Re: [OpenSIPS-Users] tls_mgm domain database configuration

[James Nicholls via Users]

Hi Pratik,

We managed to get it working with the following in the tls_mgm table (client 
then server):

++--+--+--+--+-+--+---+-+-+---+--+---+
| domain | match_ip_address | match_sip_domain | type | method   | verify_cert 
| require_cert | crl_check_all | crl_dir | cipher_list | dh_params | ec_curve | 
ca_list   |
++--+--+--+--+-+--+---+-+-+---+--+---+
|  | *||1 | TLSv1_2- |   0 
|0 | 0 | NULL| NULL| NULL  | NULL | 
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem |
|  | :4003| ,*.  |2 | TLSv1_2- |   0 
|0 | 0 | NULL| NULL| NULL  | NULL | 
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem |
++--+--+--+--+-+--+---+-+-+---+--+---+

This works fine as is (replace  and  and add 
certificate/private_key) and TLS calling works but it doesn't manage to verify 
certs properly if we set verify_cert=1.

Kind regards,
James

From: Pratik Patel 
Sent: 07 April 2023 15:10
To: James Nicholls ; OpenSIPS users mailling list 

Subject: Re: [OpenSIPS-Users] tls_mgm domain database configuration

Hi James,

Can you please share what parameters you have configured for TLS in opensips 
3.3?

Because I have also facing same issue for wss connection.

I have try same certificate in freeswitch and check that WSS url in piesocket 
that connect established.

But when I configured same certificate in opensips and check in piesocket then 
connection not established.

So if you share what you have configured I will try same on my side to solve my 
issue.

On Fri, Apr 7, 2023, 13:43 James Nicholls via Users 
mailto:users@lists.opensips.org>> wrote:
Hi all,

I have an existing opensips 3.3.4 setup that uses modparam to set tls_mgm 
certificates with separate server_domain and client_domain entries. This works 
fine for registration and calling using TLS but I want to be able to update 
certificates with tls_reload so I'm trying to move them to the database instead.

The tls_mgm table schema added by opensips-cli has a domain and type column. 
Does "type" mean client/server or is it something else? I have tried having 
separate entries for client/server certs, or combining them into one row, but I 
can't get it to work. Everything seems to result in "no TLS client domain 
found" as below.

Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn 
0x7f3c9f1b5e98
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: DBG:core:tcpconn_destroy: 
delaying (0x7f3c9f1b5e98, flags 0018) ref = -1 ...
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:core:tcp_async_connect: tcp_conn_create failed, closing the socket
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:proto_tls:proto_tls_send: async TCP connect failed
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: ERROR:tm:msg_send: send() 
to (PBX IP):5061 for proto tls/3 failed
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:tm:t_forward_nonack: sending request failed

Example row in the tls_mgm table:

  domain: (SIP branded hostname)
match_ip_address: (opensips IP):4003
match_sip_domain: *
type: 1
  method: TLSv1_2-
 verify_cert: 0
require_cert: 0
 certificate: -BEGIN CERTIFICATE- [...]
 private_key: -BEGIN RSA PRIVATE KEY- [...]
   crl_check_all: 0
 crl_dir: NULL
 ca_list: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  ca_dir: NULL
 cipher_list: NULL
   dh_params: NULL
ec_curve: NULL

Is there any documentation for adding certificates to the tls_mgm table? I 
haven't found anything in the 3.3.x docs, the only examples use modparam. 
Hopefully I have got something really obvious wrong.

Kind regards,

James Nicholls

___
Users mailing list
Users@lists.opensips.org<mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm domain database configuration

[James Nicholls via Users]

Thanks very much Callum, seeing a working example with separate client/server 
tls_mgm rows really helped get us sorted.

I notice that you set verify_cert (and require_cert) to 0, is there any reason 
for that? I won't go into too much detail because it's probably worth another 
thread, but we're seeing problems with TLS calling when it's on, opensips 
doesn't like my 3CX instance that uses a Lets Encrypt cert.

Kind regards,

James

From: Callum Guy 
Sent: 07 April 2023 14:43
To: James Nicholls ; OpenSIPS users mailling list 

Subject: Re: [OpenSIPS-Users] tls_mgm domain database configuration

Hi James,

It could certainly be clearer!

Here's an extract from my script and some example inserts for a client and 
server record.

https://gist.github.com/spacetourist/788ea722901e81d355850842e2b17cda

INSERT INTO opensips_dev.tls_mgm (id, domain, match_ip_address, 
match_sip_domain, type, method, verify_cert, require_cert, certificate, 
private_key, crl_check_all, crl_dir, ca_list, ca_dir, cipher_list, dh_params, 
ec_curve) VALUES (5, 'default', '*', '*', 1, 'TLSv1_2', 0, 0, 
0x2D2D2D2D2D424547494E20434...2D2D2D2D0A, 
0x2D2D2D2D2D424547494...B45592D2D2D2D2D0A, 0, null, null, null, 
'EECDH+AESGCM,EDH+AESGCM,AES256+EECDH,AES256+EDH,!RSA,!SHA', 
0x2D2D2D2D2D4245...D2D2D0A, 'secp384r1');

INSERT INTO opensips_dev.tls_mgm (id, domain, match_ip_address, 
match_sip_domain, type, method, verify_cert, require_cert, certificate, 
private_key, crl_check_all, crl_dir, ca_list, ca_dir, cipher_list, dh_params, 
ec_curve) VALUES (15, 'default', '*', '*', 2, 'TLSv1_2', 0, 0, 
0x2D2D2D2...D2D0A, 0x2D2D2D2D2...D2D2D0A, 0, null, null, null, 
'EECDH+AESGCM,EDH+AESGCM,AES256+EECDH,AES256+EDH,!RSA,!SHA', 
0x2D2D2D2D2D42454...2D0A, 'secp384r1');

Hope that helps get you moving!

Callum

On Fri, 7 Apr 2023 at 09:12, James Nicholls via Users 
mailto:users@lists.opensips.org>> wrote:
Hi all,

I have an existing opensips 3.3.4 setup that uses modparam to set tls_mgm 
certificates with separate server_domain and client_domain entries. This works 
fine for registration and calling using TLS but I want to be able to update 
certificates with tls_reload so I'm trying to move them to the database instead.

The tls_mgm table schema added by opensips-cli has a domain and type column. 
Does "type" mean client/server or is it something else? I have tried having 
separate entries for client/server certs, or combining them into one row, but I 
can't get it to work. Everything seems to result in "no TLS client domain 
found" as below.

Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn 
0x7f3c9f1b5e98
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: DBG:core:tcpconn_destroy: 
delaying (0x7f3c9f1b5e98, flags 0018) ref = -1 ...
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:core:tcp_async_connect: tcp_conn_create failed, closing the socket
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:proto_tls:proto_tls_send: async TCP connect failed
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: ERROR:tm:msg_send: send() 
to (PBX IP):5061 for proto tls/3 failed
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:tm:t_forward_nonack: sending request failed

Example row in the tls_mgm table:

  domain: (SIP branded hostname)
match_ip_address: (opensips IP):4003
match_sip_domain: *
type: 1
  method: TLSv1_2-
 verify_cert: 0
require_cert: 0
 certificate: -BEGIN CERTIFICATE- [...]
 private_key: -BEGIN RSA PRIVATE KEY- [...]
   crl_check_all: 0
 crl_dir: NULL
 ca_list: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  ca_dir: NULL
 cipher_list: NULL
   dh_params: NULL
ec_curve: NULL

Is there any documentation for adding certificates to the tls_mgm table? I 
haven't found anything in the 3.3.x docs, the only examples use modparam. 
Hopefully I have got something really obvious wrong.

Kind regards,

James Nicholls

___
Users mailing list
Users@lists.opensips.org<mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


[https://www.x-on.co.uk/email/footer/banner-03-2023.jpg]

0333 332   |  x-on.co.uk<https://www.x-on.co.uk>  |   
[http://www.x-on.co.uk//images/icon/linkedin.png] 
<https://www.linkedin.com/company/x-on>   
[http://www.x-on.co.uk//images/icon/facebook.png] 
<https://www.facebook.com/XonTel>   
[http://www.x-on.co.uk//images/icon/twitter.png] <https://twitter.com/xonuk>
| 

Re: [OpenSIPS-Users] tls_mgm domain database configuration

[Pratik Patel]

Hi James,

Can you please share what parameters you have configured for TLS in
opensips 3.3?

Because I have also facing same issue for wss connection.

I have try same certificate in freeswitch and check that WSS url in
piesocket that connect established.

But when I configured same certificate in opensips and check in piesocket
then connection not established.

So if you share what you have configured I will try same on my side to
solve my issue.

On Fri, Apr 7, 2023, 13:43 James Nicholls via Users <
users@lists.opensips.org> wrote:

> Hi all,
>
> I have an existing opensips 3.3.4 setup that uses modparam to set tls_mgm
> certificates with separate server_domain and client_domain entries. This
> works fine for registration and calling using TLS but I want to be able to
> update certificates with tls_reload so I'm trying to move them to the
> database instead.
>
> The tls_mgm table schema added by opensips-cli has a domain and type
> column. Does "type" mean client/server or is it something else? I have
> tried having separate entries for client/server certs, or combining them
> into one row, but I can't get it to work. Everything seems to result in "no
> TLS client domain found" as below.
>
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn
> 0x7f3c9f1b5e98
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> DBG:core:tcpconn_destroy: delaying (0x7f3c9f1b5e98, flags 0018) ref = -1 ...
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:core:tcp_async_connect: tcp_conn_create failed, closing the socket
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:proto_tls:proto_tls_send: async TCP connect failed
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: ERROR:tm:msg_send:
> send() to (PBX IP):5061 for proto tls/3 failed
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:tm:t_forward_nonack: sending request failed
>
> Example row in the tls_mgm table:
>
>   domain: (SIP branded hostname)
> match_ip_address: (opensips IP):4003
> match_sip_domain: *
> type: 1
>   method: TLSv1_2-
>  verify_cert: 0
> require_cert: 0
>  certificate: -BEGIN CERTIFICATE- [...]
>  private_key: -BEGIN RSA PRIVATE KEY- [...]
>crl_check_all: 0
>  crl_dir: NULL
>  ca_list: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
>   ca_dir: NULL
>  cipher_list: NULL
>dh_params: NULL
> ec_curve: NULL
>
> Is there any documentation for adding certificates to the tls_mgm table? I
> haven't found anything in the 3.3.x docs, the only examples use modparam.
> Hopefully I have got something really obvious wrong.
>
> Kind regards,
>
> James Nicholls
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm domain database configuration

[Callum Guy]

Hi James,

It could certainly be clearer!

Here's an extract from my script and some example inserts for a client and
server record.

https://gist.github.com/spacetourist/788ea722901e81d355850842e2b17cda

INSERT INTO opensips_dev.tls_mgm (id, domain, match_ip_address,
match_sip_domain, type, method, verify_cert, require_cert, certificate,
private_key, crl_check_all, crl_dir, ca_list, ca_dir, cipher_list,
dh_params, ec_curve) VALUES (5, 'default', '*', '*', 1, 'TLSv1_2', 0, 0,
0x2D2D2D2D2D424547494E20434...2D2D2D2D0A,
0x2D2D2D2D2D424547494...B45592D2D2D2D2D0A, 0, null, null, null,
'EECDH+AESGCM,EDH+AESGCM,AES256+EECDH,AES256+EDH,!RSA,!SHA',
0x2D2D2D2D2D4245...D2D2D0A, 'secp384r1');

INSERT INTO opensips_dev.tls_mgm (id, domain, match_ip_address,
match_sip_domain, type, method, verify_cert, require_cert, certificate,
private_key, crl_check_all, crl_dir, ca_list, ca_dir, cipher_list,
dh_params, ec_curve) VALUES (15, 'default', '*', '*', 2, 'TLSv1_2', 0, 0,
0x2D2D2D2...D2D0A, 0x2D2D2D2D2...D2D2D0A, 0, null, null, null,
'EECDH+AESGCM,EDH+AESGCM,AES256+EECDH,AES256+EDH,!RSA,!SHA',
0x2D2D2D2D2D42454...2D0A, 'secp384r1');

Hope that helps get you moving!

Callum

On Fri, 7 Apr 2023 at 09:12, James Nicholls via Users <
users@lists.opensips.org> wrote:

> Hi all,
>
> I have an existing opensips 3.3.4 setup that uses modparam to set tls_mgm
> certificates with separate server_domain and client_domain entries. This
> works fine for registration and calling using TLS but I want to be able to
> update certificates with tls_reload so I'm trying to move them to the
> database instead.
>
> The tls_mgm table schema added by opensips-cli has a domain and type
> column. Does "type" mean client/server or is it something else? I have
> tried having separate entries for client/server certs, or combining them
> into one row, but I can't get it to work. Everything seems to result in "no
> TLS client domain found" as below.
>
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn
> 0x7f3c9f1b5e98
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> DBG:core:tcpconn_destroy: delaying (0x7f3c9f1b5e98, flags 0018) ref = -1 ...
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:core:tcp_async_connect: tcp_conn_create failed, closing the socket
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:proto_tls:proto_tls_send: async TCP connect failed
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: ERROR:tm:msg_send:
> send() to (PBX IP):5061 for proto tls/3 failed
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:tm:t_forward_nonack: sending request failed
>
> Example row in the tls_mgm table:
>
>   domain: (SIP branded hostname)
> match_ip_address: (opensips IP):4003
> match_sip_domain: *
> type: 1
>   method: TLSv1_2-
>  verify_cert: 0
> require_cert: 0
>  certificate: -BEGIN CERTIFICATE- [...]
>  private_key: -BEGIN RSA PRIVATE KEY- [...]
>crl_check_all: 0
>  crl_dir: NULL
>  ca_list: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
>   ca_dir: NULL
>  cipher_list: NULL
>dh_params: NULL
> ec_curve: NULL
>
> Is there any documentation for adding certificates to the tls_mgm table? I
> haven't found anything in the 3.3.x docs, the only examples use modparam.
> Hopefully I have got something really obvious wrong.
>
> Kind regards,
>
> James Nicholls
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

-- 






*0333 332   |  x-on.co.uk   |   ** 
    
   **  |  **Practice Index Reviews 
*

*Our new office address: 22 Riduna 
Park, Melton IP12 1QT.*

X-on
is a trading name of Storacall Technology Ltd 
a limited company registered in
England and Wales.

Registered Office : 
Glebe Farm, Down Street, Dummer, Basingstoke, Hampshire, England RG25 2AD. 
Company Registration No. 2578478.

The information in this e-mail is 
confidential and for use by the addressee(s)
only. If you are not the 
intended recipient, please notify X-on immediately on +44(0)333 332  
and delete the
message from your computer. If you are not a named addressee 
you must not use,
disclose, disseminate, distribute, copy, print or reply 
to this email. Views
or opinions expressed by an individual
within this 
email may not necessarily
reflect the views of X-on or its associated 
companies. Although X-on routinely
screens for viruses, addressees should 
scan this email and any attachments
for
viruses. X-on makes no 
representation or warranty as to the abs

[OpenSIPS-Users] tls_mgm domain database configuration

[James Nicholls via Users]

Hi all,

I have an existing opensips 3.3.4 setup that uses modparam to set tls_mgm 
certificates with separate server_domain and client_domain entries. This works 
fine for registration and calling using TLS but I want to be able to update 
certificates with tls_reload so I'm trying to move them to the database instead.

The tls_mgm table schema added by opensips-cli has a domain and type column. 
Does "type" mean client/server or is it something else? I have tried having 
separate entries for client/server certs, or combining them into one row, but I 
can't get it to work. Everything seems to result in "no TLS client domain 
found" as below.

Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn 
0x7f3c9f1b5e98
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: DBG:core:tcpconn_destroy: 
delaying (0x7f3c9f1b5e98, flags 0018) ref = -1 ...
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:core:tcp_async_connect: tcp_conn_create failed, closing the socket
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:proto_tls:proto_tls_send: async TCP connect failed
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: ERROR:tm:msg_send: send() 
to (PBX IP):5061 for proto tls/3 failed
Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: 
ERROR:tm:t_forward_nonack: sending request failed

Example row in the tls_mgm table:

  domain: (SIP branded hostname)
match_ip_address: (opensips IP):4003
match_sip_domain: *
type: 1
  method: TLSv1_2-
 verify_cert: 0
require_cert: 0
 certificate: -BEGIN CERTIFICATE- [...]
 private_key: -BEGIN RSA PRIVATE KEY- [...]
   crl_check_all: 0
 crl_dir: NULL
 ca_list: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  ca_dir: NULL
 cipher_list: NULL
   dh_params: NULL
ec_curve: NULL

Is there any documentation for adding certificates to the tls_mgm table? I 
haven't found anything in the 3.3.x docs, the only examples use modparam. 
Hopefully I have got something really obvious wrong.

Kind regards,

James Nicholls

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] TLS_MGM

[Bogdan-Andrei Iancu]

Hi Vadim,

This log looks weird :

июл 19 21:11:32 proxy-01 opensips[13765]: CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:110:21-22: Parameter  not found in module 
 not found in module 


So, check the modparam line for any typos or weird chars in the name of the 
module.

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 7/20/22 12:35 AM, Vadim Dumalekov via Users wrote:

Hello!

I have installed the OpenSIPS-3.2.7. I'm trying to set up the WSS-proto. It 
requires the tls_mgm module be loaded. I have the following settings for this 
module:

loadmodule "tls_mgm.so"
 modparam("tls_mgm", "tls_library", "openssl")
 modparam("tls_mgm", "certificate", 
"/etc/opensips/tls/rootCA/cacert.pem")
 modparam("tls_mgm", "private_key", 
"/etc/opensips/tls/rootCA/private/cakey.pem")

But when i triy to run opensips I have this problem:

июл 19 21:11:32 proxy-01 opensips[13765]: CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:110:21-22: Parameter  not found in module 
 not found in module 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] TLS_MGM

[Vadim Dumalekov via Users]

Hello!

I have installed the OpenSIPS-3.2.7. I'm trying to set up the WSS-proto. It 
requires the tls_mgm module be loaded. I have the following settings for this 
module:

loadmodule "tls_mgm.so"
modparam("tls_mgm", "tls_library", "openssl")
modparam("tls_mgm", "certificate", 
"/etc/opensips/tls/rootCA/cacert.pem")
modparam("tls_mgm", "private_key", 
"/etc/opensips/tls/rootCA/private/cakey.pem")

But when i triy to run opensips I have this problem: 

июл 19 21:11:32 proxy-01 opensips[13765]: CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:110:21-22: Parameter  not found in 
module  not found in 
module http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] TLS_MGM module with DB(MYSQL)

[Callum Guy]

I'm a bit lost with regards to your setup/intentions but I think you might
be misusing those config values - if in doubt try the vanilla
implementation using an unmodified table and limited module parameters,
start small and build!

Of concern:

modparam("tls_mgm", "domain_col", "xx.i3clogic.com") < is that really
your column name??
modparam("tls_mgm", "match_ip_address_col", "xx.xx36.64:443") < is that
really your column name??

I'm wondering if you have interpreted those as default values?

https://opensips.org/html/docs/modules/3.0.x/tls_mgm.html#idp5640928

Initially just try with the value "default" for domain - thats a special
catch all value:

[image: image.png]


On Fri, 28 May 2021 at 12:59, Saurabh Chopra  wrote:

> Hi Opensips Team/ Callum,
>
> Thanks for the response, I successfully inserted the content of my
> files(certificate) in mysql DB. But when I try to run the script the
> opensips is crashing now with errors.
>
> May 28 11:45:59  /usr/local/sbin/opensips[1268]:
> CRITICAL:db_mysql:wrapper_single_mysql_real_query: driver error (1064): You
> have an error in your SQL syntax; check the manual that corresponds to your
> MySQL server version for the right syntax to use near
> '.36.64:443,match_sip_domain,type,method,0,0,certificate,private_key,crl_check_al'
> at line 1
> May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:core:db_do_query:
> error while submitting query - [select 
> id,.i3clogic.com,x.x.36.64:443,match_sip_domain,type,method,0,0,certificate,private_key,crl_check_all,crl_dir,ca_list,ca_dir,cipher_list,dh_params,ec_curve
> from tls_mgm ]
> May 28 11:45:59   /usr/local/sbin/opensips[1268]: ERROR:tls_mgm:load_info:
> DB query failed - retrieve valid connections
> May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:tls_mgm:load_info:
> Unable to load domains info from DB
> May 28 11:45:59 /usr/local/sbin/opensips[1268]: ERROR:core:init_mod:
> failed to initialize module tls_mgm
> May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:core:main: error
> while initializing modules
>
> Given these parameters in the config script.
>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "db_url", "mysql://root:x@localhost/opensips")
> modparam("tls_mgm", "db_table", "tls_mgm")
> modparam("tls_mgm", "domain_col", "xx.i3clogic.com")
> modparam("tls_mgm", "match_ip_address_col", "xx.xx36.64:443")
> modparam("tls_mgm", "tls_method_col", "method")
> modparam("tls_mgm", "verify_cert_col", "0")
> modparam("tls_mgm", "require_cert_col", "0")
> modparam("tls_mgm", "certificate_col", "certificate")
> modparam("tls_mgm", "private_key_col", "private_key")
> modparam("tls_mgm", "crl_check_all_col", "crl_check_all")
> modparam("tls_mgm", "crl_dir_col", "crl_dir")
> modparam("tls_mgm", "ca_list_col", "ca_list")
>
> Kindly help in this matter.
>
> Best Regards
> Saurabh Chopra
> +918861979979
>
>
> On Wed, May 26, 2021 at 5:06 PM Callum Guy  wrote:
>
>> You need to insert the certificate contents into the table rather than a
>> file, to my understanding - you'd probably want to convert the certs to PEM
>> format prior to doing this.
>>
>>
>>
>>
>>
>> On Tue, 25 May 2021 at 14:20, Saurabh Chopra 
>> wrote:
>>
>>> Hi Opensips Team/Razvan,
>>>
>>> I am using the TLS_MGM module to validate my certificate file through a
>>> database (mysql) but getting the below error.
>>>
>>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
>>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]: 
>>> *ERROR:tls_mgm:load_certificate_db:
>>> Unable to load certificate from buffer*
>>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
>>> WARNING:tls_mgm:init_tls_domains: Failed to init TLS domain 'default',
>>> skipping...
>>>
>>> The data i have put in DB is depicted below:-
>>>
>>> insert into tls_mgm
>>> (id,domain,match_ip_address,match_sip_domain,type,method,verify_cert,require_cert,certificate,private_key,crl_check_all,crl_dir,ca_list,ca_dir,
>>> cipher_list,dh_params,ec_curve) values
>>> ('1','default','20.0.xx.xx:443','','1','SSLv23','1','0','2021.der','.der','0','','x2021.der','','ALL','','');
>>>
>>> *.der* files are the binary file for certificate file, private key file
>>> and ca_list .  However the same is working fine through the configuration
>>> script.
>>>
>>> Can anybody confirm what I am doing wrong ?
>>>
>>>
>>> Best Regards
>>> Saurabh Chopra
>>> +918861979979
>>> ___
>>> Users mailing list
>>> Users@lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>> *0333 332   |  x-on.co.uk   |   **
>>    
>>    **  |  Coronavirus
>> **
>> |  Practice Index Reviews *
>>
>> THE ITSPA A

Re: [OpenSIPS-Users] TLS_MGM module with DB(MYSQL)

[Saurabh Chopra]

Hi Opensips Team/ Callum,

Thanks for the response, I successfully inserted the content of my
files(certificate) in mysql DB. But when I try to run the script the
opensips is crashing now with errors.

May 28 11:45:59  /usr/local/sbin/opensips[1268]:
CRITICAL:db_mysql:wrapper_single_mysql_real_query: driver error (1064): You
have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near
'.36.64:443,match_sip_domain,type,method,0,0,certificate,private_key,crl_check_al'
at line 1
May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:core:db_do_query:
error while submitting query - [select
id,.i3clogic.com,x.x.36.64:443,match_sip_domain,type,method,0,0,certificate,private_key,crl_check_all,crl_dir,ca_list,ca_dir,cipher_list,dh_params,ec_curve
from tls_mgm ]
May 28 11:45:59   /usr/local/sbin/opensips[1268]: ERROR:tls_mgm:load_info:
DB query failed - retrieve valid connections
May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:tls_mgm:load_info:
Unable to load domains info from DB
May 28 11:45:59 /usr/local/sbin/opensips[1268]: ERROR:core:init_mod: failed
to initialize module tls_mgm
May 28 11:45:59  /usr/local/sbin/opensips[1268]: ERROR:core:main: error
while initializing modules

Given these parameters in the config script.

loadmodule "tls_mgm.so"
modparam("tls_mgm", "db_url", "mysql://root:x@localhost/opensips")
modparam("tls_mgm", "db_table", "tls_mgm")
modparam("tls_mgm", "domain_col", "xx.i3clogic.com")
modparam("tls_mgm", "match_ip_address_col", "xx.xx36.64:443")
modparam("tls_mgm", "tls_method_col", "method")
modparam("tls_mgm", "verify_cert_col", "0")
modparam("tls_mgm", "require_cert_col", "0")
modparam("tls_mgm", "certificate_col", "certificate")
modparam("tls_mgm", "private_key_col", "private_key")
modparam("tls_mgm", "crl_check_all_col", "crl_check_all")
modparam("tls_mgm", "crl_dir_col", "crl_dir")
modparam("tls_mgm", "ca_list_col", "ca_list")

Kindly help in this matter.

Best Regards
Saurabh Chopra
+918861979979


On Wed, May 26, 2021 at 5:06 PM Callum Guy  wrote:

> You need to insert the certificate contents into the table rather than a
> file, to my understanding - you'd probably want to convert the certs to PEM
> format prior to doing this.
>
>
>
>
>
> On Tue, 25 May 2021 at 14:20, Saurabh Chopra  wrote:
>
>> Hi Opensips Team/Razvan,
>>
>> I am using the TLS_MGM module to validate my certificate file through a
>> database (mysql) but getting the below error.
>>
>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
>> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]: 
>> *ERROR:tls_mgm:load_certificate_db:
>> Unable to load certificate from buffer*
>> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
>> WARNING:tls_mgm:init_tls_domains: Failed to init TLS domain 'default',
>> skipping...
>>
>> The data i have put in DB is depicted below:-
>>
>> insert into tls_mgm
>> (id,domain,match_ip_address,match_sip_domain,type,method,verify_cert,require_cert,certificate,private_key,crl_check_all,crl_dir,ca_list,ca_dir,
>> cipher_list,dh_params,ec_curve) values
>> ('1','default','20.0.xx.xx:443','','1','SSLv23','1','0','2021.der','.der','0','','x2021.der','','ALL','','');
>>
>> *.der* files are the binary file for certificate file, private key file
>> and ca_list .  However the same is working fine through the configuration
>> script.
>>
>> Can anybody confirm what I am doing wrong ?
>>
>>
>> Best Regards
>> Saurabh Chopra
>> +918861979979
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> *0333 332   |  x-on.co.uk   |   **
>    
>    **  |  Coronavirus
> **
> |  Practice Index Reviews *
>
> THE ITSPA AWARDS 2020  AND Best
> ITSP - Mid Market, Best Software and Best Vertical Solution are trade marks
> of the Internet Telephony Services Providers' Association, used under
> licence.
>
> *Our new office address: 22 Riduna Park, Melton IP12 1QT.*
>
> X-on is a trading name of Storacall Technology Ltd a limited company
> registered in England and Wales.
> Registered Office : Avaland House, 110 London Road, Apsley, Hemel
> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
> The information in this e-mail is confidential and for use by the
> addressee(s) only. If you are not the intended recipient, please notify
> X-on immediately on +44(0)333 332  and delete the
> message from your computer. If you are not a named addressee you must not
> use, disclose, disseminate, distribute, copy, print or reply to this email. 
> Views
> or 

Re: [OpenSIPS-Users] TLS_MGM module with DB(MYSQL)

[Callum Guy]

You need to insert the certificate contents into the table rather than a
file, to my understanding - you'd probably want to convert the certs to PEM
format prior to doing this.





On Tue, 25 May 2021 at 14:20, Saurabh Chopra  wrote:

> Hi Opensips Team/Razvan,
>
> I am using the TLS_MGM module to validate my certificate file through a
> database (mysql) but getting the below error.
>
> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]: 
> *ERROR:tls_mgm:load_certificate_db:
> Unable to load certificate from buffer*
> May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
> WARNING:tls_mgm:init_tls_domains: Failed to init TLS domain 'default',
> skipping...
>
> The data i have put in DB is depicted below:-
>
> insert into tls_mgm
> (id,domain,match_ip_address,match_sip_domain,type,method,verify_cert,require_cert,certificate,private_key,crl_check_all,crl_dir,ca_list,ca_dir,
> cipher_list,dh_params,ec_curve) values
> ('1','default','20.0.xx.xx:443','','1','SSLv23','1','0','2021.der','.der','0','','x2021.der','','ALL','','');
>
> *.der* files are the binary file for certificate file, private key file
> and ca_list .  However the same is working fine through the configuration
> script.
>
> Can anybody confirm what I am doing wrong ?
>
>
> Best Regards
> Saurabh Chopra
> +918861979979
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

-- 





*0333 332   |  x-on.co.uk   |   ** 
    
   **  |  Coronavirus 
**  |  
Practice Index Reviews *


THE ITSPA 
AWARDS 2020  AND Best ITSP - Mid 
Market, Best Software and Best Vertical Solution are trade marks of the 
Internet Telephony Services Providers' Association, used under licence.

*Our new office address: 22 Riduna Park, Melton IP12 1QT.*

X-on
is a 
trading name of Storacall Technology Ltd a limited company registered in
England and Wales.

Registered Office : Avaland House, 110 London Road, 
Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company Registration No. 2578478.

The information in this e-mail is confidential and for use by the 
addressee(s)
only. If you are not the intended recipient, please notify 
X-on immediately on +44(0)333 332  and delete the
message from your 
computer. If you are not a named addressee you must not use,
disclose, 
disseminate, distribute, copy, print or reply to this email. Views
or 
opinions expressed by an individual
within this email may not necessarily
reflect the views of X-on or its associated companies. Although X-on 
routinely
screens for viruses, addressees should scan this email and any 
attachments
for
viruses. X-on makes no representation or warranty as to the 
absence of viruses
in this email or any attachments.










___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] TLS_MGM module with DB(MYSQL)

[Saurabh Chopra]

Hi Opensips Team/Razvan,

I am using the TLS_MGM module to validate my certificate file through a
database (mysql) but getting the below error.

May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
*ERROR:tls_mgm:load_certificate_db:
Unable to load certificate from buffer*
May 25 12:41:28 ip-20-0-36-64 /usr/local/sbin/opensips[16297]:
WARNING:tls_mgm:init_tls_domains: Failed to init TLS domain 'default',
skipping...

The data i have put in DB is depicted below:-

insert into tls_mgm
(id,domain,match_ip_address,match_sip_domain,type,method,verify_cert,require_cert,certificate,private_key,crl_check_all,crl_dir,ca_list,ca_dir,
cipher_list,dh_params,ec_curve) values
('1','default','20.0.xx.xx:443','','1','SSLv23','1','0','2021.der','.der','0','','x2021.der','','ALL','','');

*.der* files are the binary file for certificate file, private key file and
ca_list .  However the same is working fine through the configuration
script.

Can anybody confirm what I am doing wrong ?


Best Regards
Saurabh Chopra
+918861979979
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] TLS_MGM - No TLS domain name - Error

[Yannik Lieblinger]

Hi,

I'm trying to setup opensips, but running into errors with tls_mgm module. My 
opensips version is 3.0.2 and I used osipsconfig to generate config files.

I also looked up the following guides and tried it with or without server 
domain name, but no success.

With:

modparam("tls_mgm", "server_domain", "sv_dom=5.135.140.139:5061")
modparam("tls_mgm", "require_cert", "[sv_dom]0")

Without:

modparam("tls_mgm", "require_cert", "0")

Guides:
http://www.powerpbx.org/content/opensips-v30-debian-v10-mariadb-apache-v1
https://opensips.org/Documentation/Migration-2-4-0-to-3-0-0#toc17
https://www.opensips.org/Documentation/Tutorials-TLS-2-1

Output from "opensips -C /etc/opensipsget":
Mar 10 10:19:32 [1229] CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:55:20-21: Parameter  not found in 
module  - can't set
Mar 10 10:19:32 [1229] #modparam("tls_mgm", "server_domain", 
"sv_dom=5.135.140.139:5061")
Mar 10 10:19:32 [1229]
Mar 10 10:19:32 [1229] modparam("tls_mgm", "require_cert", "0")
Mar 10 10:19:32 [1229] ^~
Mar 10 10:19:32 [1229]
Mar 10 10:19:32 [1229] modparam("tls_mgm", "verify_cert", "0")
Mar 10 10:19:32 [1229] ERROR:tls_mgm:split_param_val: No TLS domain name
Mar 10 10:19:32 [1229] CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:57:20-21: Parameter  not found in 
module  - can't set
Mar 10 10:19:32 [1229] ERROR:tls_mgm:split_param_val: No TLS domain name
Mar 10 10:19:32 [1229] CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:59:20-21: Parameter  not found in module 
 - can't set
Mar 10 10:19:32 [1229] ERROR:tls_mgm:split_param_val: No TLS domain name
Mar 10 10:19:32 [1229] CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:62:3-4: Parameter  not found in module 
 - can't set
Mar 10 10:19:32 [1229] ERROR:tls_mgm:split_param_val: No TLS domain name
Mar 10 10:19:32 [1229] CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:65:3-4: Parameter  not found in module 
 - can't set
Mar 10 10:19:32 [1229] ERROR:tls_mgm:split_param_val: No TLS domain name
Mar 10 10:19:32 [1229] CRITICAL:core:yyerror: parse error in 
/etc/opensips/opensips.cfg:68:3-4: Parameter  not found in module 
 - can't set
Mar 10 10:19:32 [1229] ERROR:core:parse_opensips_cfg: bad config file (6 errors)
Mar 10 10:19:32 [1229] ERROR:core:main: failed to parse config file (null)
Mar 10 10:19:32 [1229] NOTICE:core:main: Exiting
I would be very happy to get help or tips.

Greetings Yannik
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm

[Slava Bendersky]

Hello Vlad, 
In version 
opensips-3.0.0.fcbfed302-4.fc27.x86_64 

* works in database. 

I submitted pull request to provision tls_mgm from opensipsctl. That should 
make process easier. 
Thank you, 

volga629 

From: "Vlad Patrascu"  
To: "OpenSIPS users mailling list"  
Sent: Monday, October 8, 2018 7:15:33 AM 
Subject: Re: [OpenSIPS-Users] tls_mgm 



Hi, 


Are you running the latest revision of the devel branch? There was a fix about 
a month ago regarding this issue. 

Regards, 
Vlad Patrascu
OpenSIPS Developer [ http://www.opensips-solutions.com/ | 
http://www.opensips-solutions.com ] 
On 10/07/2018 08:10 AM, Slava Bendersky wrote: 



Hello Everyone, 
I am trying load certificate from database and set filter for ip and sip domain 
to *, but give me error 

Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_domain_address: TLS domain address has to be in [IP:port] 
format 
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_domain_address: invalid TLS domain address [*] 
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_match_addresses: Failed to parse address filter: * 
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:db_add_domain: Failed to parse address matching filters 
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:load_info: failed to add TLS domain 'default' id: 3, skipping... 


What is missing ? 

Thank you. 

volga629 


___
Users mailing list [ mailto:Users@lists.opensips.org | Users@lists.opensips.org 
] [ http://lists.opensips.org/cgi-bin/mailman/listinfo/users | 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users ] 




___ 
Users mailing list 
Users@lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm

[Vlad Patrascu]

Hi,

Are you running the latest revision of the devel branch? There was a fix 
about a month ago regarding this issue.


Regards,

Vlad Patrascu
OpenSIPS Developer
http://www.opensips-solutions.com

On 10/07/2018 08:10 AM, Slava Bendersky wrote:

Hello Everyone,
I am trying load certificate from database and set filter for ip and 
sip domain to *, but give me error


Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_domain_address: TLS domain address has to be in 
[IP:port] format
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_domain_address: invalid TLS domain address [*]
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_match_addresses: Failed to parse address filter: *
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:db_add_domain: Failed to parse address matching filters
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:load_info: failed to add TLS domain 'default' id: 3, 
skipping...



What is missing ?

Thank you.

volga629


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] tls_mgm

[Slava Bendersky]

Hello Everyone,
I am trying load certificate from database and set filter for ip and sip domain 
to *, but give me error

Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_domain_address: TLS domain address has to be in [IP:port] 
format
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_domain_address: invalid TLS domain address [*]
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:parse_match_addresses: Failed to parse address filter: *
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:db_add_domain: Failed to parse address matching filters
Oct 7 01:06:05 canldev01-fedora27 /usr/sbin/opensips[17640]: 
ERROR:tls_mgm:load_info: failed to add TLS domain 'default' id: 3, skipping...

What is missing ?
Thank you.
volga629___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm modparam

[Vlad Patrascu]

Hi Dan,

This was indeed a parsing bug, I've pushed the fix. Thanks for spotting it!

Regards,

Vlad Patrascu
OpenSIPS Developer
http://www.opensips-solutions.com

On 09/10/2018 08:39 PM, Dan Pascu wrote:

Tried to use the following setting:

modparam("tls_mgm", "match_ip_address", "[default]*”)

This resulted in the following error:

Sep 10 20:19:07 [5987] ERROR:tls_mgm:parse_domain_address: TLS domain address 
has to be in [IP:port] format
Sep 10 20:19:07 [5987] ERROR:tls_mgm:parse_domain_address: invalid TLS domain 
address [*]
Sep 10 20:19:07 [5987] ERROR:tls_mgm:parse_match_addresses: Failed to parse 
address filter: *
Sep 10 20:19:07 [5987] ERROR:tls_mgm:tlsp_set_match_addr: Failed to parse 
domain matching filters for domain [default]
Sep 10 20:19:07 [5987] CRITICAL:core:yyerror: parse error in config file o.cfg, line 132, 
column 20-21: Parameter  not found in module  - 
can't set
Sep 10 20:19:07 [5987] ERROR:core:main: bad config file (1 errors)
Sep 10 20:19:07 [5987] NOTICE:core:main: Exiting


According to the documentation * should be accepted. Is this a bug in parsing 
or is the documentation wrong?


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] tls_mgm modparam

[Dan Pascu]

Tried to use the following setting:

modparam("tls_mgm", "match_ip_address", "[default]*”)

This resulted in the following error:

Sep 10 20:19:07 [5987] ERROR:tls_mgm:parse_domain_address: TLS domain address 
has to be in [IP:port] format
Sep 10 20:19:07 [5987] ERROR:tls_mgm:parse_domain_address: invalid TLS domain 
address [*]
Sep 10 20:19:07 [5987] ERROR:tls_mgm:parse_match_addresses: Failed to parse 
address filter: *
Sep 10 20:19:07 [5987] ERROR:tls_mgm:tlsp_set_match_addr: Failed to parse 
domain matching filters for domain [default]
Sep 10 20:19:07 [5987] CRITICAL:core:yyerror: parse error in config file o.cfg, 
line 132, column 20-21: Parameter  not found in module 
 - can't set
Sep 10 20:19:07 [5987] ERROR:core:main: bad config file (1 errors)
Sep 10 20:19:07 [5987] NOTICE:core:main: Exiting


According to the documentation * should be accepted. Is this a bug in parsing 
or is the documentation wrong?


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm

[volga629]

Hello Vlad,
Thank you, config errors is resolved, but start up failing.

compat-openssl10-1.0.2o-1.fc27.x86_64
openssl-libs-1.1.0f-9.fc27.x86_64
openssl-1.1.0f-9.fc27.x86_64


Sep 7 17:15:01 vprx00 /usr/sbin/opensips[30576]: INFO:tls_mgm:mod_init: 
initializing TLS management
Sep 7 17:15:01 vprx00 /usr/sbin/opensips[30576]: INFO:tls_mgm:mod_init: 
openssl version: OpenSSL 1.1.0f-fips 25 May 2017
Sep 7 17:15:01 vprx00 /usr/sbin/opensips[30576]: 
ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Sep 7 17:15:01 vprx00 /usr/sbin/opensips[30576]: 
ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 
1.0.1e-fips, (or other FIPS version of openssl, as this is known to be 
broken; if so, you need to upgrade or downgrade to a different openssl 
version!
Sep 7 17:15:01 vprx00 /usr/sbin/opensips[30576]: ERROR:core:init_mod: 
failed to initialize module tls_mgm
Sep 7 17:15:01 vprx00 /usr/sbin/opensips[30576]: ERROR:core:main: error 
while initializing modules
Sep 7 17:15:01 vprx00 /usr/sbin/opensips[30576]: INFO:core:cleanup: 
cleanup


volga629

On Fri, Sep 7, 2018 at 10:19 AM, Vlad Patrascu  
wrote:

Hi Volga,

You are probably getting these errors because you are not providing 
the TLS domain name in the parameter specifications. So all 
parameters should look something like this:


modparam("tls_mgm", "tls_method", "[dom_name]TLSv1")

Regards,

Vlad Patrascu
OpenSIPS Developer
http://www.opensips-solutions.com

On 08/31/2018 05:15 PM, volga...@networklab.ca wrote:

Hello Everyone,
Recent versions of opensips tls_mgm module give this error.

opensips-3.0.0.b33b7a7e7-2.fc27.x86_64

[root@vprx00 ~]# opensips -V
version: opensips 3.0.0-dev (x86_64/linux)
flags: STATS: On, SHM_EXTRA_STATS, DISABLE_NAGLE, USE_MCAST, 
SHM_MMAP, PKG_MALLOC, QM_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 
16, MAX_URI_SIZE 1024, BUF_SIZE 65535

poll method support: poll, epoll, sigio_rt, select.
git revision: b33b7a7e7
main.c compiled on 12:56:54 Aug 14 2018 with gcc 7


Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/proto_hep.so
Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/proto_tls.so
Aug 31 09:08:26 [14440] DBG:core:add_module_dependency: adding type 
2 dependency proto_tls - (module tls_mgm)
Aug 31 09:08:26 [14440] DBG:core:add_module_dependency: adding type 
0 dependency proto_tls - (module proto_hep)
Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/tls_mgm.so
Aug 31 09:08:26 [14440] DBG:core:register_module: register_pv: 
tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm 
matches module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 205, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm 
matches module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 206, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm 
matches module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 207, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm 
matches module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 208, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm 
matches module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 209, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm 
matches module tls

Re: [OpenSIPS-Users] tls_mgm

[Vlad Patrascu]

Hi Volga,

You are probably getting these errors because you are not providing the 
TLS domain name in the parameter specifications. So all parameters 
should look something like this:


modparam("tls_mgm", "tls_method", "[dom_name]TLSv1")

Regards,

Vlad Patrascu
OpenSIPS Developer
http://www.opensips-solutions.com

On 08/31/2018 05:15 PM, volga...@networklab.ca wrote:

Hello Everyone,
Recent versions of opensips tls_mgm module give this error.

opensips-3.0.0.b33b7a7e7-2.fc27.x86_64

[root@vprx00 ~]# opensips -V
version: opensips 3.0.0-dev (x86_64/linux)
flags: STATS: On, SHM_EXTRA_STATS, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, 
PKG_MALLOC, QM_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535

poll method support: poll, epoll, sigio_rt, select.
git revision: b33b7a7e7
main.c compiled on 12:56:54 Aug 14 2018 with gcc 7


Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/proto_hep.so
Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/proto_tls.so
Aug 31 09:08:26 [14440] DBG:core:add_module_dependency: adding type 2 
dependency proto_tls - (module tls_mgm)
Aug 31 09:08:26 [14440] DBG:core:add_module_dependency: adding type 0 
dependency proto_tls - (module proto_hep)
Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/tls_mgm.so

Aug 31 09:08:26 [14440] DBG:core:register_module: register_pv: tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]

Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 205, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]

Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 206, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]

Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 207, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]

Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 208, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]

Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 209, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found  
in module tls_mgm [/usr/lib64/opensips/modules/]

Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 210, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found  
in module tls_mgm [/usr/lib64/opensips/modules/]

Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 211, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]

Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensi

[OpenSIPS-Users] tls_mgm

[volga629]

Hello Everyone,
Recent versions of opensips tls_mgm module give this error.

opensips-3.0.0.b33b7a7e7-2.fc27.x86_64

[root@vprx00 ~]# opensips -V
version: opensips 3.0.0-dev (x86_64/linux)
flags: STATS: On, SHM_EXTRA_STATS, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, 
PKG_MALLOC, QM_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535

poll method support: poll, epoll, sigio_rt, select.
git revision: b33b7a7e7
main.c compiled on 12:56:54 Aug 14 2018 with gcc 7


Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/proto_hep.so
Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/proto_tls.so
Aug 31 09:08:26 [14440] DBG:core:add_module_dependency: adding type 2 
dependency proto_tls - (module tls_mgm)
Aug 31 09:08:26 [14440] DBG:core:add_module_dependency: adding type 0 
dependency proto_tls - (module proto_hep)
Aug 31 09:08:26 [14440] DBG:core:load_module: loading module 
/usr/lib64/opensips/modules/tls_mgm.so

Aug 31 09:08:26 [14440] DBG:core:register_module: register_pv: tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 205, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 206, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 207, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 208, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 209, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found  
in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 210, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found  in 
module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 211, column 18-19: Parameter 
 not found in module  - can't set
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: tls_mgm matches 
module tls_mgm
Aug 31 09:08:26 [14440] DBG:core:set_mod_param_regex: found 
 in module tls_mgm [/usr/lib64/opensips/modules/]
Aug 31 09:08:26 [14440] ERROR:tls_mgm:split_param_val: No TLS domain 
name
Aug 31 09:08:26 [14440] CRITICAL:core:yyerror: parse error in config 
file /etc/opensips/opensips.cfg, line 212, column 18-19: Parameter 
 not found in module  - can't set




Any help thank you

volga629


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm module issue

[Răzvan Crainea]

Hello!

From the traces you posted, all I can see is that the traffic is 
broken, that the WSS client is not sending a proper HTTP format to 
opensips. Can you detail a bit how you are testing?


Best regards,

Răzvan Crainea
OpenSIPS Developer
www.opensips-solutions.com

On 01/12/2018 10:05 AM, Ravindrakumar Bhatt wrote:

Hi Razvan,
I am not getting any other error.
Please find debug logs for WS and WSS register request:
https://pastebin.com/R2FZZVZJ



On Thu, Jan 11, 2018 at 1:52 PM, Răzvan Crainea > wrote:


Are there any other errors in your logs, besides the ones you posted?

Best regards,

Răzvan Crainea
OpenSIPS Developer
www.opensips-solutions.com 

On 01/10/2018 04:02 PM, Ravindrakumar Bhatt wrote:

Hi all,
Issue was resolved when i changed opensips git revision but now i
am facing new issue related to WSS connection.

Jan 10 19:20:50 localhost /usr/local/sbin/opensips[9024]:
ERROR:proto_wss:wss_read_req: cannot fix read connection
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9049]:
INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9049]:
INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 80
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9024]:
ERROR:proto_wss:tls_accept: New TLS connection from
192.168.1.114:35916  failed to accept

I have followed all steps mentioned here:
http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2


Please provide your suggestion.





___
Users mailing list
Users@lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users





--
*Thanks and Regards,
*
*Ravindrakumar Bhatt
*
Jr. Software Developer
Ecosmob Technologies Ltd
Ahmedabad
Mo:*+918460692402*


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm module issue

[Ravindrakumar Bhatt]

Hi Razvan,
I am not getting any other error.
Please find debug logs for WS and WSS register request:
https://pastebin.com/R2FZZVZJ



On Thu, Jan 11, 2018 at 1:52 PM, Răzvan Crainea  wrote:

> Are there any other errors in your logs, besides the ones you posted?
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Developerwww.opensips-solutions.com
>
> On 01/10/2018 04:02 PM, Ravindrakumar Bhatt wrote:
>
> Hi all,
> Issue was resolved when i changed opensips git revision but now i am
> facing new issue related to WSS connection.
>
> Jan 10 19:20:50 localhost /usr/local/sbin/opensips[9024]: ERROR:proto_
> wss:wss_read_req: cannot fix read connection
> Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9049]:
> INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
> Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9049]:
> INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 80
> Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9024]: ERROR:proto_
> wss:tls_accept: New TLS connection from 192.168.1.114:35916 failed to
> accept
>
> I have followed all steps mentioned here:
> http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2
>
> Please provide your suggestion.
>
>
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>


-- 

*Thanks and Regards,*

*Ravindrakumar Bhatt*
Jr. Software Developer
Ecosmob Technologies Ltd
Ahmedabad
Mo:*+918460692402*
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm module issue

[Răzvan Crainea]

Are there any other errors in your logs, besides the ones you posted?

Best regards,

Răzvan Crainea
OpenSIPS Developer
www.opensips-solutions.com

On 01/10/2018 04:02 PM, Ravindrakumar Bhatt wrote:

Hi all,
Issue was resolved when i changed opensips git revision but now i am 
facing new issue related to WSS connection.


Jan 10 19:20:50 localhost /usr/local/sbin/opensips[9024]: 
ERROR:proto_wss:wss_read_req: cannot fix read connection
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9049]: 
INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9049]: 
INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 80
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9024]: 
ERROR:proto_wss:tls_accept: New TLS connection from 
192.168.1.114:35916  failed to accept


I have followed all steps mentioned here:
http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2

Please provide your suggestion.




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm module issue

[Ravindrakumar Bhatt]

Hi all,
Issue was resolved when i changed opensips git revision but now i am facing
new issue related to WSS connection.

Jan 10 19:20:50 localhost /usr/local/sbin/opensips[9024]:
ERROR:proto_wss:wss_read_req: cannot fix read connection
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9049]:
INFO:core:probe_max_sock_buff: using snd buffer of 416 kb
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9049]:
INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 80
Jan 10 19:20:51 localhost /usr/local/sbin/opensips[9024]:
ERROR:proto_wss:tls_accept: New TLS connection from 192.168.1.114:35916
failed to accept

I have followed all steps mentioned here:
http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2

Please provide your suggestion.


On Mon, Jan 8, 2018 at 2:45 PM, Ravindrakumar Bhatt <
ravindra.bh...@ecosmob.com> wrote:

>  Thanks for pointing out but its ok as its testing server.
>
>
> On Mon, Jan 8, 2018 at 2:21 PM, Callum Guy  wrote:
>
>> Just a reminder that you've left your password in that paste in case its
>> not a test system
>>
>>
>>1. modparam("avpops", "db_url","mysql://root:hpC1kk6K@localhost
>>/inmate_services")
>>
>>
>> On Sat, Jan 6, 2018 at 5:56 AM Ravindrakumar Bhatt <
>> ravindra.bh...@ecosmob.com> wrote:
>>
>>> Thanks for responding but I am not using postgres or mongodb. i am using
>>> mysql.
>>>
>>> Please review my opensips config file if it helps to understand issue.
>>> https://pastebin.com/CY8zxHGN
>>>
>>> On 05-Jan-2018 7:42 PM, "Răzvan Crainea"  wrote:
>>>
 The problem seems to be with either postgres or mongodb. Are you using
 any of these modules?
 For more information, please follow this issue[1] on GitHub.

 [1] https://github.com/OpenSIPS/opensips/issues/1114

 Best regards,

 Răzvan Crainea
 OpenSIPS Developerwww.opensips-solutions.com

 On 01/05/2018 03:22 PM, Ravindrakumar Bhatt wrote:

 Hi all,
 I am using opensips 2.3 and i want to configure opensips for wss and
 tls but when i try to start opensips i am getting following error.

 Error:

 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 INFO:core:mod_init: initializing UDP-plain protocol
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 INFO:proto_ws:mod_init: initializing WebSocket protocol
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 INFO:proto_wss:mod_init: initializing Secure WebSocket protocol
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 INFO:tls_mgm:mod_init: initializing TLS management
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
 (or other FIPS version of openssl, as this is known to be broken; if so,
 you need to upgrade or downgrade to a different openssl version!
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.2k-fips  26 Jan 2017
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 ERROR:core:init_mod: failed to initialize module tls_mgm
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 ERROR:core:main: error while initializing modules
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 INFO:core:cleanup: cleanup
 Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
 NOTICE:core:main: Exiting
 Jan  5 18:33:17 localhost opensips: INFO:core:daemonize: pre-daemon
 process exiting with -1

 Opensips version:

 version: opensips 2.3.2 (x86_64/linux)
 flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
 F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
 ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
 MAX_URI_SIZE 1024, BUF_SIZE 65535
 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
 git revision: 823044b
 main.c compiled on 12:52:21 Jan  5 2018 with gcc 4.8.5

 Openssl version: OpenSSL 1.0.2k-fips  26 Jan 2017

 OS Details:CentOS Linux release 7.4.1708 (Core)

 So where is the problem and do i have to downgrade openssl version?
 Please provide your feedback on this issue.

 *Thanks and Regards, *

 *Ravindrakumar Bhatt *
 Jr. Software Developer
 Ecosmob Technologies Ltd
 Ahmedabad
 Mo:*+918460692402 <+91%2084606%2092402>*


 ___
 Users mailing 
 listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users



 ___
 Users mailing list
 Users@lists.opensips.org
 http://lists.opensips.org/cgi-bin/mailman/listinfo/users

 __

Re: [OpenSIPS-Users] tls_mgm module issue

[Ravindrakumar Bhatt]

 Thanks for pointing out but its ok as its testing server.

On Mon, Jan 8, 2018 at 2:21 PM, Callum Guy  wrote:

> Just a reminder that you've left your password in that paste in case its
> not a test system
>
>
>1. modparam("avpops", "db_url","mysql://root:hpC1kk6K@localhost/inmate_
>services")
>
>
> On Sat, Jan 6, 2018 at 5:56 AM Ravindrakumar Bhatt <
> ravindra.bh...@ecosmob.com> wrote:
>
>> Thanks for responding but I am not using postgres or mongodb. i am using
>> mysql.
>>
>> Please review my opensips config file if it helps to understand issue.
>> https://pastebin.com/CY8zxHGN
>>
>> On 05-Jan-2018 7:42 PM, "Răzvan Crainea"  wrote:
>>
>>> The problem seems to be with either postgres or mongodb. Are you using
>>> any of these modules?
>>> For more information, please follow this issue[1] on GitHub.
>>>
>>> [1] https://github.com/OpenSIPS/opensips/issues/1114
>>>
>>> Best regards,
>>>
>>> Răzvan Crainea
>>> OpenSIPS Developerwww.opensips-solutions.com
>>>
>>> On 01/05/2018 03:22 PM, Ravindrakumar Bhatt wrote:
>>>
>>> Hi all,
>>> I am using opensips 2.3 and i want to configure opensips for wss and tls
>>> but when i try to start opensips i am getting following error.
>>>
>>> Error:
>>>
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> INFO:core:mod_init: initializing UDP-plain protocol
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> INFO:proto_ws:mod_init: initializing WebSocket protocol
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> INFO:proto_wss:mod_init: initializing Secure WebSocket protocol
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> INFO:tls_mgm:mod_init: initializing TLS management
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
>>> (or other FIPS version of openssl, as this is known to be broken; if so,
>>> you need to upgrade or downgrade to a different openssl version!
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.2k-fips  26 Jan 2017
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> ERROR:core:init_mod: failed to initialize module tls_mgm
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> ERROR:core:main: error while initializing modules
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> INFO:core:cleanup: cleanup
>>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>>> NOTICE:core:main: Exiting
>>> Jan  5 18:33:17 localhost opensips: INFO:core:daemonize: pre-daemon
>>> process exiting with -1
>>>
>>> Opensips version:
>>>
>>> version: opensips 2.3.2 (x86_64/linux)
>>> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
>>> F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>>> MAX_URI_SIZE 1024, BUF_SIZE 65535
>>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>>> git revision: 823044b
>>> main.c compiled on 12:52:21 Jan  5 2018 with gcc 4.8.5
>>>
>>> Openssl version: OpenSSL 1.0.2k-fips  26 Jan 2017
>>>
>>> OS Details:CentOS Linux release 7.4.1708 (Core)
>>>
>>> So where is the problem and do i have to downgrade openssl version?
>>> Please provide your feedback on this issue.
>>>
>>> *Thanks and Regards, *
>>>
>>> *Ravindrakumar Bhatt *
>>> Jr. Software Developer
>>> Ecosmob Technologies Ltd
>>> Ahmedabad
>>> Mo:*+918460692402 <+91%2084606%2092402>*
>>>
>>>
>>> ___
>>> Users mailing 
>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> --
> Callum Guy
> Head of Information Security
> X-on
>
>
> *0333 332   |  www.x-on.co.uk   |   **
>    
>    *
> X-on is a trading name of Storacall Technology Ltd a limited company
> registered in England and Wales.
> Registered Office : Avaland House, 110 London Road, Apsley, Hemel
> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
> The information in this e-mail is confidential and for use by the
> addressee(s) only. If you are not the intended recipient, please notify
> X-on immediately on +44(0)333 332  and delete the
> message from your computer. If you are not a named addressee you must not
> use, disclose, disseminate, distribute, copy, print or reply to this email

Re: [OpenSIPS-Users] tls_mgm module issue

[Callum Guy]

Just a reminder that you've left your password in that paste in case its
not a test system


   1. modparam("avpops", "db_url","mysql://root:hpC1kk6K@localhost
   /inmate_services")


On Sat, Jan 6, 2018 at 5:56 AM Ravindrakumar Bhatt <
ravindra.bh...@ecosmob.com> wrote:

> Thanks for responding but I am not using postgres or mongodb. i am using
> mysql.
>
> Please review my opensips config file if it helps to understand issue.
> https://pastebin.com/CY8zxHGN
>
> On 05-Jan-2018 7:42 PM, "Răzvan Crainea"  wrote:
>
>> The problem seems to be with either postgres or mongodb. Are you using
>> any of these modules?
>> For more information, please follow this issue[1] on GitHub.
>>
>> [1] https://github.com/OpenSIPS/opensips/issues/1114
>>
>> Best regards,
>>
>> Răzvan Crainea
>> OpenSIPS Developerwww.opensips-solutions.com
>>
>> On 01/05/2018 03:22 PM, Ravindrakumar Bhatt wrote:
>>
>> Hi all,
>> I am using opensips 2.3 and i want to configure opensips for wss and tls
>> but when i try to start opensips i am getting following error.
>>
>> Error:
>>
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> INFO:core:mod_init: initializing UDP-plain protocol
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> INFO:proto_ws:mod_init: initializing WebSocket protocol
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> INFO:proto_wss:mod_init: initializing Secure WebSocket protocol
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> INFO:tls_mgm:mod_init: initializing TLS management
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
>> (or other FIPS version of openssl, as this is known to be broken; if so,
>> you need to upgrade or downgrade to a different openssl version!
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.2k-fips  26 Jan 2017
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> ERROR:core:init_mod: failed to initialize module tls_mgm
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> ERROR:core:main: error while initializing modules
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> INFO:core:cleanup: cleanup
>> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
>> NOTICE:core:main: Exiting
>> Jan  5 18:33:17 localhost opensips: INFO:core:daemonize: pre-daemon
>> process exiting with -1
>>
>> Opensips version:
>>
>> version: opensips 2.3.2 (x86_64/linux)
>> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
>> F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>> MAX_URI_SIZE 1024, BUF_SIZE 65535
>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>> git revision: 823044b
>> main.c compiled on 12:52:21 Jan  5 2018 with gcc 4.8.5
>>
>> Openssl version: OpenSSL 1.0.2k-fips  26 Jan 2017
>>
>> OS Details:CentOS Linux release 7.4.1708 (Core)
>>
>> So where is the problem and do i have to downgrade openssl version?
>> Please provide your feedback on this issue.
>>
>> *Thanks and Regards, *
>>
>> *Ravindrakumar Bhatt *
>> Jr. Software Developer
>> Ecosmob Technologies Ltd
>> Ahmedabad
>> Mo:*+918460692402 <+91%2084606%2092402>*
>>
>>
>> ___
>> Users mailing 
>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


-- 
Callum Guy
Head of Information Security
X-on

-- 



*0333 332   |  www.x-on.co.uk   |   ** 
    
   * 
X-on is a trading name of Storacall Technology Ltd a limited company 
registered in England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley, Hemel 
Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
The information in this e-mail is confidential and for use by the 
addressee(s) only. If you are not the intended recipient, please notify 
X-on immediately on +44(0)333 332  and delete the
message from your computer. If you are not a named addressee you must not 
use, disclose, disseminate, distribute, copy, print or reply to this email. 
Views 
or opinions expressed by an individual
within this email may not necessarily reflect the views of X-on or its 
associated companies. Although X-on routinely screens for viruses, 
addressees should scan this email and any attachments
for 

Re: [OpenSIPS-Users] tls_mgm module issue

[Ravindrakumar Bhatt]

Thanks for responding but I am not using postgres or mongodb. i am using
mysql.

Please review my opensips config file if it helps to understand issue.
https://pastebin.com/CY8zxHGN

On 05-Jan-2018 7:42 PM, "Răzvan Crainea"  wrote:

> The problem seems to be with either postgres or mongodb. Are you using any
> of these modules?
> For more information, please follow this issue[1] on GitHub.
>
> [1] https://github.com/OpenSIPS/opensips/issues/1114
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Developerwww.opensips-solutions.com
>
> On 01/05/2018 03:22 PM, Ravindrakumar Bhatt wrote:
>
> Hi all,
> I am using opensips 2.3 and i want to configure opensips for wss and tls
> but when i try to start opensips i am getting following error.
>
> Error:
>
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> INFO:core:mod_init: initializing UDP-plain protocol
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> INFO:proto_ws:mod_init: initializing WebSocket protocol
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> INFO:proto_wss:mod_init: initializing Secure WebSocket protocol
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> INFO:tls_mgm:mod_init: initializing TLS management
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
> (or other FIPS version of openssl, as this is known to be broken; if so,
> you need to upgrade or downgrade to a different openssl version!
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.2k-fips  26 Jan 2017
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> ERROR:core:init_mod: failed to initialize module tls_mgm
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> ERROR:core:main: error while initializing modules
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> INFO:core:cleanup: cleanup
> Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
> NOTICE:core:main: Exiting
> Jan  5 18:33:17 localhost opensips: INFO:core:daemonize: pre-daemon
> process exiting with -1
>
> Opensips version:
>
> version: opensips 2.3.2 (x86_64/linux)
> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
> F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> git revision: 823044b
> main.c compiled on 12:52:21 Jan  5 2018 with gcc 4.8.5
>
> Openssl version: OpenSSL 1.0.2k-fips  26 Jan 2017
>
> OS Details:CentOS Linux release 7.4.1708 (Core)
>
> So where is the problem and do i have to downgrade openssl version?
> Please provide your feedback on this issue.
>
> *Thanks and Regards, *
>
> *Ravindrakumar Bhatt *
> Jr. Software Developer
> Ecosmob Technologies Ltd
> Ahmedabad
> Mo:*+918460692402*
>
>
> ___
> Users mailing 
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm module issue

[Răzvan Crainea]

The problem seems to be with either postgres or mongodb. Are you using 
any of these modules?

For more information, please follow this issue[1] on GitHub.

[1] https://github.com/OpenSIPS/opensips/issues/1114

Best regards,

Răzvan Crainea
OpenSIPS Developer
www.opensips-solutions.com

On 01/05/2018 03:22 PM, Ravindrakumar Bhatt wrote:

Hi all,
I am using opensips 2.3 and i want to configure opensips for wss and 
tls but when i try to start opensips i am getting following error.


Error:

Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
INFO:core:mod_init: initializing UDP-plain protocol
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
INFO:proto_ws:mod_init: initializing WebSocket protocol
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
INFO:proto_wss:mod_init: initializing Secure WebSocket protocol
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
INFO:tls_mgm:mod_init: initializing TLS management
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 
1.0.1e-fips, (or other FIPS version of openssl, as this is known to be 
broken; if so, you need to upgrade or downgrade to a different openssl 
version!
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.2k-fips  26 Jan 2017
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
ERROR:core:init_mod: failed to initialize module tls_mgm
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
ERROR:core:main: error while initializing modules
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
INFO:core:cleanup: cleanup
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: 
NOTICE:core:main: Exiting
Jan  5 18:33:17 localhost opensips: INFO:core:daemonize: pre-daemon 
process exiting with -1


Opensips version:

version: opensips 2.3.2 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, 
F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535

poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 823044b
main.c compiled on 12:52:21 Jan  5 2018 with gcc 4.8.5

Openssl version: OpenSSL 1.0.2k-fips  26 Jan 2017

OS Details:CentOS Linux release 7.4.1708 (Core)
So where is the problem and do i have to downgrade openssl version?
Please provide your feedback on this issue.
*Thanks and Regards,
*
*Ravindrakumar Bhatt
*
Jr. Software Developer
Ecosmob Technologies Ltd
Ahmedabad
Mo:*+918460692402*


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] tls_mgm module issue

[Ravindrakumar Bhatt]

Hi all,
I am using opensips 2.3 and i want to configure opensips for wss and tls
but when i try to start opensips i am getting following error.

Error:

Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
INFO:core:mod_init: initializing UDP-plain protocol
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
INFO:proto_ws:mod_init: initializing WebSocket protocol
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
INFO:proto_wss:mod_init: initializing Secure WebSocket protocol
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
INFO:tls_mgm:mod_init: initializing TLS management
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl 1.0.1e-fips,
(or other FIPS version of openssl, as this is known to be broken; if so,
you need to upgrade or downgrade to a different openssl version!
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.2k-fips  26 Jan 2017
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
ERROR:core:init_mod: failed to initialize module tls_mgm
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: ERROR:core:main:
error while initializing modules
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]:
INFO:core:cleanup: cleanup
Jan  5 18:33:17 localhost /usr/local/sbin/opensips[1452]: NOTICE:core:main:
Exiting
Jan  5 18:33:17 localhost opensips: INFO:core:daemonize: pre-daemon process
exiting with -1

Opensips version:

version: opensips 2.3.2 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 823044b
main.c compiled on 12:52:21 Jan  5 2018 with gcc 4.8.5

Openssl version: OpenSSL 1.0.2k-fips  26 Jan 2017

OS Details:CentOS Linux release 7.4.1708 (Core)

So where is the problem and do i have to downgrade openssl version?
Please provide your feedback on this issue.

*Thanks and Regards,*

*Ravindrakumar Bhatt*
Jr. Software Developer
Ecosmob Technologies Ltd
Ahmedabad
Mo:*+918460692402*
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] TLS_MGM: Multi-domain Client Certificate Validation

[Callum Guy]

It's always easy to overlook the content in errors that haven't been seen
before, I agree that on reflection this should have been looked into in
more detail as it does cover the scenario. In the context of a Comodo
certificate (which we use regularly) it sounded implausible that we
wouldn't be able to validate it. TIL - intermediate certificates matter.



On Tue, Jul 25, 2017 at 4:27 PM Bogdan-Andrei Iancu 
wrote:

> I have to admit that you have to "know how to read the SSL errors" in
> order to really understand the root problem :) . Now that you find the
> issue and if we look back at the error description "verify
> error:num=20:unable to get local issuer certificate", it make sense - SSL
> complains it did not find the comodo CA in order to validate the
> certificate presented by the TLS client (which was probably signed by
> Comodo).
>
> Best regards,
>
> Bogdan-Andrei Iancu
>   OpenSIPS Founder and Developer
>   http://www.opensips-solutions.com
>
> OpenSIPS Bootcamp 2017, Houston, US
>   http://opensips.org/training/OpenSIPS_Bootcamp_2017.html
>
> On 07/25/2017 05:27 PM, Callum Guy wrote:
>
> Hi Bogdan,
>
> Thanks for your response, based on your advice I performed a full packet
> capture on the handshake and established that a certificate was indeed
> being presented.
>
> Following up on this I managed to establish that the problem was a missing
> intermediary CA in the certificate chain, specifically:
>
>
> https://support.comodo.com/index.php?/Knowledgebase/Article/View/975/108/intermediate-2-sha-2-comodo-rsa-extended-validation-secure-server-ca
>
> The error message presented by OpenSIPs was certainly misleading in this
> case. For others benefit the approach for installing a new CA is super
> simple:
>
>1. create the file in /etc/pki/ca-trust/source/anchors
>(i.e. comodo-ca-rsa-ev-secure-server.pem)
>2. run "update-ca-trust" with root privs
>
> Problem solved.
>
> Have a good day all!
>
> Callum
>
> On Tue, Jul 25, 2017 at 2:48 PM Bogdan-Andrei Iancu 
> wrote:
>
>> Hi Callum,
>>
>> The error may indicate the fact that the TLS client does not present a
>> TLS certificate while connection to your OpenSIPS. This has nothing to do
>> with the TLS multi domain, which anyhow is supported. As the test, you can
>> create a separate TLS domain (server) bound to the IP of that TLS client,
>> TLS domain having the require_certificate option turned off.
>>
>> Best Regards,
>>
>> Bogdan-Andrei Iancu
>>   OpenSIPS Founder and Developer
>>   http://www.opensips-solutions.com
>>
>> OpenSIPS Bootcamp 2017, Houston, US
>>   http://opensips.org/training/OpenSIPS_Bootcamp_2017.html
>>
>> On 07/25/2017 03:26 PM, Callum Guy wrote:
>>
>> Hi All,
>>
>> *Running: *opensips-2.3.1-1.el7.x86_64 / CentOS 7
>>
>> I have been working with new TLS connection and have been having problems
>> validating their client certificate. My OpenSIPs configuration works fine
>> for other providers (i.e. Twilio) however I am seeing the following error
>> messages reported while verify_cert is enabled:
>>
>> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
>> NOTICE:tls_mgm:verify_callback: depth = 0
>> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
>> NOTICE:tls_mgm:verify_callback: subject =
>> /serialNumber=03379831/1.3.6.1.4.1.311.60.2.1.3=GB/businessCategory=Private
>> Organization/C=GB/postalCode=SO16 7NP/L=Southampton/street=2 Venture
>> Road/O=SIMWOOD ESMS LIMITED/OU=COMODO EV Multi-Domain SSL/CN=simwood.com
>> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
>> NOTICE:tls_mgm:verify_callback: verify error:num=20:unable to get local
>> issuer certificate
>> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
>> NOTICE:tls_mgm:verify_callback: something wrong with the cert ... error
>> code is 20 (check x509_vfy.h)
>> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
>> NOTICE:tls_mgm:verify_callback: verify return:0
>> Jul 25 13:10:32 proxy.ex.com opensips[4881]: ERROR:proto_tls:tls_accept:
>> New TLS connection from 178.22.140.34:34281 failed to accept
>> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
>> ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890B2:SSL
>> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
>> ERROR:proto_tls:tls_read_req: failed to do pre-tls reading
>>
>> Part of my reason for resorting to the mailing list are old mailing list
>> emails discussing that multi-domain certificates are not supported by
>> OpenSIPs - is anyone able to confirm if this remains a problem?
>>
>> The openssl error code 20 is translated as
>> X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
>>
>> I have seen other reports that this issue may be related to an improperly
>> chained certificate - does this sound at all likely?
>>
>> Any tips on debugging would be greatly appreciated, thanks.
>>
>> Callum
>> --
>> Callum Guy
>> Head of Information Security
>> X-on
>>
>>
>> *0333 332   |  www.x-on.co.uk   |   **
>>    

Re: [OpenSIPS-Users] TLS_MGM: Multi-domain Client Certificate Validation

[Bogdan-Andrei Iancu]

I have to admit that you have to "know how to read the SSL errors" in 
order to really understand the root problem :) . Now that you find the 
issue and if we look back at the error description "verify 
error:num=20:unable to get local issuer certificate", it make sense - 
SSL complains it did not find the comodo CA in order to validate the 
certificate presented by the TLS client (which was probably signed by 
Comodo).


Best regards,

Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com

OpenSIPS Bootcamp 2017, Houston, US
  http://opensips.org/training/OpenSIPS_Bootcamp_2017.html

On 07/25/2017 05:27 PM, Callum Guy wrote:

Hi Bogdan,

Thanks for your response, based on your advice I performed a full 
packet capture on the handshake and established that a certificate was 
indeed being presented.


Following up on this I managed to establish that the problem was a 
missing intermediary CA in the certificate chain, specifically:


https://support.comodo.com/index.php?/Knowledgebase/Article/View/975/108/intermediate-2-sha-2-comodo-rsa-extended-validation-secure-server-ca

The error message presented by OpenSIPs was certainly misleading in 
this case. For others benefit the approach for installing a new CA is 
super simple:


 1. create the file in /etc/pki/ca-trust/source/anchors
(i.e. comodo-ca-rsa-ev-secure-server.pem)
 2. run "update-ca-trust" with root privs

Problem solved.

Have a good day all!

Callum

On Tue, Jul 25, 2017 at 2:48 PM Bogdan-Andrei Iancu 
mailto:bog...@opensips.org>> wrote:


Hi Callum,

The error may indicate the fact that the TLS client does not
present a TLS certificate while connection to your OpenSIPS. This
has nothing to do with the TLS multi domain, which anyhow is
supported. As the test, you can create a separate TLS domain
(server) bound to the IP of that TLS client, TLS domain having the
require_certificate option turned off.

Best Regards,

Bogdan-Andrei Iancu
   OpenSIPS Founder and Developer
   http://www.opensips-solutions.com

OpenSIPS Bootcamp 2017, Houston, US
   http://opensips.org/training/OpenSIPS_Bootcamp_2017.html

On 07/25/2017 03:26 PM, Callum Guy wrote:

Hi All,

*Running: *opensips-2.3.1-1.el7.x86_64 / CentOS 7

I have been working with new TLS connection and have been having
problems validating their client certificate. My OpenSIPs
configuration works fine for other providers (i.e. Twilio)
however I am seeing the following error messages reported while
verify_cert is enabled:

Jul 25 13:10:32 proxy.ex.com 
opensips[4881]: NOTICE:tls_mgm:verify_callback: depth = 0
Jul 25 13:10:32 proxy.ex.com 
opensips[4881]: NOTICE:tls_mgm:verify_callback: subject =
/serialNumber=03379831/1.3.6.1.4.1.311.60.2.1.3=GB/businessCategory=Private
Organization/C=GB/postalCode=SO16 7NP/L=Southampton/street=2
Venture Road/O=SIMWOOD ESMS LIMITED/OU=COMODO EV Multi-Domain
SSL/CN=simwood.com 
Jul 25 13:10:32 proxy.ex.com 
opensips[4881]: NOTICE:tls_mgm:verify_callback: verify
error:num=20:unable to get local issuer certificate
Jul 25 13:10:32 proxy.ex.com 
opensips[4881]: NOTICE:tls_mgm:verify_callback: something wrong
with the cert ... error code is 20 (check x509_vfy.h)
Jul 25 13:10:32 proxy.ex.com 
opensips[4881]: NOTICE:tls_mgm:verify_callback: verify return:0
Jul 25 13:10:32 proxy.ex.com 
opensips[4881]: ERROR:proto_tls:tls_accept: New TLS connection
from 178.22.140.34:34281  failed to
accept
Jul 25 13:10:32 proxy.ex.com 
opensips[4881]: ERROR:proto_tls:tls_print_errstack: TLS errstack:
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned
Jul 25 13:10:32 proxy.ex.com 
opensips[4881]: ERROR:proto_tls:tls_read_req: failed to do
pre-tls reading

Part of my reason for resorting to the mailing list are old
mailing list emails discussing that multi-domain certificates are
not supported by OpenSIPs - is anyone able to confirm if this
remains a problem?

The openssl error code 20 is translated as
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

I have seen other reports that this issue may be related to an
improperly chained certificate - does this sound at all likely?

Any tips on debugging would be greatly appreciated, thanks.

Callum
-- 
Callum Guy

Head of Information Security
X-on


*^0333 332   | www.x-on.co.uk   |
_**_^
  *
X-on is a trading name of Storacall Technology Ltd a limited
company registered in England and Wale

Re: [OpenSIPS-Users] TLS_MGM: Multi-domain Client Certificate Validation

[Callum Guy]

Hi Bogdan,

Thanks for your response, based on your advice I performed a full packet
capture on the handshake and established that a certificate was indeed
being presented.

Following up on this I managed to establish that the problem was a missing
intermediary CA in the certificate chain, specifically:

https://support.comodo.com/index.php?/Knowledgebase/Article/View/975/108/intermediate-2-sha-2-comodo-rsa-extended-validation-secure-server-ca

The error message presented by OpenSIPs was certainly misleading in this
case. For others benefit the approach for installing a new CA is super
simple:

   1. create the file in /etc/pki/ca-trust/source/anchors
   (i.e. comodo-ca-rsa-ev-secure-server.pem)
   2. run "update-ca-trust" with root privs

Problem solved.

Have a good day all!

Callum

On Tue, Jul 25, 2017 at 2:48 PM Bogdan-Andrei Iancu 
wrote:

> Hi Callum,
>
> The error may indicate the fact that the TLS client does not present a TLS
> certificate while connection to your OpenSIPS. This has nothing to do with
> the TLS multi domain, which anyhow is supported. As the test, you can
> create a separate TLS domain (server) bound to the IP of that TLS client,
> TLS domain having the require_certificate option turned off.
>
> Best Regards,
>
> Bogdan-Andrei Iancu
>   OpenSIPS Founder and Developer
>   http://www.opensips-solutions.com
>
> OpenSIPS Bootcamp 2017, Houston, US
>   http://opensips.org/training/OpenSIPS_Bootcamp_2017.html
>
> On 07/25/2017 03:26 PM, Callum Guy wrote:
>
> Hi All,
>
> *Running: *opensips-2.3.1-1.el7.x86_64 / CentOS 7
>
> I have been working with new TLS connection and have been having problems
> validating their client certificate. My OpenSIPs configuration works fine
> for other providers (i.e. Twilio) however I am seeing the following error
> messages reported while verify_cert is enabled:
>
> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
> NOTICE:tls_mgm:verify_callback: depth = 0
> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
> NOTICE:tls_mgm:verify_callback: subject =
> /serialNumber=03379831/1.3.6.1.4.1.311.60.2.1.3=GB/businessCategory=Private
> Organization/C=GB/postalCode=SO16 7NP/L=Southampton/street=2 Venture
> Road/O=SIMWOOD ESMS LIMITED/OU=COMODO EV Multi-Domain SSL/CN=simwood.com
> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
> NOTICE:tls_mgm:verify_callback: verify error:num=20:unable to get local
> issuer certificate
> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
> NOTICE:tls_mgm:verify_callback: something wrong with the cert ... error
> code is 20 (check x509_vfy.h)
> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
> NOTICE:tls_mgm:verify_callback: verify return:0
> Jul 25 13:10:32 proxy.ex.com opensips[4881]: ERROR:proto_tls:tls_accept:
> New TLS connection from 178.22.140.34:34281 failed to accept
> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
> ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> Jul 25 13:10:32 proxy.ex.com opensips[4881]:
> ERROR:proto_tls:tls_read_req: failed to do pre-tls reading
>
> Part of my reason for resorting to the mailing list are old mailing list
> emails discussing that multi-domain certificates are not supported by
> OpenSIPs - is anyone able to confirm if this remains a problem?
>
> The openssl error code 20 is translated as
> X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
>
> I have seen other reports that this issue may be related to an improperly
> chained certificate - does this sound at all likely?
>
> Any tips on debugging would be greatly appreciated, thanks.
>
> Callum
> --
> Callum Guy
> Head of Information Security
> X-on
>
>
> *0333 332   |  www.x-on.co.uk   |   **
>    
>    *
> X-on is a trading name of Storacall Technology Ltd a limited company
> registered in England and Wales.
> Registered Office : Avaland House, 110 London Road, Apsley, Hemel
> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
> The information in this e-mail is confidential and for use by the
> addressee(s) only. If you are not the intended recipient, please notify
> X-on immediately on +44(0)333 332  <+44%20333%20332%20> and
> delete the
> message from your computer. If you are not a named addressee you must not
> use, disclose, disseminate, distribute, copy, print or reply to this email. 
> Views
> or opinions expressed by an individual
> within this email may not necessarily reflect the views of X-on or its
> associated companies. Although X-on routinely screens for viruses,
> addressees should scan this email and any attachments
> for viruses. X-on makes no representation or warranty as to the absence of
> viruses in this email or any attachments.
>
>
>
> ___
> Users mailing 
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> --
Callum Guy
Head

Re: [OpenSIPS-Users] TLS_MGM: Multi-domain Client Certificate Validation

[Bogdan-Andrei Iancu]

Hi Callum,

The error may indicate the fact that the TLS client does not present a 
TLS certificate while connection to your OpenSIPS. This has nothing to 
do with the TLS multi domain, which anyhow is supported. As the test, 
you can create a separate TLS domain (server) bound to the IP of that 
TLS client, TLS domain having the require_certificate option turned off.


Best Regards,

Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com

OpenSIPS Bootcamp 2017, Houston, US
  http://opensips.org/training/OpenSIPS_Bootcamp_2017.html

On 07/25/2017 03:26 PM, Callum Guy wrote:

Hi All,

*Running: *opensips-2.3.1-1.el7.x86_64 / CentOS 7

I have been working with new TLS connection and have been having 
problems validating their client certificate. My OpenSIPs 
configuration works fine for other providers (i.e. Twilio) however I 
am seeing the following error messages reported while verify_cert is 
enabled:


Jul 25 13:10:32 proxy.ex.com  opensips[4881]: 
NOTICE:tls_mgm:verify_callback: depth = 0
Jul 25 13:10:32 proxy.ex.com  opensips[4881]: 
NOTICE:tls_mgm:verify_callback: subject = 
/serialNumber=03379831/1.3.6.1.4.1.311.60.2.1.3=GB/businessCategory=Private 
Organization/C=GB/postalCode=SO16 7NP/L=Southampton/street=2 Venture 
Road/O=SIMWOOD ESMS LIMITED/OU=COMODO EV Multi-Domain 
SSL/CN=simwood.com 
Jul 25 13:10:32 proxy.ex.com  opensips[4881]: 
NOTICE:tls_mgm:verify_callback: verify error:num=20:unable to get 
local issuer certificate
Jul 25 13:10:32 proxy.ex.com  opensips[4881]: 
NOTICE:tls_mgm:verify_callback: something wrong with the cert ... 
error code is 20 (check x509_vfy.h)
Jul 25 13:10:32 proxy.ex.com  opensips[4881]: 
NOTICE:tls_mgm:verify_callback: verify return:0
Jul 25 13:10:32 proxy.ex.com  opensips[4881]: 
ERROR:proto_tls:tls_accept: New TLS connection from 
178.22.140.34:34281  failed to accept
Jul 25 13:10:32 proxy.ex.com  opensips[4881]: 
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Jul 25 13:10:32 proxy.ex.com  opensips[4881]: 
ERROR:proto_tls:tls_read_req: failed to do pre-tls reading


Part of my reason for resorting to the mailing list are old mailing 
list emails discussing that multi-domain certificates are not 
supported by OpenSIPs - is anyone able to confirm if this remains a 
problem?


The openssl error code 20 is translated as 
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY


I have seen other reports that this issue may be related to an 
improperly chained certificate - does this sound at all likely?


Any tips on debugging would be greatly appreciated, thanks.

Callum
--
Callum Guy
Head of Information Security
X-on


*^0333 332   | www.x-on.co.uk   | 
_**_^ 
  *
X-on is a trading name of Storacall Technology Ltd a limited company 
registered in England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley, Hemel 
Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
The information in this e-mail is confidential and for use by the 
addressee(s) only. If you are not the intended recipient, please 
notify X-on immediately on +44(0)333 332  and delete the
message from your computer. If you are not a named addressee you must 
not use, disclose, disseminate, distribute, copy, print or reply to 
this email. Views or opinions expressed by an individual
within this email may not necessarily reflect the views of X-on or its 
associated companies. Although X-on routinely screens for viruses, 
addressees should scan this email and any attachments
for viruses. X-on makes no representation or warranty as to the 
absence of viruses in this email or any attachments.




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] TLS_MGM: Multi-domain Client Certificate Validation

[Callum Guy]

Hi All,

*Running: *opensips-2.3.1-1.el7.x86_64 / CentOS 7

I have been working with new TLS connection and have been having problems
validating their client certificate. My OpenSIPs configuration works fine
for other providers (i.e. Twilio) however I am seeing the following error
messages reported while verify_cert is enabled:

Jul 25 13:10:32 proxy.ex.com opensips[4881]:
NOTICE:tls_mgm:verify_callback: depth = 0
Jul 25 13:10:32 proxy.ex.com opensips[4881]:
NOTICE:tls_mgm:verify_callback: subject =
/serialNumber=03379831/1.3.6.1.4.1.311.60.2.1.3=GB/businessCategory=Private
Organization/C=GB/postalCode=SO16 7NP/L=Southampton/street=2 Venture
Road/O=SIMWOOD ESMS LIMITED/OU=COMODO EV Multi-Domain SSL/CN=simwood.com
Jul 25 13:10:32 proxy.ex.com opensips[4881]:
NOTICE:tls_mgm:verify_callback: verify error:num=20:unable to get local
issuer certificate
Jul 25 13:10:32 proxy.ex.com opensips[4881]:
NOTICE:tls_mgm:verify_callback: something wrong with the cert ... error
code is 20 (check x509_vfy.h)
Jul 25 13:10:32 proxy.ex.com opensips[4881]:
NOTICE:tls_mgm:verify_callback: verify return:0
Jul 25 13:10:32 proxy.ex.com opensips[4881]: ERROR:proto_tls:tls_accept:
New TLS connection from 178.22.140.34:34281 failed to accept
Jul 25 13:10:32 proxy.ex.com opensips[4881]:
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Jul 25 13:10:32 proxy.ex.com opensips[4881]: ERROR:proto_tls:tls_read_req:
failed to do pre-tls reading

Part of my reason for resorting to the mailing list are old mailing list
emails discussing that multi-domain certificates are not supported by
OpenSIPs - is anyone able to confirm if this remains a problem?

The openssl error code 20 is translated as
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

I have seen other reports that this issue may be related to an improperly
chained certificate - does this sound at all likely?

Any tips on debugging would be greatly appreciated, thanks.

Callum
-- 
Callum Guy
Head of Information Security
X-on

-- 



*0333 332   |  www.x-on.co.uk   |   ** 
    
   * 
X-on is a trading name of Storacall Technology Ltd a limited company 
registered in England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley, Hemel 
Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
The information in this e-mail is confidential and for use by the 
addressee(s) only. If you are not the intended recipient, please notify 
X-on immediately on +44(0)333 332  and delete the
message from your computer. If you are not a named addressee you must not 
use, disclose, disseminate, distribute, copy, print or reply to this email. 
Views 
or opinions expressed by an individual
within this email may not necessarily reflect the views of X-on or its 
associated companies. Although X-on routinely screens for viruses, 
addressees should scan this email and any attachments
for viruses. X-on makes no representation or warranty as to the absence of 
viruses in this email or any attachments.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm module ERROR

[Dragomir Haralambiev]

Hello,

I update opensips 2.2 from yum.

I continue  to receive follow ERRORS:

Apr  9 22:13:28 dev /usr/local/sbin/opensips[31161]: INFO:tls_mgm:mod_init:
initializing TLS protocol
Apr  9 22:13:28 dev /usr/local/sbin/opensips[31161]:
WARNING:tls_mgm:mod_init: disabling compression due ZLIB problems
Apr  9 22:13:29 dev /usr/local/sbin/opensips[31161]:
INFO:tls_mgm:check_for_krb: KRB5 cipher KRB5-IDEA-CBC-SHA found
Apr  9 22:13:29 dev /usr/local/sbin/opensips[31161]:
ERROR:tls_mgm:mod_init: compiled agaist an openssl with kerberos, but run
with one with kerberos
Apr  9 22:13:29 dev /usr/local/sbin/opensips[31161]: ERROR:core:init_mod:
failed to initialize module tls_mgm
Apr  9 22:13:29 dev /usr/local/sbin/opensips[31161]: ERROR:core:main: error
while initializing modules

I have installed :

openssl-devel-1.0.1e-60.el7_3.1.x86_64
krb5-libs-1.14.1-27.el7_3.x86_64
krb5-devel-1.14.1-27.el7_3.x86_64

What I do to start Opensips with tls_mgm?


Best regards:
Dragomir


2017-04-06 23:56 GMT+03:00 Dragomir Haralambiev :

> rpm -qa |grep ssl
>
> openssl-1.0.1e-60.el7_3.1.x86_64
> openssl-libs-1.0.1e-60.el7_3.1.x86_64
> mod_ssl-2.4.6-45.el7.centos.x86_64
> openssl-devel-1.0.1e-60.el7_3.1.x86_64
>
>
> 2017-04-06 19:16 GMT+03:00 Răzvan Crainea :
>
>> Hi, Dragomir!
>>
>> What library did you compile against (libssl-dev version) and what is the
>> runtime library you are using?
>>
>> Best regards,
>>
>> Răzvan Crainea
>> OpenSIPS Solutionswww.opensips-solutions.com
>>
>> On 04/05/2017 03:19 PM, Dragomir Haralambiev wrote:
>>
>> Hello,
>>
>> I try to start opensips with tls_mgm module and receive follow errors:
>>
>> Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]:
>> WARNING:tls_mgm:mod_init: disabling compression due ZLIB problems
>> Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]:
>> INFO:tls_mgm:check_for_krb: KRB5 cipher KRB5-IDEA-CBC-SHA found
>> Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]:
>> ERROR:tls_mgm:mod_init: compiled agaist an openssl with kerberos, but run
>> with one with kerberos
>> Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]: ERROR:core:init_mod:
>> failed to initialize module tls_mgm
>>
>> How must to compile Opensips to run without errors?
>>
>> Regards,
>> Dragomir
>>
>>
>> ___
>> Users mailing 
>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm module ERROR

[Dragomir Haralambiev]

rpm -qa |grep ssl

openssl-1.0.1e-60.el7_3.1.x86_64
openssl-libs-1.0.1e-60.el7_3.1.x86_64
mod_ssl-2.4.6-45.el7.centos.x86_64
openssl-devel-1.0.1e-60.el7_3.1.x86_64


2017-04-06 19:16 GMT+03:00 Răzvan Crainea :

> Hi, Dragomir!
>
> What library did you compile against (libssl-dev version) and what is the
> runtime library you are using?
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Solutionswww.opensips-solutions.com
>
> On 04/05/2017 03:19 PM, Dragomir Haralambiev wrote:
>
> Hello,
>
> I try to start opensips with tls_mgm module and receive follow errors:
>
> Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]:
> WARNING:tls_mgm:mod_init: disabling compression due ZLIB problems
> Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]:
> INFO:tls_mgm:check_for_krb: KRB5 cipher KRB5-IDEA-CBC-SHA found
> Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]:
> ERROR:tls_mgm:mod_init: compiled agaist an openssl with kerberos, but run
> with one with kerberos
> Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]: ERROR:core:init_mod:
> failed to initialize module tls_mgm
>
> How must to compile Opensips to run without errors?
>
> Regards,
> Dragomir
>
>
> ___
> Users mailing 
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm module ERROR

[Răzvan Crainea]

Hi, Dragomir!

What library did you compile against (libssl-dev version) and what is 
the runtime library you are using?


Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 04/05/2017 03:19 PM, Dragomir Haralambiev wrote:

Hello,

I try to start opensips with tls_mgm module and receive follow errors:

Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]: 
WARNING:tls_mgm:mod_init: disabling compression due ZLIB problems
Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]: 
INFO:tls_mgm:check_for_krb: KRB5 cipher KRB5-IDEA-CBC-SHA found
Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]: 
ERROR:tls_mgm:mod_init: compiled agaist an openssl with kerberos, but 
run with one with kerberos
Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]: 
ERROR:core:init_mod: failed to initialize module tls_mgm


How must to compile Opensips to run without errors?

Regards,
Dragomir


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] tls_mgm module ERROR

[Dragomir Haralambiev]

Hello,

I try to start opensips with tls_mgm module and receive follow errors:

Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]:
WARNING:tls_mgm:mod_init: disabling compression due ZLIB problems
Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]:
INFO:tls_mgm:check_for_krb: KRB5 cipher KRB5-IDEA-CBC-SHA found
Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]: ERROR:tls_mgm:mod_init:
compiled agaist an openssl with kerberos, but run with one with kerberos
Apr  5 15:14:05 dev /usr/local/sbin/opensips[2628]: ERROR:core:init_mod:
failed to initialize module tls_mgm

How must to compile Opensips to run without errors?

Regards,
Dragomir
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm

[Răzvan Crainea]

Oh, so basically the upgrade fixed it.

Thanks for sharing!

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 11:35 PM, Stefano Pisani wrote:

Hi Răzvan,
there is not openssl 1.0.2h available for ubuntu 16.04 so I installed it
from the tarball and fixed the symlink to the correct libraries libssl
and libcrypto. That's all.

Thanks.
Stefano

Il 20/08/2016 22:28, Răzvan Crainea ha scritto:

Hi, Stefano!

Sorry, I missed that email. So what was your solution to solve the
conflict? Deployed a custom deb?

Best regards,

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 11:14 PM, Stefano Pisani wrote:

Hello Răzvan,
in my previous email I told you that I have upgraded openssl to 1.0.2h
then the error was different.
After that I realized that there was a conflict between ubuntu openssl
package and new openssl.
Finally, after fixed that, tls_mgm module is working properly.

I'm using ubuntu 16.04 LTS

Thanks
Stefano

Il 20/08/2016 22:09, Răzvan Crainea ha scritto:

Hello!

Is there any chance you could upgrade your openssl library? This
version has a known bug.
Also, could you tell us what OS you're running, perhaps we can manage
to replicate this and track it down.

Best regards.

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 10:56 PM, Venkatesh Macha wrote:


Hi all,

 I am trying to install OpenSIPS with WSS support. But i am getting
following error on OpenSIPS Startup.

ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: NOTE: check if you have openssl 1.0.1e-fips,
as this
version is known to be broken; if so, you need to upgrade or
downgrade to a
different openssl version !!
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: extra: malloc=0x7f7490dd25f8/0x7f749d13c550
realloc=0x7f7490dd2624/0x7f749d13cc40
free=0x7f7490dd265c/0x7f749d13ca70
version=OpenSSL 1.0.2g-fips  1 Mar 2016
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:core:init_mod:
failed to initialize module tls_mgm
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:core:main:
error while initializing modules

My OpenSIPS version:
 opensips -V
version: opensips 2.3.0-dev (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
QM_MALLOC,
DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 326a1c6

My OpenSSL Version:
openssl version
OpenSSL 1.0.2g-fips  1 Mar 2016

I am using Ubuntu 16.04 LTS.

Thank you in advance.



--
View this message in context:
http://opensips-open-sip-server.1449251.n2.nabble.com/tls-mgm-tp7604091.html


Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm

[Stefano Pisani]

Hi Răzvan,
there is not openssl 1.0.2h available for ubuntu 16.04 so I installed it 
from the tarball and fixed the symlink to the correct libraries libssl 
and libcrypto. That's all.


Thanks.
Stefano

Il 20/08/2016 22:28, Răzvan Crainea ha scritto:

Hi, Stefano!

Sorry, I missed that email. So what was your solution to solve the 
conflict? Deployed a custom deb?


Best regards,

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 11:14 PM, Stefano Pisani wrote:

Hello Răzvan,
in my previous email I told you that I have upgraded openssl to 1.0.2h
then the error was different.
After that I realized that there was a conflict between ubuntu openssl
package and new openssl.
Finally, after fixed that, tls_mgm module is working properly.

I'm using ubuntu 16.04 LTS

Thanks
Stefano

Il 20/08/2016 22:09, Răzvan Crainea ha scritto:

Hello!

Is there any chance you could upgrade your openssl library? This
version has a known bug.
Also, could you tell us what OS you're running, perhaps we can manage
to replicate this and track it down.

Best regards.

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 10:56 PM, Venkatesh Macha wrote:


Hi all,

 I am trying to install OpenSIPS with WSS support. But i am getting
following error on OpenSIPS Startup.

ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: NOTE: check if you have openssl 1.0.1e-fips,
as this
version is known to be broken; if so, you need to upgrade or
downgrade to a
different openssl version !!
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: extra: malloc=0x7f7490dd25f8/0x7f749d13c550
realloc=0x7f7490dd2624/0x7f749d13cc40 
free=0x7f7490dd265c/0x7f749d13ca70

version=OpenSSL 1.0.2g-fips  1 Mar 2016
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:core:init_mod:
failed to initialize module tls_mgm
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]: 
ERROR:core:main:

error while initializing modules

My OpenSIPS version:
 opensips -V
version: opensips 2.3.0-dev (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
QM_MALLOC,
DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 326a1c6

My OpenSSL Version:
openssl version
OpenSSL 1.0.2g-fips  1 Mar 2016

I am using Ubuntu 16.04 LTS.

Thank you in advance.



--
View this message in context:
http://opensips-open-sip-server.1449251.n2.nabble.com/tls-mgm-tp7604091.html 



Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm

[Răzvan Crainea]

Hi, Stefano!

Sorry, I missed that email. So what was your solution to solve the 
conflict? Deployed a custom deb?


Best regards,

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 11:14 PM, Stefano Pisani wrote:

Hello Răzvan,
in my previous email I told you that I have upgraded openssl to 1.0.2h
then the error was different.
After that I realized that there was a conflict between ubuntu openssl
package and new openssl.
Finally, after fixed that, tls_mgm module is working properly.

I'm using ubuntu 16.04 LTS

Thanks
Stefano

Il 20/08/2016 22:09, Răzvan Crainea ha scritto:

Hello!

Is there any chance you could upgrade your openssl library? This
version has a known bug.
Also, could you tell us what OS you're running, perhaps we can manage
to replicate this and track it down.

Best regards.

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 10:56 PM, Venkatesh Macha wrote:


Hi all,

 I am trying to install OpenSIPS with WSS support. But i am getting
following error on OpenSIPS Startup.

ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: NOTE: check if you have openssl 1.0.1e-fips,
as this
version is known to be broken; if so, you need to upgrade or
downgrade to a
different openssl version !!
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: extra: malloc=0x7f7490dd25f8/0x7f749d13c550
realloc=0x7f7490dd2624/0x7f749d13cc40 free=0x7f7490dd265c/0x7f749d13ca70
version=OpenSSL 1.0.2g-fips  1 Mar 2016
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:core:init_mod:
failed to initialize module tls_mgm
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]: ERROR:core:main:
error while initializing modules

My OpenSIPS version:
 opensips -V
version: opensips 2.3.0-dev (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
QM_MALLOC,
DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 326a1c6

My OpenSSL Version:
openssl version
OpenSSL 1.0.2g-fips  1 Mar 2016

I am using Ubuntu 16.04 LTS.

Thank you in advance.



--
View this message in context:
http://opensips-open-sip-server.1449251.n2.nabble.com/tls-mgm-tp7604091.html

Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm

[Stefano Pisani]

Hello Răzvan,
in my previous email I told you that I have upgraded openssl to 1.0.2h 
then the error was different.
After that I realized that there was a conflict between ubuntu openssl 
package and new openssl.

Finally, after fixed that, tls_mgm module is working properly.

I'm using ubuntu 16.04 LTS

Thanks
Stefano

Il 20/08/2016 22:09, Răzvan Crainea ha scritto:

Hello!

Is there any chance you could upgrade your openssl library? This 
version has a known bug.
Also, could you tell us what OS you're running, perhaps we can manage 
to replicate this and track it down.


Best regards.

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 10:56 PM, Venkatesh Macha wrote:


Hi all,

 I am trying to install OpenSIPS with WSS support. But i am getting
following error on OpenSIPS Startup.

ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: NOTE: check if you have openssl 1.0.1e-fips, 
as this
version is known to be broken; if so, you need to upgrade or 
downgrade to a

different openssl version !!
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: extra: malloc=0x7f7490dd25f8/0x7f749d13c550
realloc=0x7f7490dd2624/0x7f749d13cc40 free=0x7f7490dd265c/0x7f749d13ca70
version=OpenSSL 1.0.2g-fips  1 Mar 2016
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]: 
ERROR:core:init_mod:

failed to initialize module tls_mgm
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]: ERROR:core:main:
error while initializing modules

My OpenSIPS version:
 opensips -V
version: opensips 2.3.0-dev (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, 
QM_MALLOC,

DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 326a1c6

My OpenSSL Version:
openssl version
OpenSSL 1.0.2g-fips  1 Mar 2016

I am using Ubuntu 16.04 LTS.

Thank you in advance.



--
View this message in context: 
http://opensips-open-sip-server.1449251.n2.nabble.com/tls-mgm-tp7604091.html

Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] tls_mgm

[Răzvan Crainea]

Hello!

Is there any chance you could upgrade your openssl library? This version 
has a known bug.
Also, could you tell us what OS you're running, perhaps we can manage to 
replicate this and track it down.


Best regards.

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 08/20/2016 10:56 PM, Venkatesh Macha wrote:


Hi all,

 I am trying to install OpenSIPS with WSS support. But i am getting
following error on OpenSIPS Startup.

ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: NOTE: check if you have openssl 1.0.1e-fips, as this
version is known to be broken; if so, you need to upgrade or downgrade to a
different openssl version !!
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: extra: malloc=0x7f7490dd25f8/0x7f749d13c550
realloc=0x7f7490dd2624/0x7f749d13cc40 free=0x7f7490dd265c/0x7f749d13ca70
version=OpenSSL 1.0.2g-fips  1 Mar 2016
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]: ERROR:core:init_mod:
failed to initialize module tls_mgm
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]: ERROR:core:main:
error while initializing modules

My OpenSIPS version:
 opensips -V
version: opensips 2.3.0-dev (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, QM_MALLOC,
DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 326a1c6

My OpenSSL Version:
openssl version
OpenSSL 1.0.2g-fips  1 Mar 2016

I am using Ubuntu 16.04 LTS.

Thank you in advance.



--
View this message in context: 
http://opensips-open-sip-server.1449251.n2.nabble.com/tls-mgm-tp7604091.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] tls_mgm

[Venkatesh Macha]

Hi all,

 I am trying to install OpenSIPS with WSS support. But i am getting
following error on OpenSIPS Startup.

ERROR:tls_mgm:mod_init: unable to set the memory allocation functions
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: NOTE: check if you have openssl 1.0.1e-fips, as this
version is known to be broken; if so, you need to upgrade or downgrade to a
different openssl version !!
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]:
ERROR:tls_mgm:mod_init: extra: malloc=0x7f7490dd25f8/0x7f749d13c550
realloc=0x7f7490dd2624/0x7f749d13cc40 free=0x7f7490dd265c/0x7f749d13ca70
version=OpenSSL 1.0.2g-fips  1 Mar 2016
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]: ERROR:core:init_mod:
failed to initialize module tls_mgm
Aug 20 19:46:12 webrtc /usr/local/sbin/opensips[20545]: ERROR:core:main:
error while initializing modules

My OpenSIPS version:
 opensips -V
version: opensips 2.3.0-dev (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, QM_MALLOC,
DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 326a1c6

My OpenSSL Version:
openssl version
OpenSSL 1.0.2g-fips  1 Mar 2016

I am using Ubuntu 16.04 LTS.

Thank you in advance.



--
View this message in context: 
http://opensips-open-sip-server.1449251.n2.nabble.com/tls-mgm-tp7604091.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users