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init: initializing TLS management May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init: disabling compression due ZLIB problems May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:init_tls_dom: Processing TLS domain 'default' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client certificates are NOT mandatory. May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined, using default '/etc/pki/CA/' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/etc/opensips/tls/user/user-cert.pem' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:core:init_mod: failed to initialize module tls_mgm May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:core:main: error while initializing modules May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:core:cleanup: cleanup May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:core:main: Exiting ___ Users mailing list Users@lists.opensips.org<mailto:Users@lists.opensips.org> http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Hi Wang, Can you check the user rights of that directory? ls -lrth /etc/opensips/tls/user On Mon, May 23, 2022 at 3:10 AM Wang Wilson wrote: > Hello, > > I am sending this to follow the issue that was reported on *Sep 17 > 13:13:06 EST 2020.* > > > > My problem is that I get the same error message, but the path to > /etc/opensips/tls/user/user-cert.pem is correct and it is not symlink file. > > > > I just start to explore the TLS method for us to support SIP service. What > could be the reason for this? > > > > Thanks in advance. > > > > Regards > > Wilson > > > -- > > INFO:core:mod_init: initializing TCP-plain protocol > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > INFO:tls_mgm:mod_init: initializing TLS management > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > INFO:tls_mgm:mod_init: disabling compression due ZLIB problems > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'default' > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > NOTICE:tls_mgm:init_tls_dom: No EC curve defined > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client > certificates are NOT mandatory. > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined, using > default '/etc/pki/CA/' > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL > routines:SSL_CTX_use_certificate:ca md too weak > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > ERROR:tls_mgm:load_certificate: unable to load certificate file > '/etc/opensips/tls/user/user-cert.pem' > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default' > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > ERROR:core:init_mod: failed to initialize module tls_mgm > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > ERROR:core:main: error while initializing modules > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > INFO:core:cleanup: cleanup > > May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: > NOTICE:core:main: Exiting > > > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Hello, I am sending this to follow the issue that was reported on Sep 17 13:13:06 EST 2020. My problem is that I get the same error message, but the path to /etc/opensips/tls/user/user-cert.pem is correct and it is not symlink file. I just start to explore the TLS method for us to support SIP service. What could be the reason for this? Thanks in advance. Regards Wilson -- INFO:core:mod_init: initializing TCP-plain protocol May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init: initializing TLS management May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init: disabling compression due ZLIB problems May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:init_tls_dom: Processing TLS domain 'default' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: No EC curve defined May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client certificates are NOT mandatory. May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined, using default '/etc/pki/CA/' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:load_certificate: unable to load certificate file '/etc/opensips/tls/user/user-cert.pem' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default' May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:core:init_mod: failed to initialize module tls_mgm May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: ERROR:core:main: error while initializing modules May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: INFO:core:cleanup: cleanup May 22 22:32:45 wilson-VirtualBox /usr/local/opensips/sbin/opensips[7437]: NOTICE:core:main: Exiting ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Thanks, i fixed the issue by putting them in /etc/opensips/tls
On Thu, Sep 17, 2020 at 4:24 PM Tomi Hakkarainen wrote:
> Hi,
> I have had the same.
> look at the directory/ file rights on the lets encrypt path. The user
> trying to access cannot access the file because there is something missing
> on the path...
>
> I cant remenber which it was...
> If you are using certbot or similar to create those automatic should be
> resolved or should make some post operation after cert generation to copy
> those to opensips folder...
>
> Tomi
>
> On 17. Sep 2020, at 16.51, John Matich wrote:
>
>
> Copy the certs into /etc/opensips/tls/ it doesn't seem to like the
> symlinked certs of letsencrypt
>
> That fixed it for me when I had the same issue.
>
> On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
>
> yes but why as that path is correct
> and permissions etc are all fine
>
> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq wrote:
>
> it seems to me that it can't load your certificate.
>
> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin >:
>
> Hi Guys
>
> I am trying to get tls to work but getting some errors.
> i am using letsencrypt and opensips 3.1
>
> my config is
>
> loadmodule "proto_tls.so"
>
>
> loadmodule "tls_mgm.so"
>
>
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
>
> modparam("tls_mgm", "server_domain", "dom1")
>
> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>
> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>
>
>
> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>
> modparam("tls_mgm", "verify_cert", "[dom1]1")
>
> modparam("tls_mgm", "require_cert", "[dom1]1")
>
> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/privkey.pem")
>
> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk
> ")
>
>
>
> but i get this error
>
>
>
> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom:
> Processing TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client
> certificates are mandatory.
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> ERROR:tls_mgm:load_certificate: unable to load certificate file
> '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod:
> failed to initialize module tls_mgm
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
> while initializing modules
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
> Exiting
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> ___
>
> Users mailing list
>
> Users@lists.opensips.org
>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Hi,
I have had the same.
look at the directory/ file rights on the lets encrypt path. The user trying to
access cannot access the file because there is something missing on the path...
I cant remenber which it was...
If you are using certbot or similar to create those automatic should be
resolved or should make some post operation after cert generation to copy those
to opensips folder...
Tomi
On 17. Sep 2020, at 16.51, John Matich wrote:
Copy the certs into /etc/opensips/tls/ it doesn't seem to like the
symlinked certs of letsencrypt
That fixed it for me when I had the same issue.
> On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
> yes but why as that path is correct
> and permissions etc are all fine
>
>> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq wrote:
>> it seems to me that it can't load your certificate.
>>
>> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin :
>>> Hi Guys
>>>
>>> I am trying to get tls to work but getting some errors.
>>> i am using letsencrypt and opensips 3.1
>>>
>>> my config is
>>>
>>> loadmodule "proto_tls.so"
>>>
>>> loadmodule "tls_mgm.so"
>>>
>>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>>>
>>> modparam("tls_mgm", "server_domain", "dom1")
>>> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>>> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>>>
>>>
>>> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>>> modparam("tls_mgm", "verify_cert", "[dom1]1")
>>> modparam("tls_mgm", "require_cert", "[dom1]1")
>>> modparam("tls_mgm", "certificate",
>>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
>>> modparam("tls_mgm", "private_key",
>>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/privkey.pem")
>>> modparam("tls_mgm", "ca_list",
>>> "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
>>> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk")
>>>
>>>
>>> but i get this error
>>>
>>>
>>> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom:
>>> Processing TLS domain 'dom1'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client
>>> certificates are mandatory.
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> ERROR:tls_mgm:load_certificate: unable to load certificate file
>>> '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>>> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod: failed
>>> to initialize module tls_mgm
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
>>> while initializing modules
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
>>> Exiting
>>> ___
>>> Users mailing list
>>> Users@lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> ___
> Users mailing list
> Users@lists.opensips.org
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Thanks
Do i just create a folder tls in /etc/opensips and copy them in?
Also what did you use for ca_list?
On Thursday, September 17, 2020, John Matich wrote:
> Copy the certs into /etc/opensips/tls/ it doesn't seem to like the
> symlinked certs of letsencrypt
>
> That fixed it for me when I had the same issue.
>
> On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
>
> yes but why as that path is correct
> and permissions etc are all fine
>
> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq wrote:
>
> it seems to me that it can't load your certificate.
>
> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin >:
>
> Hi Guys
>
> I am trying to get tls to work but getting some errors.
> i am using letsencrypt and opensips 3.1
>
> my config is
>
> loadmodule "proto_tls.so"
>
>
> loadmodule "tls_mgm.so"
>
>
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
>
> modparam("tls_mgm", "server_domain", "dom1")
>
> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>
> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>
>
>
> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>
> modparam("tls_mgm", "verify_cert", "[dom1]1")
>
> modparam("tls_mgm", "require_cert", "[dom1]1")
>
> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/m
> ydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/m
> ydomain.co.uk/privkey.pem")
>
> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/m
> ydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk
> ")
>
>
>
> but i get this error
>
>
>
> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom:
> Processing TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> INFO:tls_mgm:get_ssl_ctx_verify_mode:
> client verification activated. Client certificates are mandatory.
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> ERROR:tls_mgm:load_certificate:
> unable to load certificate file '/etc/letsencrypt/live/mydomai
> n.co.uk/cert.pem'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> ERROR:tls_mgm:init_tls_domains:
> Failed to init TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod:
> failed to initialize module tls_mgm
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
> while initializing modules
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
> Exiting
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> ___
>
> Users mailing list
>
> Users@lists.opensips.org
>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Copy the certs into /etc/opensips/tls/ it doesn't seem to like the
symlinked certs of letsencrypt
That fixed it for me when I had the same issue.
On Thu, 2020-09-17 at 14:32 +0100, Andrew Colin wrote:
> yes but why as that path is correctand permissions etc are all fine
>
> On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq
> wrote:
> > it seems to me that it can't load your certificate.
> >
> > Op do 17 sep. 2020 om 15:16 schreef Andrew Colin <
> > andrewd.co...@gmail.com>:
> > > Hi Guys
> > > I am trying to get tls to work but getting some errors.
> > > i am using letsencrypt and opensips 3.1
> > >
> > > my config is
> > >
> > > loadmodule "proto_tls.so"
> > >
> > > loadmodule "tls_mgm.so"
> > >
> > > modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
> > >
> > > modparam("tls_mgm", "server_domain", "dom1")
> > > modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
> > > modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
> > >
> > >
> > > modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
> > > modparam("tls_mgm", "verify_cert", "[dom1]1")
> > > modparam("tls_mgm", "require_cert", "[dom1]1")
> > > modparam("tls_mgm", "certificate",
> > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
> > > modparam("tls_mgm", "private_key",
> > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/privkey.pem")
> > > modparam("tls_mgm", "ca_list",
> > > "[dom1]/etc/letsencrypt/live/mydomain.co.uk/cert.pem")
> > > modparam("tls_mgm", "ca_dir",
> > > "[dom1]/etc/letsencrypt/live/bmydomain.co.uk")
> > >
> > >
> > >
> > >
> > > but i get this error
> > >
> > >
> > >
> > >
> > > INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > NOTICE:tls_mgm:init_tls_dom: No EC curve defined
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification
> > > activated. Client certificates are mandatory.
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > ERROR:tls_mgm:load_certificate: unable to load certificate file
> > > '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > ERROR:core:init_mod: failed to initialize module tls_mgm
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main:
> > > error while initializing modules
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> > > INFO:core:cleanup: cleanup
> > >
> > > Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
> > > Exiting
> > > ___
> > >
> > > Users mailing list
> > >
> > > Users@lists.opensips.org
> > >
> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > >
> >
> > ___
> >
> > Users mailing list
> >
> > Users@lists.opensips.org
> >
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
> ___Users mailing
> listus...@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
yes but why as that path is correct
and permissions etc are all fine
On Thu, Sep 17, 2020 at 2:31 PM Johan De Clercq wrote:
> it seems to me that it can't load your certificate.
>
> Op do 17 sep. 2020 om 15:16 schreef Andrew Colin >:
>
>> Hi Guys
>>
>> I am trying to get tls to work but getting some errors.
>> i am using letsencrypt and opensips 3.1
>>
>> my config is
>>
>> loadmodule "proto_tls.so"
>>
>>
>> loadmodule "tls_mgm.so"
>>
>>
>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>>
>>
>> modparam("tls_mgm", "server_domain", "dom1")
>>
>> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>>
>> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>>
>>
>>
>> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>>
>> modparam("tls_mgm", "verify_cert", "[dom1]1")
>>
>> modparam("tls_mgm", "require_cert", "[dom1]1")
>>
>> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/
>> mydomain.co.uk/cert.pem")
>>
>> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/
>> mydomain.co.uk/privkey.pem")
>>
>> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/
>> mydomain.co.uk/cert.pem")
>>
>> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/
>> bmydomain.co.uk")
>>
>>
>>
>> but i get this error
>>
>>
>>
>> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client
>> certificates are mandatory.
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> ERROR:tls_mgm:load_certificate: unable to load certificate file
>> '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
>> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod:
>> failed to initialize module tls_mgm
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
>> while initializing modules
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>>
>> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
>> Exiting
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
it seems to me that it can't load your certificate.
Op do 17 sep. 2020 om 15:16 schreef Andrew Colin :
> Hi Guys
>
> I am trying to get tls to work but getting some errors.
> i am using letsencrypt and opensips 3.1
>
> my config is
>
> loadmodule "proto_tls.so"
>
>
> loadmodule "tls_mgm.so"
>
>
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
>
> modparam("tls_mgm", "server_domain", "dom1")
>
> modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
>
> modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
>
>
>
> modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
>
> modparam("tls_mgm", "verify_cert", "[dom1]1")
>
> modparam("tls_mgm", "require_cert", "[dom1]1")
>
> modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/privkey.pem")
>
> modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/
> mydomain.co.uk/cert.pem")
>
> modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk
> ")
>
>
>
> but i get this error
>
>
>
> INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom:
> Processing TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client
> certificates are mandatory.
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> ERROR:tls_mgm:load_certificate: unable to load certificate file
> '/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod:
> failed to initialize module tls_mgm
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
> while initializing modules
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
>
> Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
> Exiting
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] TLS Error
Hi Guys
I am trying to get tls to work but getting some errors.
i am using letsencrypt and opensips 3.1
my config is
loadmodule "proto_tls.so"
loadmodule "tls_mgm.so"
modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
modparam("tls_mgm", "server_domain", "dom1")
modparam("tls_mgm", "match_ip_address", "[dom1]myip:5061")
modparam("tls_mgm", "match_sip_domain", "[dom1]mydomain.co.uk")
modparam("tls_mgm", "tls_method", "[dom1]TLSv1_2")
modparam("tls_mgm", "verify_cert", "[dom1]1")
modparam("tls_mgm", "require_cert", "[dom1]1")
modparam("tls_mgm", "certificate", "[dom1]/etc/letsencrypt/live/
mydomain.co.uk/cert.pem")
modparam("tls_mgm", "private_key", "[dom1]/etc/letsencrypt/live/
mydomain.co.uk/privkey.pem")
modparam("tls_mgm", "ca_list", "[dom1]/etc/letsencrypt/live/
mydomain.co.uk/cert.pem")
modparam("tls_mgm", "ca_dir", "[dom1]/etc/letsencrypt/live/bmydomain.co.uk")
but i get this error
INFO:tls_mgm:mod_init: disabling compression due ZLIB problems
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:tls_mgm:init_tls_dom:
Processing TLS domain 'dom1'
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
NOTICE:tls_mgm:init_tls_dom: No EC curve defined
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification activated. Client
certificates are mandatory.
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
ERROR:tls_mgm:load_certificate: unable to load certificate file
'/etc/letsencrypt/live/mydomain.co.uk/cert.pem'
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]:
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'dom1'
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:init_mod: failed
to initialize module tls_mgm
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: ERROR:core:main: error
while initializing modules
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: INFO:core:cleanup: cleanup
Sep 17 12:59:41 proxy /usr/sbin/opensips[8155]: NOTICE:core:main:
Exiting
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] tls error
Hi Guys.
Hope everyone is safe and be safe. I'm running into an issue with using tls in
opensips. I'm trying to have two connections from asterisk servers and onlyone
server connection is accepted at a time, Both asterisk servers are using the
same wild card cert for their tls connections. I'm getting the below error
Apr 8 09:22:46 ip-172-31-36-39 opensips[2846]: Apr 8 09:22:46 [2863]
ERROR:proto_tls:_tls_read: SYSCALL error -> (11)
Apr 8 09:22:46 ip-172-31-36-39 opensips[2846]: Apr 8 09:22:46 [2863]
ERROR:proto_tls:_tls_read: TLS connection to x.x.x.x:60550 read failed
Apr 8 09:22:46 ip-172-31-36-39 opensips[2846]: Apr 8 09:22:46 [2863]
ERROR:proto_tls:_tls_read: TLS read error: 5
Apr 8 09:22:46 ip-172-31-36-39 opensips[2846]: Apr 8 09:22:46 [2863]
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:0200100D:system
library:fopen:Permission denied
Apr 8 09:22:46 ip-172-31-36-39 opensips[2846]: Apr 8 09:22:46 [2863]
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:20074002:BIO
routines:file_ctrl:system lib
Apr 8 09:22:46 ip-172-31-36-39 opensips[2846]: Apr 8 09:22:46 [2863]
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:0B06F002:x509
certificate routines:X509_load_cert_file:system lib
Apr 8 09:22:46 ip-172-31-36-39 opensips[2846]: Apr 8 09:22:46 [2863]
ERROR:proto_tls:tls_read_req: failed to read
asterisk 1 (tls) ---> opensipsasterisk 2 (tls) --->
I'm using below opensips
opensips -V
version: opensips 2.4.6 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
main.c compiled on with gcc 6.3.0
I tried to update to latest 2.4.7 and then opensips processes get stuck in a
loop consuming all CPUs when tls module loaded with exact config which running
on 2.4.6. Any hint clue would be helpful
opensips config is as below,
### Global Parameters #
log_level=5
log_stderror=yes
log_facility=LOG_LOCAL0
#udp_workers=1
#tcp_workers=1
tcp_connect_timeout=900
auto_aliases=no
alias=tls:x.cloud:5061
alias=udp:172.31.36.39:5060
listen=tls:172.31.36.39:5061
listen=udp:172.31.36.39:5060 # CUSTOMIZE ME
advertised_address=x.x.x.x
### Modules Section
#set module path
mpath="/usr/lib/x86_64-linux-gnu/opensips/modules/"
loadmodule "tls_mgm.so"
loadmodule "proto_tls.so"
#loadmodule "proto_hep.so"
loadmodule "uri.so"
loadmodule "drouting.so"
loadmodule "db_mysql.so"
SIGNALING module
loadmodule "signaling.so"
loadmodule "textops.so"
StateLess module
loadmodule "sl.so"
loadmodule "avpops.so"
Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timeout", 30)
modparam("tm", "fr_inv_timeout", 60)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
modparam("tm", "via1_matching", 0)
modparam("tm", "ruri_matching", 0)
modparam("tm", "T1_timer", 1000)
Record Route Module
loadmodule "rr.so"
#modparam("rr", "append_fromtag", 1)
MAX ForWarD module
loadmodule "maxfwd.so"
loadmodule "nathelper.so"
SIP MSG OPerationS module
loadmodule "sipmsgops.so"
FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
loadmodule "permissions.so"
modparam("permissions", "db_url","mysql://opensips:xx@localhost/opensips")
loadmodule "proto_udp.so"
# RULE of THUMB make sure certs can be read by opensips user
# otherwise Its a nightmare to debug :(
modparam("tls_mgm", "certificate", "/etc/opensips/tls/default.crt")
modparam("tls_mgm", "private_key","/etc/opensips/tls/default.key")
modparam("tls_mgm", "ca_list", "/etc/opensips/tls/ca-default.crt")
modparam("tls_mgm", "ca_dir", "/etc/ssl/certs/")
modparam("tls_mgm","verify_cert", "1")
modparam("tls_mgm","require_cert", "1")
modparam("tls_mgm", "server_domain", "dom1=172.31.36.39:5061")
modparam("tls_mgm","verify_cert", "[dom1]1")
modparam("tls_mgm","require_cert", "[dom1]1")
modparam("tls_mgm","tls_method", "[dom1]TLSv1_2")
modparam("tls_mgm","certificate", "[dom1]/etc/tls/x.cloud/x.cloud.crt")
modparam("tls_mgm","private_key", "[dom1]/etc/tls/x.cloud/x.cloud.key")
modparam("tls_mgm", "ca_list", "[dom1]/etc/tls/x.cloud/x.cloud-ca.crt")
modparam("tls_mgm", "ca_dir", "[dom1]/etc/ssl/certs/")
modparam("tls_mgm", "tls_handshake_timeout", 900)
modparam("proto_tls", "tls_max_msg_chunks", 1024)
modparam("drouting", "db_url","mysql://opensips:x@localhost/opensips")
modparam("drouting", "probing_from", "sip:pinger@x.x.x.x")
modparam("avpops","db_url","mysql://opensips:x@localhost/opensips")
### Routing Logic
# main request routing logic
route{
force_rport();
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(is_method("OPTIONS")) {
xlog("L_INFO", "[MS TEA
[OpenSIPS-Users] tls error what does this mean
Set me thinking and searching, alright and thankyou, the phone has registered. What worked and what I had misunderstood was to open the certificate itself in a text editor and pick out what was already prepared inside the certificate. I was mistakenly re-encoding the certificate.pem entire itself into base64 and doing a cut and paste into a format for the phone. This was the resultant error. Alex From: Users [mailto:users-boun...@lists.opensips.org] On Behalf Of Razvan Crainea Sent: Friday, 12 May 2017 7:20 PM To: users@lists.opensips.org Subject: Re: [OpenSIPS-Users] tls error what does this mean Hi, Alex! Did you specify a certificate in your opensips configuration? Can you connect to OpenSIPS with openssl[1]? [1] https://www.opensips.org/Documentation/Tutorials-TLS-2-1#toc13 Best regards, Răzvan Crainea OpenSIPS Solutions www.opensips-solutions.com <http://www.opensips-solutions.com> On 05/12/2017 12:45 PM, Alexander Jankowsky wrote: Hello, I am trying to register a phone through tls into opensips 2.3 stable. I am stuck here... This from the remote phone which has no certificate or key loaded at present. ERROR:proto_tls:tls_accept: New TLS connection from 111.111.111.111:1 failed to accept ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned ERROR:proto_tls:tls_read_req: failed to do pre-tls reading INFO:core:probe_max_sock_buff: using snd buffer of 416 kb This is from the local phone which does have a certificate and its private key loaded. INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 63 ERROR:proto_tls:tls_accept: New TLS connection from 222.222.222.222:2 failed to accept ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate ERROR:proto_tls:tls_read_req: failed to do pre-tls reading INFO:core:probe_max_sock_buff: using snd buffer of 416 kb Is it obvious what I should be doing here or what I should try next? Alex ___ Users mailing list Users@lists.opensips.org <mailto:Users@lists.opensips.org> http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] tls error what does this mean
Hi, Alex! Did you specify a certificate in your opensips configuration? Can you connect to OpenSIPS with openssl[1]? [1] https://www.opensips.org/Documentation/Tutorials-TLS-2-1#toc13 Best regards, Răzvan Crainea OpenSIPS Solutions www.opensips-solutions.com On 05/12/2017 12:45 PM, Alexander Jankowsky wrote: Hello, I am trying to register a phone through tls into opensips 2.3 stable. I am stuck here... This from the remote phone which has no certificate or key loaded at present. ERROR:proto_tls:tls_accept: New TLS connection from 111.111.111.111:1 failed to accept ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned ERROR:proto_tls:tls_read_req: failed to do pre-tls reading INFO:core:probe_max_sock_buff: using snd buffer of 416 kb This is from the local phone which does have a certificate and its private key loaded. INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 63 ERROR:proto_tls:tls_accept: New TLS connection from 222.222.222.222:2 failed to accept ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate ERROR:proto_tls:tls_read_req: failed to do pre-tls reading INFO:core:probe_max_sock_buff: using snd buffer of 416 kb Is it obvious what I should be doing here or what I should try next? Alex ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] tls error what does this mean
Hello, I am trying to register a phone through tls into opensips 2.3 stable. I am stuck here... This from the remote phone which has no certificate or key loaded at present. ERROR:proto_tls:tls_accept: New TLS connection from 111.111.111.111:1 failed to accept ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned ERROR:proto_tls:tls_read_req: failed to do pre-tls reading INFO:core:probe_max_sock_buff: using snd buffer of 416 kb This is from the local phone which does have a certificate and its private key loaded. INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 63 ERROR:proto_tls:tls_accept: New TLS connection from 222.222.222.222:2 failed to accept ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate ERROR:proto_tls:tls_read_req: failed to do pre-tls reading INFO:core:probe_max_sock_buff: using snd buffer of 416 kb Is it obvious what I should be doing here or what I should try next? Alex ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS error opensips 2.3 on Debian 8
I moved tls_mgm module load to the beginning of the script, but the errors still happened... -- View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/TLS-error-opensips-2-3-on-Debian-8-tp7607394p7607397.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS error opensips 2.3 on Debian 8
Hello!
Can you try to load the tls_mgm module at the begining of your script,
before tne db_postgres and siptrace modules?
PS: please subscribe to the opensips mailing lists, otherwise we might
miss your sequential messages.
Best regards,
Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com
On 05/12/2017 11:18 AM, silent_dog wrote:
Is there anybody has idea on this issue?
At the beginning, it works well. However, after I added a trace module,
following errors happened.
modparam("siptrace", "trace_id",
"[db_tid]uri=postgres://opensips:opensips@172.22.253.42/opensips;table=sip_trace")
ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
(or other FIPS version of openssl, as this is known to be broken; if so, you
need to upgrade or downgrade to a different openssl version!
ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1t 3 May 2016
ERROR:core:init_mod: failed to initialize module tls_mgm
ERROR:core:main: error while initializing modules
--
View this message in context:
http://opensips-open-sip-server.1449251.n2.nabble.com/TLS-error-opensips-2-3-on-Debian-8-tp7607394.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] TLS error opensips 2.3 on Debian 8
Is there anybody has idea on this issue?
At the beginning, it works well. However, after I added a trace module,
following errors happened.
modparam("siptrace", "trace_id",
"[db_tid]uri=postgres://opensips:opensips@172.22.253.42/opensips;table=sip_trace")
ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
(or other FIPS version of openssl, as this is known to be broken; if so, you
need to upgrade or downgrade to a different openssl version!
ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1t 3 May 2016
ERROR:core:init_mod: failed to initialize module tls_mgm
ERROR:core:main: error while initializing modules
--
View this message in context:
http://opensips-open-sip-server.1449251.n2.nabble.com/TLS-error-opensips-2-3-on-Debian-8-tp7607394.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS error opensips 2.3 on Debian 8
it looks conflict with this line:
modparam("siptrace", "trace_id",
"[db_tid]uri=postgres://opensips:opensips@172.22.253.42/opensips;table=sip_trace")
After I commented this line, it works again.
--
View this message in context:
http://opensips-open-sip-server.1449251.n2.nabble.com/TLS-error-opensips-2-3-on-Debian-8-tp7607394p7607395.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Hi Gary The "TLS connection to 107.199.61.85:56437 read failed" error occurs when the device (Android & iOS) kills the application. -- NguyenVD ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] TLS Error
Hi, I am sorry for re-posting this issue. I have configured the OpenSIPS to work as REGISTRAR and proxy. The SIP UA are all mobile devices (PJSIP client running on iOS and Android devices). Devices are connecting to the OpenSIPS using TLS. Registration and Call-routing work fine; But, the OpenSIPS log is getting flooded with following errors. ERROR:core:_tls_read: SYSCALL error -> (0) ERROR:core:_tls_read: TLS connection to 107.199.61.85:56437 read failed ERROR:core:_tls_read: TLS read error: 5 ERROR:core:tcp_read_req: failed to read I am trying to understand the cause for these errors. Any advice? Best Regards, - Gary ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] TLS Error
Gary, Have you been able to take a look at the traffic to see what it is? I'm going to guess non-TLS OPTIONS pings. Try: tcpdump -nlvs0 -i eth0 host 66.81.1.2 and port 7604 Substitute the correct interface for eth0 isn't valid for your case. - Jeff On Wed, Nov 12, 2014 at 3:48 PM, Gary Nyquist wrote: > Hi, > > I am using "opensips 1.11.3-tls (x86_64/linux)" git revision: 7e5bbcf > My log file is getting flooded with following errors. > > ERROR:core:_tls_read: SYSCALL error -> (0) > ERROR:core:_tls_read: TLS connection to 66.81.1.2:7604 read failed > ERROR:core:_tls_read: TLS read error: 5 > ERROR:core:tcp_read_req: failed to read > > Any clues? > > Best Regards, > - Gary > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] TLS Error
Hi, I am using "opensips 1.11.3-tls (x86_64/linux)" git revision: 7e5bbcf My log file is getting flooded with following errors. ERROR:core:_tls_read: SYSCALL error -> (0) ERROR:core:_tls_read: TLS connection to 66.81.1.2:7604 read failed ERROR:core:_tls_read: TLS read error: 5 ERROR:core:tcp_read_req: failed to read Any clues? Best Regards, - Gary ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
