Re: [OpenSIPS-Users] TLS Error

Wed, 25 May 2022 00:53:39 -0700 

Hi Wang,
A quick googling shows that the problem is with your certificate, being md5 signed - and this is considered a week signature. Check this 
https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 5/23/22 5:40 AM, Wang Wilson wrote:
This is my folder user rights status, and I am running Opensips3.1 under root userprivilege.
root@wilson-VirtualBox:/etc/opensips/tls/user# ls -lrth /etc/opensips/tls/user 

total 20K

-rw------- 1 root root 1.7K 5月  23 10:34 user-privkey.pem

-rw-r--r-- 1 root root 1.1K 5月  23 10:34 user-cert_req.pem

-rw-r--r-- 1 root root 4.2K 5月  23 10:34 user-cert.pem

-rw-r--r-- 1 root root 1.3K 5月  23 10:34 user-calist.pem

root@wilson-VirtualBox:/etc/opensips/tls/user#

Can you tell if there is anything need to pay attention?

Regards

Wilson

------------------------------------------------------------------------
*From:* Users <[email protected]> on behalf of ideanet help <[email protected]> 
*Sent:* Monday, May 23, 2022 6:53:41 AM
*To:* OpenSIPS users mailling list <[email protected]>
*Subject:* Re: [OpenSIPS-Users] TLS Error
Hi Wang,
Can you check the user rights of that directory? ls -lrth /etc/opensips/tls/user
On Mon, May 23, 2022 at 3:10 AM Wang Wilson <[email protected] <mailto:[email protected]>> wrote: 

    Hello,

    I am sending this to follow the issue that was reported on /Sep 17
    13:13:06 EST 2020./

    My problem is that I get the same error message, but the path to
    /etc/opensips/tls/user/user-cert.pem is correct and it is not
    symlink file.

    I just start to explore the TLS method for us to support SIP
    service. What could be the reason for this?

    Thanks in advance.

    Regards

    Wilson

    
------------------------------------------------------------------------------------------

    INFO:core:mod_init: initializing TCP-plain protocol

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init:
    initializing TLS management

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init:
    disabling compression due ZLIB problems

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]:
    INFO:tls_mgm:init_tls_dom: Processing TLS domain 'default'

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]:
    NOTICE:tls_mgm:init_tls_dom: No EC curve defined

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]:
    INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification
    activated. Client certificates are NOT mandatory.

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]:
    NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined,
    using default '/etc/pki/CA/'

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]:
    NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]:
    ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL
    routines:SSL_CTX_use_certificate:ca md too weak

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]:
    ERROR:tls_mgm:load_certificate: unable to load certificate file
    '/etc/opensips/tls/user/user-cert.pem'

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]:
    ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default'

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]: ERROR:core:init_mod:
    failed to initialize module tls_mgm

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]: ERROR:core:main: error
    while initializing modules

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]: INFO:core:cleanup: cleanup

    May 22 22:32:45 wilson-VirtualBox
    /usr/local/opensips/sbin/opensips[7437]: NOTICE:core:main: Exiting....

    _______________________________________________
    Users mailing list
    [email protected] <mailto:[email protected]>
    http://lists.opensips.org/cgi-bin/mailman/listinfo/users
    <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>


_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to