Daniel-Constantin Mierla writes:
> The error message seems to be related to failure to open `ca_list`
> file, not to `ca_path` -- can you check if `ca_list` is still set
> somewhere there to an invalid file path?
I checked and config file has only this:
modparam("tls", "config", "/etc/sip-proxy/tls.cfg")
and tls.cfg contains:
# more tls.cfg
[client:default]
verify_certificate = yes
require_certificate = yes
tls_method = TLSv1.2+
private_key = /etc/sip-proxy/certs/key.pem
certificate = /etc/sip-proxy/certs/cert.pem
ca_path = /etc/sip-proxy/certs/ca_list
[server:default]
verify_certificate = yes
require_certificate = no
server_name = lohi.tutpro.com
tls_method = TLSv1.1+
private_key = /etc/sip-proxy/certs/key.pem
certificate = /etc/sip-proxy/certs/cert.pem
ca_path = /etc/sip-proxy/certs/ca_list
There is no trace of ca_list anywhere. Also syslog shows that ca_list
is null:
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:322]:
ksr_tls_fill_missing(): TLSs<default>:
certificate='/etc/sip-proxy/certs/cert.pem'
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:329]:
ksr_tls_fill_missing(): TLSs<default>: ca_list='(null)'
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:336]:
ksr_tls_fill_missing(): TLSs<default>: ca_path='/etc/sip-proxy/certs/ca_list'
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682#issuecomment-804822963_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
