Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[jacky z]

Hi Ovidiu,

I solved this problem by hardcoding the cert address in the my_con.c
address. Guess the cert setup in the config file can't be loaded correctly
when my_con.c calls it.

On Tue, Sep 27, 2022 at 7:34 AM Ovidiu Sas  wrote:

> I encountered a crash related to TLS connections and I was wondering
> if it's a similar issue.
> It seems not, the crash that I encountered happens only on 3.3.
>
> If you installed opensips from a package, you need to install
> opensips-dbg package to get the debug symbols.
> After that, you can locate the core file on your server and inspect it
> with gdb.
> Everything should be detailed here:
> https://www.opensips.org/Documentation/TroubleShooting-Crash
>
> -ovidiu
>
> On Mon, Sep 26, 2022 at 2:54 AM jacky z  wrote:
> >
> > Hi Ovidiu,
> >
> > The version I am using is 3.2. I am not familiar with the debug symbols,
> but guess this can be reproduced easily. With ?tls_domain=dom1 attached
> after the mysql address, it happens. Can you simply check if it is the same
> behavior? If not, I will dig further by learning how to use the debug
> symbols. Thanks!
> >
> > On Mon, Sep 26, 2022 at 12:30 AM Ovidiu Sas 
> wrote:
> >>
> >> Which version of opensips are you using?
> >> Can you install the debug symbols and get a backtrace from the core
> file?
> >> https://www.opensips.org/Documentation/TroubleShooting-Crash
> >>
> >> Regards,
> >> Ovidiu Sas
> >>
> >> On Sun, Sep 25, 2022 at 6:32 AM jacky z  wrote:
> >> >
> >> > Hi Vlad,
> >> >
> >> > It seems opensips crashed when I set ?tls_domain=dom1 to enable tls
> connection to mysql db.  I followed the method in the manual.
> >> >
> >> > modparam("usrloc", "db_url", "mysql://root:1234@localhost
> /opensips?tls_domain=dom1")
> >> >
> >> >
> >> > Here is the log.
> >> >
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:mod_init: initializing TLS management
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom'
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using default
> '/etc/pki/CA/'
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT
> activated. Weaker security.
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using
> default '/etc/pki/CA/'
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT
> activated. Weaker security.
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:proto_tls:mod_init: initializing TLS protocol
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:proto_bin:mod_init: initializing BIN protocol
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:clusterer:mod_init: Clusterer module - initializing
> >> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> CRITICAL:core:sig_usr: segfault in attendant (starter) process!
> >> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243]
> opensips[4935]: segfault at 0 ip  sp 7ffececa3d08 error
> 14 in opensips[558b5bb75000+1c000]
> >> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP
> value.
> >> > Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize:
> pre-daemon process exiting with -1
> >> >
> >> > and my client domain settings
> >> >
> >> > #client domain
> >> > modparam("tls_mgm", "client_domain", "dom1")
> >> > modparam("tls_mgm", "match_ip_address", "[dom1]*")
> >> > modparam("tls_mgm", "match_sip_domain", "[dom1]*")
> >> > modparam("tls_mgm","certificate",
> "[dom1]/etc/ssl/certs/rootCACert.pem")
> >> > modparam("tls_mgm","private_key",
> "[dom1]/etc/ssl/private/rootCAKey.pem")
> >> > modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
> >> > modparam("tls_mgm","tls_method", "[dom1]SSLv23")
> >> > modparam("tls_mgm","verify_cert", "[dom1]0")
> >> > modparam("tls_mgm","require_cert", "[dom1]0")
> >> >
> >> > It is expected to see some other errors such as invalid cert but not
> crash in pre-daemon process. Any clue on this for me to debug? If I remove
> "?tls_domain=dom1", there is no such crash 

Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[Ovidiu Sas]

I encountered a crash related to TLS connections and I was wondering
if it's a similar issue.
It seems not, the crash that I encountered happens only on 3.3.

If you installed opensips from a package, you need to install
opensips-dbg package to get the debug symbols.
After that, you can locate the core file on your server and inspect it with gdb.
Everything should be detailed here:
https://www.opensips.org/Documentation/TroubleShooting-Crash

-ovidiu

On Mon, Sep 26, 2022 at 2:54 AM jacky z  wrote:
>
> Hi Ovidiu,
>
> The version I am using is 3.2. I am not familiar with the debug symbols, but 
> guess this can be reproduced easily. With ?tls_domain=dom1 attached after the 
> mysql address, it happens. Can you simply check if it is the same behavior? 
> If not, I will dig further by learning how to use the debug symbols. Thanks!
>
> On Mon, Sep 26, 2022 at 12:30 AM Ovidiu Sas  wrote:
>>
>> Which version of opensips are you using?
>> Can you install the debug symbols and get a backtrace from the core file?
>> https://www.opensips.org/Documentation/TroubleShooting-Crash
>>
>> Regards,
>> Ovidiu Sas
>>
>> On Sun, Sep 25, 2022 at 6:32 AM jacky z  wrote:
>> >
>> > Hi Vlad,
>> >
>> > It seems opensips crashed when I set ?tls_domain=dom1 to enable tls 
>> > connection to mysql db.  I followed the method in the manual.
>> >
>> > modparam("usrloc", "db_url", 
>> > "mysql://root:1234@localhost/opensips?tls_domain=dom1")
>> >
>> >
>> > Here is the log.
>> >
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > INFO:tls_mgm:mod_init: initializing TLS management
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom'
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using 
>> > default '/etc/pki/CA/'
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT 
>> > activated. Weaker security.
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using 
>> > default '/etc/pki/CA/'
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT 
>> > activated. Weaker security.
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > INFO:proto_tls:mod_init: initializing TLS protocol
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > INFO:proto_bin:mod_init: initializing BIN protocol
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > INFO:clusterer:mod_init: Clusterer module - initializing
>> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]: 
>> > CRITICAL:core:sig_usr: segfault in attendant (starter) process!
>> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243] opensips[4935]: 
>> > segfault at 0 ip  sp 7ffececa3d08 error 14 in 
>> > opensips[558b5bb75000+1c000]
>> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP value.
>> > Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize: pre-daemon 
>> > process exiting with -1
>> >
>> > and my client domain settings
>> >
>> > #client domain
>> > modparam("tls_mgm", "client_domain", "dom1")
>> > modparam("tls_mgm", "match_ip_address", "[dom1]*")
>> > modparam("tls_mgm", "match_sip_domain", "[dom1]*")
>> > modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
>> > modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
>> > modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
>> > modparam("tls_mgm","tls_method", "[dom1]SSLv23")
>> > modparam("tls_mgm","verify_cert", "[dom1]0")
>> > modparam("tls_mgm","require_cert", "[dom1]0")
>> >
>> > It is expected to see some other errors such as invalid cert but not crash 
>> > in pre-daemon process. Any clue on this for me to debug? If I remove 
>> > "?tls_domain=dom1", there is no such crash though the opensips server 
>> > still couldn't start because I forced the mysql db to use ssl connection. 
>> > Thanks!
>> >
>> > On Mon, Sep 19, 2022 at 9:09 PM Vlad Patrascu  wrote:
>> >>
>> >> Hi Jacky,
>> >>
>> >> I cant think of any workaround unfortunately.
>> >>
>> >> 

Re: [OpenSIPS-Users] Question about cache_store and lifetime of variables

[Daniel Zanutti]

No, works same way.

Just look at docs of 3.1

On Mon, Sep 26, 2022 at 11:58 AM Saint Michael  wrote:

> I use opensips 3.1, does it matter?
>
>
> On Mon, Sep 26, 2022 at 10:20 AM Daniel Zanutti 
> wrote:
>
>> can you write your own functions with opensips?
>> Yes -> using routes
>>
>> Can you point me to an example?
>> Storing->
>> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5880336
>> Retrieving ->
>> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5887712
>>
>> Or work with flags, if just true or false value
>> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp341408
>>
>> Regards
>> On Sun, Sep 25, 2022 at 1:45 PM Saint Michael  wrote:
>>
>>> Question:
>>> can you write your own functions with opensips?
>>>
>>>
>>> On Sun, Sep 25, 2022 at 12:05 PM Saint Michael 
>>> wrote:
>>>
 Dear Daniel
 Can you point me to an example?
 Right now Opensios will get a clogged memory.
 Many thanks.


 On Sun, Sep 25, 2022, 11:45 AM Daniel Zanutti 
 wrote:

> You have to use dialog variable storing.
> Take a look at dialog module.
>
> Em dom., 25 de set. de 2022 10:42, Saint Michael 
> escreveu:
>
>> I noticed that the variable
>> $avp(lineid)
>> set in the section of the code handling the original INVITE, is null
>> when I need to close the call.
>> Is there a way to store a variable that will be available
>> throughout the call, everywhere?
>> I am trying:
>> cache_store("local","lineid_$ci","$avp(lineid)",0);
>> but I need this value to disappear when this call is closed. I cannot
>> set an expiration because the call may last for 2 hours or 2 seconds.
>>
>> many thanks for your help and guidance
>>
>> Philip
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
 ___
>>> Users mailing list
>>> Users@lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Question about cache_store and lifetime of variables

[Saint Michael]

I use opensips 3.1, does it matter?


On Mon, Sep 26, 2022 at 10:20 AM Daniel Zanutti 
wrote:

> can you write your own functions with opensips?
> Yes -> using routes
>
> Can you point me to an example?
> Storing->
> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5880336
> Retrieving ->
> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5887712
>
> Or work with flags, if just true or false value
> https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp341408
>
> Regards
> On Sun, Sep 25, 2022 at 1:45 PM Saint Michael  wrote:
>
>> Question:
>> can you write your own functions with opensips?
>>
>>
>> On Sun, Sep 25, 2022 at 12:05 PM Saint Michael  wrote:
>>
>>> Dear Daniel
>>> Can you point me to an example?
>>> Right now Opensios will get a clogged memory.
>>> Many thanks.
>>>
>>>
>>> On Sun, Sep 25, 2022, 11:45 AM Daniel Zanutti 
>>> wrote:
>>>
 You have to use dialog variable storing.
 Take a look at dialog module.

 Em dom., 25 de set. de 2022 10:42, Saint Michael 
 escreveu:

> I noticed that the variable
> $avp(lineid)
> set in the section of the code handling the original INVITE, is null
> when I need to close the call.
> Is there a way to store a variable that will be available
> throughout the call, everywhere?
> I am trying:
> cache_store("local","lineid_$ci","$avp(lineid)",0);
> but I need this value to disappear when this call is closed. I cannot
> set an expiration because the call may last for 2 hours or 2 seconds.
>
> many thanks for your help and guidance
>
> Philip
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
 ___
 Users mailing list
 Users@lists.opensips.org
 http://lists.opensips.org/cgi-bin/mailman/listinfo/users

>>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Question about cache_store and lifetime of variables

[Daniel Zanutti]

can you write your own functions with opensips?
Yes -> using routes

Can you point me to an example?
Storing->
https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5880336
Retrieving ->
https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp5887712

Or work with flags, if just true or false value
https://opensips.org/html/docs/modules/2.2.x/dialog.html#idp341408

Regards
On Sun, Sep 25, 2022 at 1:45 PM Saint Michael  wrote:

> Question:
> can you write your own functions with opensips?
>
>
> On Sun, Sep 25, 2022 at 12:05 PM Saint Michael  wrote:
>
>> Dear Daniel
>> Can you point me to an example?
>> Right now Opensios will get a clogged memory.
>> Many thanks.
>>
>>
>> On Sun, Sep 25, 2022, 11:45 AM Daniel Zanutti 
>> wrote:
>>
>>> You have to use dialog variable storing.
>>> Take a look at dialog module.
>>>
>>> Em dom., 25 de set. de 2022 10:42, Saint Michael 
>>> escreveu:
>>>
 I noticed that the variable
 $avp(lineid)
 set in the section of the code handling the original INVITE, is null
 when I need to close the call.
 Is there a way to store a variable that will be available
 throughout the call, everywhere?
 I am trying:
 cache_store("local","lineid_$ci","$avp(lineid)",0);
 but I need this value to disappear when this call is closed. I cannot
 set an expiration because the call may last for 2 hours or 2 seconds.

 many thanks for your help and guidance

 Philip


 ___
 Users mailing list
 Users@lists.opensips.org
 http://lists.opensips.org/cgi-bin/mailman/listinfo/users

>>> ___
>>> Users mailing list
>>> Users@lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] OPENSIPS 3.2.8 msilo can't send offline message on Register

[jacky z]

Hi Team,

We are testing Opensips 3.2.8 and found it can't send stored offline
messages on register. Compared with 3.1, it doesn't look for the tcp con.
Here are the comparisons between the logs of these two versions:

In 3.1, the existing con was looked and found and then the message was
sent. Please refer to the texts in red.

Sep 26 08:09:56 opensips[11566]: DBG:tm:print_request_uri:
sip:3293543...@sip.domain.com:5061
Sep 26 08:09:56 opensips[11566]: DBG:tm:run_local_route: building sip_msg
from buffer
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg: SIP Request:
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg:  method:  
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg:  uri: <
sip:3293543...@sip.domain.com:5061>
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_msg:  version: 
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers:
flags=
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_via_param: found param type
232,  = ; state=16
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_via: end of header reached,
state=5
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: via found,
flags=
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: this is the first
via
Sep 26 08:09:56 opensips[11566]: DBG:core:_parse_to: end of header reached,
state=9
Sep 26 08:09:56 opensips[11566]: DBG:core:_parse_to: display={}, ruri={
sip:3293543...@sip.domain.com:5061}
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field:  [38]; uri=[
sip:3293543...@sip.domain.com:5061]
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: to body [
sip:3293543...@sip.domain.com:5061#015#012]
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: cseq : <10>

Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: content_length=28
Sep 26 08:09:56 opensips[11566]: DBG:core:get_hdr_field: found end of header
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers:
flags=
Sep 26 08:09:56 opensips[11566]: DBG:core:parse_headers: flags=78
*Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: con found in state
0*
*Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: tcp connection
found (0x7fd4544f8130), acquiring fd*
*Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: c= 0x7fd4544f8130,
n=16, Usock=89*
Sep 26 08:09:56 opensips[11571]: DBG:core:handle_worker: read response=
7fd4544f8130, 1, fd -1 from 9 (11566)
Sep 26 08:09:56 opensips[11566]: DBG:core:tcp_conn_get: after receive_fd:
c= 0x7fd4544f8130 n=8 fd=118
Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:proto_tls_send: sending via
fd 118...
Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:tls_update_fd: New fd is 118
Sep 26 08:09:56 opensips[11566]: DBG:proto_tls:tls_write: write was
successful (555 bytes)


In 3.2.8, it seems the tcp connection was not looked for or found. There is
no tcp_conn_get as shown in the logs of 3.1, but reach the conclusion no
tcp connection found. It seems something is missing.

Sep 26 08:18:33 opensips[3481]: DBG:tm:run_local_route: building sip_msg
from buffer
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg: SIP Request:
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg:  method:  
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg:  uri: <
sip:6989229...@sip.domain.com>
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_msg:  version: 
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers:
flags=
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_via_param: found param type
232,  = ; state=16
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_via: end of header reached,
state=5
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: via found,
flags=
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: this is the first
via
Sep 26 08:18:33 opensips[3481]: DBG:core:_parse_to: end of header reached,
state=9
Sep 26 08:18:33 opensips[3481]: DBG:core:_parse_to: display={}, ruri={
sip:6989229...@sip.domain.com}
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field:  [32]; uri=[
sip:6989229...@sip.domain.com]
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: to body [
sip:6989229...@sip.domain.com#015#012]
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: cseq : <10>

Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: content_length=36
Sep 26 08:18:33 opensips[3481]: DBG:core:get_hdr_field: found end of header
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers:
flags=
Sep 26 08:18:33 opensips[3481]: DBG:core:parse_headers: flags=78
*Sep 26 08:18:33 opensips[3481]: DBG:proto_tls:proto_tls_send: no open tcp
connection found, opening new one, async = 0*

Thank you!
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] Opensips 3.2.8 does not send message with opensips-cli command

[jacky z]

Hi Team,

We use MI command to send messages to a user successfully with opensips
3.1, but after we upgraded to 3.2.8, the message can't be sent with
opensips-cli command.

We compared the logs and found that when the command was run on 3.2.8, the
tcp connection couldn't be found though we can confirm there was a tcp
connection. Another strange behavior is that it did not lookup the location
table for the ruri and it seems the message route was not called. On 3.2.8,
if we specify the ruri in the command with the actual ip address and port
we manually found in the location table, the message can be sent. We also
found the msilo module can't send messages on 3.2.8 but it works well on
3.1.

Here is the command we used:

opensips-cli -x mi t_uac_dlg method=MESSAGE
ruri="sip:12...@sip.domain.com:5061;transport=TLS" headers="From:
sip:6...@sip.domain.com:5061;transport=tls\r\nTo:
sip:12...@sip.domain.com:5061;transport=TLS\r\nContact:
sip:6...@sip.domain.com:5061;transport=tls\r\nContent-Type: text/plain\r\n"
body="this is a message"

Here are the logs on 3.1 and 3.2.8 respectively,

Logs for OPENSIPS 3.2

Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg: SIP Request:
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg:  method:  
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg:  uri:
 
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_msg:  version: 
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers:
flags=
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via_param: found param type
232,  = ; state=16
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_via: end of header reached,
state=5
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: via found,
flags=
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: this is the first
via
Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: end of header reached,
state=9
Sep 26 07:21:13 opensips[3477]: DBG:core:_parse_to: display={}, ruri={
sip:6989229...@sip.domain.com:5061}
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field:  [37]; uri=[
sip:6989229...@sip.domain.com:5061]
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: to body [
sip:6989229...@sip.domain.com:5061#015#012]
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: cseq : <10>

Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: content_length=28
Sep 26 07:21:13 opensips[3477]: DBG:core:get_hdr_field: found end of header
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers:
flags=
Sep 26 07:21:13 opensips[3477]: DBG:core:parse_headers: flags=78
Sep 26 07:21:13 opensips[3477]: DBG:proto_tls:proto_tls_send: no open tcp
connection found, opening new one, async = 0
Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: getsockopt:
snd is initially 16384
Sep 26 07:21:13 opensips[3477]: DBG:core:probe_max_sock_buff: using snd
buffer of 416 kb
Sep 26 07:21:13 opensips[3477]: DBG:core:init_sock_keepalive: TCP keepalive
enabled on socket 103
Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_connect_blocking_timeout:
connect timed out, 179 us elapsed out of 100 us
Sep 26 07:21:14 opensips[3477]: ERROR:core:tcp_sync_connect_fd:
tcp_blocking_connect failed
Sep 26 07:21:14 opensips[3477]: ERROR:proto_tls:proto_tls_send: connect
failed
Sep 26 07:21:14 opensips[3477]: ERROR:tm:msg_send: send() to
12.34.56.78:5061 for proto tls/3 failed
Sep 26 07:21:14 opensips[3477]: ERROR:tm:t_uac: attempt to send to
'sip:6989229...@sip.domain.com:5061;transport=TLS' failed

Logs for OPENSIPS 3.1

Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_msg: SIP Request:
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_msg:  method:  
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_msg:  uri: 
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_msg:  version: 
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_headers: flags=
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_via_param: found param type 232,  =
; state=16
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_via: end of header reached, state=5
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_headers: via found, flags=
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:parse_headers: this is the first via
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:_parse_to: end of header reached, state=9
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:_parse_to: display={}, ruri={sip:3293543...@sip.domain.com:5061}
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:get_hdr_field:  [38]; uri=[sip:3293543...@sip.domain.com:5061]
Sep 26 07:32:00 ip-172-31-14-229 /usr/sbin/opensips[11569]:
DBG:core:get_hdr_field: to body [sip:3293543...@sip.domain.com:5061#015#012]
Sep 26 07:32:00 ip-172-31-14-229 

Re: [OpenSIPS-Users] Connect to AWS RDS database with SSL enabled

[jacky z]

Hi Ovidiu,

The version I am using is 3.2. I am not familiar with the debug symbols,
but guess this can be reproduced easily. With ?tls_domain=dom1 attached
after the mysql address, it happens. Can you simply check if it is the same
behavior? If not, I will dig further by learning how to use the debug
symbols. Thanks!

On Mon, Sep 26, 2022 at 12:30 AM Ovidiu Sas  wrote:

> Which version of opensips are you using?
> Can you install the debug symbols and get a backtrace from the core file?
> https://www.opensips.org/Documentation/TroubleShooting-Crash
>
> Regards,
> Ovidiu Sas
>
> On Sun, Sep 25, 2022 at 6:32 AM jacky z  wrote:
> >
> > Hi Vlad,
> >
> > It seems opensips crashed when I set ?tls_domain=dom1 to enable tls
> connection to mysql db.  I followed the method in the manual.
> >
> > modparam("usrloc", "db_url", "mysql://root:1234@localhost
> /opensips?tls_domain=dom1")
> >
> >
> > Here is the log.
> >
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:mod_init: initializing TLS management
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom'
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom' defined, using default
> '/etc/pki/CA/'
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_openssl:get_ssl_ctx_verify_mode: client verification NOT
> activated. Weaker security.
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_mgm:init_tls_dom: Processing TLS domain 'dom1'
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'dom1' defined, using
> default '/etc/pki/CA/'
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> NOTICE:tls_openssl:openssl_init_tls_dom: No EC curve defined
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:tls_openssl:get_ssl_ctx_verify_mode: server verification NOT
> activated. Weaker security.
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:proto_tls:mod_init: initializing TLS protocol
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:proto_bin:mod_init: initializing BIN protocol
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> INFO:clusterer:mod_init: Clusterer module - initializing
> > Sep 25 10:14:01 ip-10-100-20-35 /usr/sbin/opensips[4935]:
> CRITICAL:core:sig_usr: segfault in attendant (starter) process!
> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.653243] opensips[4935]:
> segfault at 0 ip  sp 7ffececa3d08 error 14 in
> opensips[558b5bb75000+1c000]
> > Sep 25 10:14:01 ip-10-100-20-35 kernel: [39023.666503] Code: Bad RIP
> value.
> > Sep 25 10:14:01 ip-10-100-20-35 opensips: INFO:core:daemonize:
> pre-daemon process exiting with -1
> >
> > and my client domain settings
> >
> > #client domain
> > modparam("tls_mgm", "client_domain", "dom1")
> > modparam("tls_mgm", "match_ip_address", "[dom1]*")
> > modparam("tls_mgm", "match_sip_domain", "[dom1]*")
> > modparam("tls_mgm","certificate", "[dom1]/etc/ssl/certs/rootCACert.pem")
> > modparam("tls_mgm","private_key", "[dom1]/etc/ssl/private/rootCAKey.pem")
> > modparam("tls_mgm","ca_list", "[dom1]/etc/ssl/certs/rootCACert.pem")
> > modparam("tls_mgm","tls_method", "[dom1]SSLv23")
> > modparam("tls_mgm","verify_cert", "[dom1]0")
> > modparam("tls_mgm","require_cert", "[dom1]0")
> >
> > It is expected to see some other errors such as invalid cert but not
> crash in pre-daemon process. Any clue on this for me to debug? If I remove
> "?tls_domain=dom1", there is no such crash though the opensips server still
> couldn't start because I forced the mysql db to use ssl connection. Thanks!
> >
> > On Mon, Sep 19, 2022 at 9:09 PM Vlad Patrascu 
> wrote:
> >>
> >> Hi Jacky,
> >>
> >> I cant think of any workaround unfortunately.
> >>
> >> Regards,
> >>
> >> --
> >> Vlad Patrascu
> >> OpenSIPS Core Developer
> >> http://www.opensips-solutions.com
> >>
> >> On 17.09.2022 18:46, jacky z wrote:
> >>
> >> Hi  Vlad,
> >>
> >> Is there any workaround to disable the client cert? Thanks!
> >>
> >> On Wed, Sep 14, 2022 at 9:16 PM Vlad Patrascu 
> wrote:
> >>>
> >>> Hi Jacky,
> >>>
> >>> OpenSIPS will always require you to configure a client certificate for
> TLS client domains and will also present that certificate when connecting.
> But normally, a TLS server can simply choose not to verify the client
> certificate. I don't have any experience with AWS RDS though but it seems
> odd to not accept a connection only because the client