Daniel-Constantin Mierla writes:

> The error message seems to be related to failure to open `ca_list`
> file, not to `ca_path` -- can you check if `ca_list` is still set
> somewhere there to an invalid file path?

I checked and config file has only this:

modparam("tls", "config", "/etc/sip-proxy/tls.cfg")

and tls.cfg contains:

# more tls.cfg
[client:default]
verify_certificate = yes
require_certificate = yes
tls_method = TLSv1.2+
private_key = /etc/sip-proxy/certs/key.pem
certificate = /etc/sip-proxy/certs/cert.pem
ca_path = /etc/sip-proxy/certs/ca_list

[server:default]
verify_certificate = yes
require_certificate = no
server_name = lohi.tutpro.com
tls_method = TLSv1.1+
private_key = /etc/sip-proxy/certs/key.pem
certificate = /etc/sip-proxy/certs/cert.pem
ca_path = /etc/sip-proxy/certs/ca_list

There is no trace of ca_list anywhere.  Also syslog shows that ca_list
is null:

Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:322]: 
ksr_tls_fill_missing(): TLSs<default>: 
certificate='/etc/sip-proxy/certs/cert.pem'
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:329]: 
ksr_tls_fill_missing(): TLSs<default>: ca_list='(null)'
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:336]: 
ksr_tls_fill_missing(): TLSs<default>: ca_path='/etc/sip-proxy/certs/ca_list'


-- 
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682#issuecomment-804822963
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to