Re: [OpenSIPS-Users] Testing of opensips.cfg

Tue, 27 Jun 2023 23:43:57 -0700 

Hi Dovid,
The "-c" options is for checking the syntax of the cfg file, not actually checking the data used by OpenSIPS, so this is why it does not work for you . I guess you can use some openssl cli tool to validate / check your certs before a restart / reload of TLS part. 

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
  https://www.siphub.com

On 6/27/23 6:43 PM, Dovid Bender wrote:

Hi All,


We are trying to automate the update of our ssl certs. I tried by 
creating a "bad" cert file. When I run 
"/usr/local/src/opensips/opensips -c 
/usr/local/etc/opensips/opensips.cfg" it comes back clean as the 
config is sane however when I try to restart OpenSipS it will 
obviously fail with:
Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net> 
/usr/local/src/opensips/opensips[311900]: 
ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:09091064:PEM 
routines:PEM_read_bio_ex:bad base64 decode
Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net> 
/usr/local/src/opensips/opensips[311900]: 
ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:140DC009:SSL 
routines:use_certificate_chain_file:PEM lib
Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net> 
/usr/local/src/opensips/opensips[311900]: 
ERROR:tls_openssl:load_certificate: unable to load certificate file 
'/usr/local/etc/opensips/wss-proxy.example.net/cert3_bad.pem 
<http://wss-proxy.example.net/cert3_bad.pem>'
Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net> 
/usr/local/src/opensips/opensips[311900]: 
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'example'
Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net> 
/usr/local/src/opensips/opensips[311900]: ERROR:core:init_mod: failed 
to initialize module tls_mgm
Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net> 
/usr/local/src/opensips/opensips[311900]: ERROR:core:main: error while 
initializing modules



Is there anything I can do to check it see if on restart if OpenSipS 
will fail?


TIA.

Dovid


_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to