Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Ovidiu, I solved this problem by hardcoding the cert address in the my_con.c address. Guess the cert setup in the config file can't be loaded correctly when my_con.c calls it. On Tue, Sep 27, 2022 at 7:34 AM Ovidiu Sas wrote: > I encountered a crash related to TLS connections and I was wondering > if it's a similar issue. > It seems not, the crash that I encountered happens only on 3.3. > > If you installed opensips from a package, you need to install > opensips-dbg package to get the debug symbols. > After that, you can locate the core file on your server and inspect it > with gdb. > Everything should be detailed here: > https://www.opensips.org/Documentation/TroubleShooting-Crash > > -ovidiu > > On Mon, Sep 26, 2022 at 2:54 AM jacky z wrote: > > > > Hi Ovidiu, > > > > The version I am using is 3.2. I am not familiar with the debug symbols, > but guess this can be reproduced easily. With ?tls_domain=dom1 attached > after the mysql address, it happens. Can you simply check if it is the same > behavior? If not, I will dig further by learning how to use the debug > symbols. Thanks! > > > > On Mon, Sep 26, 2022 at 12:30 AM Ovidiu Sas > wrote: > >> > >> Which version of opensips are you using? > >> Can you install the debug symbols and get a backtrace from the core > file? > >> https://www.opensips.org/Documentation/TroubleShooting-Crash > >> > >> Regards, > >> Ovidiu Sas > >> > >> On Sun, Sep 25, 2022 at 6:32 AM jacky z wrote: > >> > > >> > Hi Vlad, > >> > > >> > It seems opensips crashed when I set ?tls_domain=dom1 to enable tls > connection to mysql db. I followed the method in the manual. > >> > > >> > modparam("usrloc", "db_url", "mysql://root:1234@localhost > /opensips?tls_domain=dom1") > >> > > >> > > >> > Here is the log. > >> > > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_mgm:mod_init: initializing TLS management > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom' > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using default > '/etc/pki/CA/' > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT > activated. Weaker security. > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1' > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using > default '/etc/pki/CA/' > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT > activated. Weaker security. > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:proto_tls:mod_init: initializing TLS protocol > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:proto_bin:mod_init: initializing BIN protocol > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:clusterer:mod_init: Clusterer module - initializing > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > CRITICAL:core:sig_usr: segfault in attendant (starter) process! > >> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243] > opensips[4935]: segfault at 0 ip sp 7ffececa3d08 error > 14 in opensips[558b5bb75000+1c000] > >> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP > value. > >> > Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize: > pre-daemon process exiting with -1 > >> > > >> > and my client domain settings > >> > > >> > #client domain > >> > modparam("tls_mgm", "client_domain", "dom1") > >> > modparam("tls_mgm", "match_ip_address", "[dom1]*") > >> > modparam("tls_mgm", "match_sip_domain", "[dom1]*") > >> > modparam("tls_mgm","certificate", > "[dom1]/etc/ssl/certs/rootCACert.pem") > >> > modparam("tls_mgm","private_key", > "[dom1]/etc/ssl/private/rootCAKey.pem") > >> > modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem") > >> > modparam("tls_mgm","tls_method", "[dom1]SSLv23") > >> > modparam("tls_mgm","verify_cert", "[dom1]0") > >> > modparam("tls_mgm","require_cert", "[dom1]0") > >> > > >> > It is expected to see some other errors such as invalid cert but not > crash in pre-daemon process. Any clue on this for me to debug? If I remove > "?tls_domain=dom1", there is no such crash
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
I encountered a crash related to TLS connections and I was wondering if it's a similar issue. It seems not, the crash that I encountered happens only on 3.3. If you installed opensips from a package, you need to install opensips-dbg package to get the debug symbols. After that, you can locate the core file on your server and inspect it with gdb. Everything should be detailed here: https://www.opensips.org/Documentation/TroubleShooting-Crash -ovidiu On Mon, Sep 26, 2022 at 2:54 AM jacky z wrote: > > Hi Ovidiu, > > The version I am using is 3.2. I am not familiar with the debug symbols, but > guess this can be reproduced easily. With ?tls_domain=dom1 attached after the > mysql address, it happens. Can you simply check if it is the same behavior? > If not, I will dig further by learning how to use the debug symbols. Thanks! > > On Mon, Sep 26, 2022 at 12:30 AM Ovidiu Sas wrote: >> >> Which version of opensips are you using? >> Can you install the debug symbols and get a backtrace from the core file? >> https://www.opensips.org/Documentation/TroubleShooting-Crash >> >> Regards, >> Ovidiu Sas >> >> On Sun, Sep 25, 2022 at 6:32 AM jacky z wrote: >> > >> > Hi Vlad, >> > >> > It seems opensips crashed when I set ?tls_domain=dom1 to enable tls >> > connection to mysql db. I followed the method in the manual. >> > >> > modparam("usrloc", "db_url", >> > "mysql://root:1234@localhost/opensips?tls_domain=dom1") >> > >> > >> > Here is the log. >> > >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > INFO:tls_mgm:mod_init: initializing TLS management >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom' >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using >> > default '/etc/pki/CA/' >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT >> > activated. Weaker security. >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1' >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using >> > default '/etc/pki/CA/' >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT >> > activated. Weaker security. >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > INFO:proto_tls:mod_init: initializing TLS protocol >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > INFO:proto_bin:mod_init: initializing BIN protocol >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > INFO:clusterer:mod_init: Clusterer module - initializing >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: >> > CRITICAL:core:sig_usr: segfault in attendant (starter) process! >> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243] opensips[4935]: >> > segfault at 0 ip sp 7ffececa3d08 error 14 in >> > opensips[558b5bb75000+1c000] >> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP value. >> > Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize: pre-daemon >> > process exiting with -1 >> > >> > and my client domain settings >> > >> > #client domain >> > modparam("tls_mgm", "client_domain", "dom1") >> > modparam("tls_mgm", "match_ip_address", "[dom1]*") >> > modparam("tls_mgm", "match_sip_domain", "[dom1]*") >> > modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem") >> > modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem") >> > modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem") >> > modparam("tls_mgm","tls_method", "[dom1]SSLv23") >> > modparam("tls_mgm","verify_cert", "[dom1]0") >> > modparam("tls_mgm","require_cert", "[dom1]0") >> > >> > It is expected to see some other errors such as invalid cert but not crash >> > in pre-daemon process. Any clue on this for me to debug? If I remove >> > "?tls_domain=dom1", there is no such crash though the opensips server >> > still couldn't start because I forced the mysql db to use ssl connection. >> > Thanks! >> > >> > On Mon, Sep 19, 2022 at 9:09 PM Vlad Patrascu wrote: >> >> >> >> Hi Jacky, >> >> >> >> I cant think of any workaround unfortunately. >> >> >> >>
Re: [OpenSIPS-Users] Question about cache_store and lifetime of variables
No, works same way. Just look at docs of 3.1 On Mon, Sep 26, 2022 at 11:58 AM Saint Michael wrote: > I use opensips 3.1, does it matter? > > > On Mon, Sep 26, 2022 at 10:20 AM Daniel Zanutti > wrote: > >> can you write your own functions with opensips? >> Yes -> using routes >> >> Can you point me to an example? >> Storing-> >> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5880336 >> Retrieving -> >> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5887712 >> >> Or work with flags, if just true or false value >> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp341408 >> >> Regards >> On Sun, Sep 25, 2022 at 1:45 PM Saint Michael wrote: >> >>> Question: >>> can you write your own functions with opensips? >>> >>> >>> On Sun, Sep 25, 2022 at 12:05 PM Saint Michael >>> wrote: >>> Dear Daniel Can you point me to an example? Right now Opensios will get a clogged memory. Many thanks. On Sun, Sep 25, 2022, 11:45 AM Daniel Zanutti wrote: > You have to use dialog variable storing. > Take a look at dialog module. > > Em dom., 25 de set. de 2022 10:42, Saint Michael > escreveu: > >> I noticed that the variable >> $avp(lineid) >> set in the section of the code handling the original INVITE, is null >> when I need to close the call. >> Is there a way to store a variable that will be available >> throughout the call, everywhere? >> I am trying: >> cache_store("local","lineid_$ci","$avp(lineid)",0); >> but I need this value to disappear when this call is closed. I cannot >> set an expiration because the call may last for 2 hours or 2 seconds. >> >> many thanks for your help and guidance >> >> Philip >> >> >> ___ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ >>> Users mailing list >>> Users@lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >> ___ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Question about cache_store and lifetime of variables
I use opensips 3.1, does it matter? On Mon, Sep 26, 2022 at 10:20 AM Daniel Zanutti wrote: > can you write your own functions with opensips? > Yes -> using routes > > Can you point me to an example? > Storing-> > https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5880336 > Retrieving -> > https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5887712 > > Or work with flags, if just true or false value > https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp341408 > > Regards > On Sun, Sep 25, 2022 at 1:45 PM Saint Michael wrote: > >> Question: >> can you write your own functions with opensips? >> >> >> On Sun, Sep 25, 2022 at 12:05 PM Saint Michael wrote: >> >>> Dear Daniel >>> Can you point me to an example? >>> Right now Opensios will get a clogged memory. >>> Many thanks. >>> >>> >>> On Sun, Sep 25, 2022, 11:45 AM Daniel Zanutti >>> wrote: >>> You have to use dialog variable storing. Take a look at dialog module. Em dom., 25 de set. de 2022 10:42, Saint Michael escreveu: > I noticed that the variable > $avp(lineid) > set in the section of the code handling the original INVITE, is null > when I need to close the call. > Is there a way to store a variable that will be available > throughout the call, everywhere? > I am trying: > cache_store("local","lineid_$ci","$avp(lineid)",0); > but I need this value to disappear when this call is closed. I cannot > set an expiration because the call may last for 2 hours or 2 seconds. > > many thanks for your help and guidance > > Philip > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> ___ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Question about cache_store and lifetime of variables
can you write your own functions with opensips? Yes -> using routes Can you point me to an example? Storing-> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5880336 Retrieving -> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5887712 Or work with flags, if just true or false value https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp341408 Regards On Sun, Sep 25, 2022 at 1:45 PM Saint Michael wrote: > Question: > can you write your own functions with opensips? > > > On Sun, Sep 25, 2022 at 12:05 PM Saint Michael wrote: > >> Dear Daniel >> Can you point me to an example? >> Right now Opensios will get a clogged memory. >> Many thanks. >> >> >> On Sun, Sep 25, 2022, 11:45 AM Daniel Zanutti >> wrote: >> >>> You have to use dialog variable storing. >>> Take a look at dialog module. >>> >>> Em dom., 25 de set. de 2022 10:42, Saint Michael >>> escreveu: >>> I noticed that the variable $avp(lineid) set in the section of the code handling the original INVITE, is null when I need to close the call. Is there a way to store a variable that will be available throughout the call, everywhere? I am trying: cache_store("local","lineid_$ci","$avp(lineid)",0); but I need this value to disappear when this call is closed. I cannot set an expiration because the call may last for 2 hours or 2 seconds. many thanks for your help and guidance Philip ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> ___ >>> Users mailing list >>> Users@lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >> ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] OPENSIPS 3.2.8 msilo can't send offline message on Register
Hi Team, We are testing Opensips 3.2.8 and found it can't send stored offline messages on register. Compared with 3.1, it doesn't look for the tcp con. Here are the comparisons between the logs of these two versions: In 3.1, the existing con was looked and found and then the message was sent. Please refer to the texts in red. Sep 26 08:09:56 opensips[11566]: DBG:tm:print_request_uri: sip:3293543...@sip.domain.com:5061 Sep 26 08:09:56 opensips[11566]: DBG:tm:run_local_route: building sip_msg from buffer Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: SIP Request: Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: method: Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: uri: < sip:3293543...@sip.domain.com:5061> Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: version: Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: flags= Sep 26 08:09:56 opensips[11566]: DBG:core:parse_via_param: found param type 232, = ; state=16 Sep 26 08:09:56 opensips[11566]: DBG:core:parse_via: end of header reached, state=5 Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: via found, flags= Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: this is the first via Sep 26 08:09:56 opensips[11566]: DBG:core:_parse_to: end of header reached, state=9 Sep 26 08:09:56 opensips[11566]: DBG:core:_parse_to: display={}, ruri={ sip:3293543...@sip.domain.com:5061} Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: [38]; uri=[ sip:3293543...@sip.domain.com:5061] Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: to body [ sip:3293543...@sip.domain.com:5061#015#012] Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: cseq : <10> Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: content_length=28 Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: found end of header Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: flags= Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: flags=78 *Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: con found in state 0* *Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: tcp connection found (0x7fd4544f8130), acquiring fd* *Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: c= 0x7fd4544f8130, n=16, Usock=89* Sep 26 08:09:56 opensips[11571]: DBG:core:handle_worker: read response= 7fd4544f8130, 1, fd -1 from 9 (11566) Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: after receive_fd: c= 0x7fd4544f8130 n=8 fd=118 Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:proto_tls_send: sending via fd 118... Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:tls_update_fd: New fd is 118 Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:tls_write: write was successful (555 bytes) In 3.2.8, it seems the tcp connection was not looked for or found. There is no tcp_conn_get as shown in the logs of 3.1, but reach the conclusion no tcp connection found. It seems something is missing. Sep 26 08:18:33 opensips[3481]: DBG:tm:run_local_route: building sip_msg from buffer Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: SIP Request: Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: method: Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: uri: < sip:6989229...@sip.domain.com> Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: version: Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: flags= Sep 26 08:18:33 opensips[3481]: DBG:core:parse_via_param: found param type 232, = ; state=16 Sep 26 08:18:33 opensips[3481]: DBG:core:parse_via: end of header reached, state=5 Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: via found, flags= Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: this is the first via Sep 26 08:18:33 opensips[3481]: DBG:core:_parse_to: end of header reached, state=9 Sep 26 08:18:33 opensips[3481]: DBG:core:_parse_to: display={}, ruri={ sip:6989229...@sip.domain.com} Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: [32]; uri=[ sip:6989229...@sip.domain.com] Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: to body [ sip:6989229...@sip.domain.com#015#012] Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: cseq : <10> Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: content_length=36 Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: found end of header Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: flags= Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: flags=78 *Sep 26 08:18:33 opensips[3481]: DBG:proto_tls:proto_tls_send: no open tcp connection found, opening new one, async = 0* Thank you! ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Opensips 3.2.8 does not send message with opensips-cli command
Hi Team, We use MI command to send messages to a user successfully with opensips 3.1, but after we upgraded to 3.2.8, the message can't be sent with opensips-cli command. We compared the logs and found that when the command was run on 3.2.8, the tcp connection couldn't be found though we can confirm there was a tcp connection. Another strange behavior is that it did not lookup the location table for the ruri and it seems the message route was not called. On 3.2.8, if we specify the ruri in the command with the actual ip address and port we manually found in the location table, the message can be sent. We also found the msilo module can't send messages on 3.2.8 but it works well on 3.1. Here is the command we used: opensips-cli -x mi t_uac_dlg method=MESSAGE ruri="sip:12...@sip.domain.com:5061;transport=TLS" headers="From: sip:6...@sip.domain.com:5061;transport=tls\r\nTo: sip:12...@sip.domain.com:5061;transport=TLS\r\nContact: sip:6...@sip.domain.com:5061;transport=tls\r\nContent-Type: text/plain\r\n" body="this is a message" Here are the logs on 3.1 and 3.2.8 respectively, Logs for OPENSIPS 3.2 Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: SIP Request: Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: method: Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: uri: Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: version: Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: flags= Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via_param: found param type 232, = ; state=16 Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via: end of header reached, state=5 Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: via found, flags= Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: this is the first via Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: end of header reached, state=9 Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: display={}, ruri={ sip:6989229...@sip.domain.com:5061} Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: [37]; uri=[ sip:6989229...@sip.domain.com:5061] Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: to body [ sip:6989229...@sip.domain.com:5061#015#012] Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: cseq : <10> Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: content_length=28 Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: found end of header Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: flags= Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: flags=78 Sep 26 07:21:13 opensips[3477]: DBG:proto_tls:proto_tls_send: no open tcp connection found, opening new one, async = 0 Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: getsockopt: snd is initially 16384 Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: using snd buffer of 416 kb Sep 26 07:21:13 opensips[3477]: DBG:core:init_sock_keepalive: TCP keepalive enabled on socket 103 Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_connect_blocking_timeout: connect timed out, 179 us elapsed out of 100 us Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_sync_connect_fd: tcp_blocking_connect failed Sep 26 07:21:14 opensips[3477]: ERROR:proto_tls:proto_tls_send: connect failed Sep 26 07:21:14 opensips[3477]: ERROR:tm:msg_send: send() to 12.34.56.78:5061 for proto tls/3 failed Sep 26 07:21:14 opensips[3477]: ERROR:tm:t_uac: attempt to send to 'sip:6989229...@sip.domain.com:5061;transport=TLS' failed Logs for OPENSIPS 3.1 Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_msg: SIP Request: Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_msg: method: Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_msg: uri: Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_msg: version: Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_headers: flags= Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_via_param: found param type 232, = ; state=16 Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_via: end of header reached, state=5 Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_headers: via found, flags= Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:parse_headers: this is the first via Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:_parse_to: end of header reached, state=9 Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:_parse_to: display={}, ruri={sip:3293543...@sip.domain.com:5061} Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:get_hdr_field: [38]; uri=[sip:3293543...@sip.domain.com:5061] Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]: DBG:core:get_hdr_field: to body [sip:3293543...@sip.domain.com:5061#015#012] Sep 26 07:32:00 ip-172-31-14-229
Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled
Hi Ovidiu, The version I am using is 3.2. I am not familiar with the debug symbols, but guess this can be reproduced easily. With ?tls_domain=dom1 attached after the mysql address, it happens. Can you simply check if it is the same behavior? If not, I will dig further by learning how to use the debug symbols. Thanks! On Mon, Sep 26, 2022 at 12:30 AM Ovidiu Sas wrote: > Which version of opensips are you using? > Can you install the debug symbols and get a backtrace from the core file? > https://www.opensips.org/Documentation/TroubleShooting-Crash > > Regards, > Ovidiu Sas > > On Sun, Sep 25, 2022 at 6:32 AM jacky z wrote: > > > > Hi Vlad, > > > > It seems opensips crashed when I set ?tls_domain=dom1 to enable tls > connection to mysql db. I followed the method in the manual. > > > > modparam("usrloc", "db_url", "mysql://root:1234@localhost > /opensips?tls_domain=dom1") > > > > > > Here is the log. > > > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_mgm:mod_init: initializing TLS management > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom' > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using default > '/etc/pki/CA/' > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT > activated. Weaker security. > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1' > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using > default '/etc/pki/CA/' > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT > activated. Weaker security. > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:proto_tls:mod_init: initializing TLS protocol > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:proto_bin:mod_init: initializing BIN protocol > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > INFO:clusterer:mod_init: Clusterer module - initializing > > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: > CRITICAL:core:sig_usr: segfault in attendant (starter) process! > > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243] opensips[4935]: > segfault at 0 ip sp 7ffececa3d08 error 14 in > opensips[558b5bb75000+1c000] > > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP > value. > > Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize: > pre-daemon process exiting with -1 > > > > and my client domain settings > > > > #client domain > > modparam("tls_mgm", "client_domain", "dom1") > > modparam("tls_mgm", "match_ip_address", "[dom1]*") > > modparam("tls_mgm", "match_sip_domain", "[dom1]*") > > modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem") > > modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem") > > modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem") > > modparam("tls_mgm","tls_method", "[dom1]SSLv23") > > modparam("tls_mgm","verify_cert", "[dom1]0") > > modparam("tls_mgm","require_cert", "[dom1]0") > > > > It is expected to see some other errors such as invalid cert but not > crash in pre-daemon process. Any clue on this for me to debug? If I remove > "?tls_domain=dom1", there is no such crash though the opensips server still > couldn't start because I forced the mysql db to use ssl connection. Thanks! > > > > On Mon, Sep 19, 2022 at 9:09 PM Vlad Patrascu > wrote: > >> > >> Hi Jacky, > >> > >> I cant think of any workaround unfortunately. > >> > >> Regards, > >> > >> -- > >> Vlad Patrascu > >> OpenSIPS Core Developer > >> http://www.opensips-solutions.com > >> > >> On 17.09.2022 18:46, jacky z wrote: > >> > >> Hi Vlad, > >> > >> Is there any workaround to disable the client cert? Thanks! > >> > >> On Wed, Sep 14, 2022 at 9:16 PM Vlad Patrascu > wrote: > >>> > >>> Hi Jacky, > >>> > >>> OpenSIPS will always require you to configure a client certificate for > TLS client domains and will also present that certificate when connecting. > But normally, a TLS server can simply choose not to verify the client > certificate. I don't have any experience with AWS RDS though but it seems > odd to not accept a connection only because the client