Sent from Nine<http://www.9folders.com/>
________________________________
From: Daniel Lakeland <[email protected]>
Sent: Thursday, 25 January 2018 6:59 pm
To: OpenSIPS users mailling list
Subject: [OpenSIPS-Users] Frequent TLS failures
I have set up monit to monitor TLS connectivity for my opensips
instance. It just connects via openssl s_client and greps for errors, it
reboots openssl if it has errors more than a few times in a row.
I get errors as follows about 3 to 5 times a day:
Description: status failed (1) -- 140444316333312:error:0407008A:rsa
routines:RSA_padding_check_PKCS1_type_1:invalid
padding:../crypto/rsa/rsa_pk1.c:67:
140444316333312:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding
check failed:../crypto/rsa/rsa_ossl.c:586:
140444316333312:error:1416D07B:SSL routines:tls_process_key_exchange:bad
signature:../ssl/statem/statem_clnt.c:1721:
rebooting opensips makes them go away for several hours. For example monit
rebooted opensips at 2:37 AM, 4:55 AM, and 6:48 AM so far this morning (it's
about 8:55 am where I am now).
This seems suspicious, and btw several other processes use the same certs with
no problems day in and day out (prosody jabber server for example, probably
some others).
I suspect some memory gets corrupted in opensips and this causes it to fail to
work.
Opensips is version 2.3.2-1 installed from the opensips apt repository on a
mixed Debian system, openssl and libssl = 1.1.0g
Any thoughts?
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
