Thanks Daniel and Sergiu! The other think I notice is that kamcmd tls.reload causes the following error:
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_domain.c:572]: load_ca_list(): TLSc<default>: Unable to load CA list '/etc/dsiprouter/certs/cacert.pem' Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D0AB041:asn1 encoding routines:x509_name_ex_new:malloc failure Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib If I restart Kamailio it works fine. Let me know if you have any thoughts on this. > On Jun 18, 2020, at 2:42 AM, Daniel-Constantin Mierla <mico...@gmail.com> > wrote: > > Hello, > > see: > > https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg > <https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg> > And the OPTIONS keepalive can be handled in event_route[tm:local-request]. > > Cheers, > Daniel > > On 18.06.20 02:48, Mack Hendricks wrote: >> Yeah...I’m aware. I was just checking if dispatcher could match on the >> ip:port just in case I wanted to support other use cases with my Kamailio >> instance. I read thru the source and it looks like the uac module is being >> used to initiate the OPTIONS message. >> >> Sent from my iPhone >> >>> On Jun 17, 2020, at 8:09 PM, Sergiu Pojoga <pojo...@gmail.com> >>> <mailto:pojo...@gmail.com> wrote: >>> >>> >>> Hi Mack, >>> >>> You wouldn't have the burden of handling multiple domains whatsoever if you >>> followed Microsoft's recommendations on how to configure SBC Teams for >>> multiple tenants. Dispatcher would be used only for carrier's base domain. >>> >>> On Wed, Jun 17, 2020, 7:11 PM Mack Hendricks, <m...@dopensource.com >>> <mailto:m...@dopensource.com>> wrote: >>> Hey All, >>> >>> I'm attempting to use dispatcher to send probe messages using TLS for two >>> different domains. I'm providing the socket attribute, which maps to a >>> certificate in /etc/kamailio/tls.cfg. But, it seems to always select the >>> default client cert, which is not the certificate I want to use. >>> >>> My attrs column in dispatcher looks like this: >>> >>> socket=tls:142.93.159.231:5061;ping_from=sip:mack.dopensource.com >>> <http://mack.dopensource.com/> >>> socket=tls:142.93.159.231:5062;ping_from=sip:levin.dopensource.com >>> <http://levin.dopensource.com/> >>> >>> Is there some way to force dispatcher to do TLS cert matching based on the >>> host:ip? >>> >>> Thanks >>> >>> -Mack >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> >> >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> > -- > Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com/> > www.twitter.com/miconda <http://www.twitter.com/miconda> -- > www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> > Funding: https://www.paypal.me/dcmierla <https://www.paypal.me/dcmierla>
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
