Set the log_level parameter to 4 and restart opensips. Once the error occurs, collect all the logs from the start (from syslog) and send them to Razvan. There’s bug tracking this issue: https://github.com/OpenSIPS/opensips/issues/2724
For compiling tls_wolfssl, try from a clean clone. -ovidiu On Thu, May 19, 2022 at 08:08 Jehanzaib Younis <jehanzaib.ki...@gmail.com> wrote: > Thanks Ovidiu, > I just checked the source code, the same bug is also present in > the opensips-3.2.6 branch. I have another issue with 3.2.6. I am not able > to compile tls_wolfssl. No issue with 3.3 though. > Now I need to check what is causing this. > > I am getting the following error: > > make[1]: Entering directory `/usr/src/opensips-3.2/modules/tls_wolfssl' > configure: WARNING: unrecognized options: --disable-shared, --enable-static > checking whether make supports nested variables... (cached) yes > ./configure: line 5259: syntax error near unexpected token `2.4.2' > ./configure: line 5259: `LT_PREREQ(2.4.2)' > make[1]: *** [lib/lib/libwolfssl.a] Error 2 > > > > Regards, > Jehanzaib > > > On Thu, May 19, 2022 at 1:35 AM Ovidiu Sas <o...@voipembedded.com> wrote: > >> Please upgrade to the latest version and see if the error persists. If >> yes, please run the server in debug mode and save the logs so this issue >> can be investigated properly. >> >> Thanks, >> Ovidiu >> >> On Wed, May 18, 2022 at 09:02 Jehanzaib Younis <jehanzaib.ki...@gmail.com> >> wrote: >> >>> Thank you Bogdan, >>> That helped a lot. As you mentioned I need to start only with >>> server_domain or client_domain. >>> Now I changed my config a bit as shown below: >>> #### (WebRTC) Client >>> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx") >>> modparam("tls_mgm", "certificate", >>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem") >>> modparam("tls_mgm", "private_key", >>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem") >>> modparam("tls_mgm", "ca_list", >>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem") >>> modparam("tls_mgm", "ca_dir", >>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx") >>> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23") >>> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1") >>> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1") >>> >>> ### This is for MS-Teams direct route >>> modparam("tls_mgm", "client_domain", "dom1.formsteams.com") >>> modparam("tls_mgm", "certificate", "[dom1.formsteams.com >>> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem") >>> modparam("tls_mgm", "private_key", "[dom1.formsteams.com >>> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem") >>> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com >>> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem") >>> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com >>> ]/etc/letsencrypt/live/dom1.formsteams.com") >>> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23") >>> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1") >>> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1") >>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom") >>> >>> Looks like the initial handshake is fine when my server sends OPTIONS to >>> MSTeams. There is a bug in the code according to the logs as shown below: >>> >>> opensips[10659]: CRITICAL:core:io_watch_add: #012>>> used fd map fd=142 >>> is not present in fd_array >>> (fd=142,type=19,flags=80000003,data=0x7f825805ceb8)#012#012It seems you >>> have hit a programming bug.#012Please help us make OpenSIPS better by >>> reporting it at https://github.com/OpenSIPS/opensips/issues >>> opensips[10659]: CRITICAL:core:io_watch_add: [TCP_main] check failed >>> after successful fd add (fd=141,type=19,data=0x7f825804fd98,flags=1) >>> already=0 >>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify >>> success >>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify >>> success >>> opensips[23993]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS >>> connection to 52.114.16.74:5061 established >>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 1, verify >>> success >>> opensips[23993]: NOTICE:tls_wolfssl:verify_callback: depth = 0, verify >>> success >>> opensips[23995]: INFO:tls_wolfssl:_wolfssl_tls_async_connect: new TLS >>> connection to 52.114.76.76:5061 established >>> >>> >>> Regards, >>> Jehanzaib >>> >>> >>> On Wed, May 18, 2022 at 6:15 PM Bogdan-Andrei Iancu <bog...@opensips.org> >>> wrote: >>> >>>> Hi Jehanzaib, >>>> >>>> The sequence for the MST TLS domains is wrong. >>>> >>>> For each TLS domain block, you need to start only with a server_domain >>>> or client_domain - of course, different names. And for each domain you need >>>> you set the matching conditions. See >>>> https://opensips.org/html/docs/modules/3.2.x/tls_mgm.html#domains-param >>>> >>>> Basically something like: >>>> >>>> modparam("tls_mgm", "server_domain", "formsteams_server") >>>> modparam("tls_mgm", "match_ip_address", "[formsteams_server]....") >>>> modparam("tls_mgm", "match_sip_domain", "[formsteams_server]....") >>>> modparam("tls_mgm", "certificate", "[formsteams_server].....) >>>> .... >>>> >>>> >>>> modparam("tls_mgm", "client_domain", "formsteams_client") >>>> modparam("tls_mgm", "match_ip_address", "[formsteams_client]....") >>>> modparam("tls_mgm", "match_sip_domain", "[formsteams_client]....") >>>> modparam("tls_mgm", "certificate", "[formsteams_client].....) >>>> .... >>>> >>>> >>>> Best regards, >>>> >>>> Bogdan-Andrei Iancu >>>> >>>> OpenSIPS Founder and Developer >>>> https://www.opensips-solutions.com >>>> OpenSIPS eBootcamp 23rd May - 3rd June 2022 >>>> https://opensips.org/training/OpenSIPS_eBootcamp_2022/ >>>> >>>> On 5/18/22 2:38 AM, Jehanzaib Younis wrote: >>>> >>>> Hi Bogdan, >>>> That's the problem, when I try to add the client_domain I get an error. >>>> Actually, I have a working config for webrtc but now I am adding a new >>>> domain for MS teams direct route. In fact, any other domain gives an error. >>>> If I disable MS Teams domain, the opensips do not give an error message and >>>> my webrtc client can connect without any issue. >>>> >>>> loadmodule "tls_mgm.so" >>>> modparam("tls_mgm", "tls_library", "wolfssl") >>>> >>>> #### (WebRTC) Client >>>> modparam("tls_mgm", "server_domain", "sip.mywebphone.xx") >>>> modparam("tls_mgm", "certificate", >>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem") >>>> modparam("tls_mgm", "private_key", >>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem") >>>> modparam("tls_mgm", "ca_list", >>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem") >>>> modparam("tls_mgm", "ca_dir", >>>> "[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx") >>>> modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23") >>>> modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1") >>>> modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1") >>>> >>>> ### This is for MS-Teams direct route >>>> modparam("tls_mgm", "server_domain", "dom1.formsteams.com") >>>> modparam("tls_mgm", "client_domain", "dom1.formsteams.com") >>>> modparam("tls_mgm", "certificate", "[dom1.formsteams.com >>>> ]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem") >>>> modparam("tls_mgm", "private_key", "[dom1.formsteams.com >>>> ]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem") >>>> modparam("tls_mgm", "ca_list", "[dom1.formsteams.com >>>> ]/etc/letsencrypt/live/dom1.formsteams.com/fullchain.pem") >>>> modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com >>>> ]/etc/letsencrypt/live/dom1.formsteams.com") >>>> modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23") >>>> modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1") >>>> modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1") >>>> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom") >>>> >>>> When i enable the MS-Teams direct route domain i get the below error: >>>> no certificate for tls domain ' dom1.formsteams.com ' defined >>>> >>>> >>>> Regards, >>>> Jehanzaib >>>> >>>> >>>> On Wed, May 18, 2022 at 3:04 AM Bogdan-Andrei Iancu < >>>> bog...@opensips.org> wrote: >>>> >>>>> Hi Jehanzaib, >>>>> >>>>> What are the TLS client domains you have defined in your tls_mgm >>>>> module ? >>>>> >>>>> Regards, >>>>> >>>>> Bogdan-Andrei Iancu >>>>> >>>>> OpenSIPS Founder and Developer >>>>> https://www.opensips-solutions.com >>>>> OpenSIPS eBootcamp 23rd May - 3rd June 2022 >>>>> https://opensips.org/training/OpenSIPS_eBootcamp_2022/ >>>>> >>>>> On 5/17/22 4:32 PM, Jehanzaib Younis wrote: >>>>> >>>>> Hi, >>>>> >>>>> I am having trouble to send/receive OPTIONS to ms teams. >>>>> Using the dispatcher module. The socket is defined as tls:*mysbcip* >>>>> :5061 >>>>> Looks like when my opensips (3.2.x) tries to send OPTIONS. it is >>>>> giving me the following error >>>>> >>>>> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found >>>>> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for >>>>> conn 0x7f00ef2a85a0 >>>>> ERROR:core:tcp_async_connect: tcp_conn_create failed >>>>> ERROR:proto_tls:proto_tls_send: async TCP connect failed >>>>> ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed >>>>> ERROR:tm:t_uac: attempt to send to ' >>>>> sip:sip3.pstnhub.microsoft.com:5061;transport:tls' failed >>>>> >>>>> I am setting the Contact as <sip:mytlsdomain:5061;transport=tls> >>>>> >>>>> Looks like the client domain is used for outgoing TLS connection but >>>>> no idea which domain i need to add here. The socket is my opensips ip >>>>> address. >>>>> >>>>> Has anyone seen a similar kind of behaviour? >>>>> >>>>> Thank you. >>>>> >>>>> Regards, >>>>> Jehanzaib >>>>> >>>>> _______________________________________________ >>>>> Users mailing >>>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>> >>>>> >>>>> >>>> _______________________________________________ >>> Users mailing list >>> Users@lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >> -- >> VoIP Embedded, Inc. >> http://www.voipembedded.com >> _______________________________________________ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- VoIP Embedded, Inc. http://www.voipembedded.com
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users