Hi Bogdan-Andrei!! I’ve made the changes on the code as you requested. On CP I could fill the match_sip_domain With * and update the item, after that the errors on log file have changed a lot now. Below are the errors that are appearing to me now
By the way, directly on the config file the SSL Method that works better for me was “TLSv1-“. This option didn’t exist on tviewer.inc.php, but I have created this option on the file. Does it have any problem to add a new valid combo option?? Thanks! ERROR:proto_tls:proto_tls_send: failed to send Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]: ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]: ERROR:tm:t_uac: attempt to send to 'sip:sip2.pstnhub.microsoft.com:5061' failed Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]: ERROR:tls_openssl:openssl_tls_connect: SSL_ERROR_SYSCALL err=Resource temporarily unavailable(11) Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]: ERROR:tls_openssl:openssl_tls_connect: New TLS connection to 52.114.76.76:5061 failed Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]: ERROR:tls_openssl:openssl_tls_connect: TLS error: 5 (ret=-1) err=Resource temporarily unavailable(11) Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]: ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake! Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]: ERROR:tls_openssl:openssl_tls_connect: New TLS connection to 52.114.14.70:5061 failed Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]: ERROR:tls_openssl:openssl_tls_connect: TLS error: 1 (ret=-1) err=Success(0) Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]: ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [cid:47283D8C944B42F3A02401A5B7B37B70] Em 17 de ago. de 2022 04:29 -0300, Bogdan-Andrei Iancu <[email protected]>, escreveu: Hi Francisco, Please check https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c - update again and give it a try by adding "*" for the match_domain Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Summit 27-30 Sept 2022, Athens https://www.opensips.org/events/Summit-2022Athens/ On 8/16/22 11:32 PM, Francisco Neto wrote: Hi Bogdan-Andrei! Actually I’ve tried with using sip domain as blank, with * it didn’t let me press update on CP, and with the client certificate (fqdn and domain part only) and in all scenarios the error is the same as described below: ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn 0x7efe29a648a8 Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:proto_tls:proto_tls_send: connect failed Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: send() to 52.114.132.46:5061 for proto tls/3 failed Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: attempt to send to 'sip:sip.pstnhub.microsoft.com:5061' failed Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn 0x7efe29b341a8 Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:proto_tls:proto_tls_send: connect failed Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: attempt to send to 'sip:sip2.pstnhub.microsoft.com:5061' failed Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn 0x7efe29a17ec8 Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:proto_tls:proto_tls_send: connect failed Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: send() to 52.114.14.70:5061 for proto tls/3 failed Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: attempt to send to 'sip:sip3.pstnhub.microsoft.com:5061' failed Below is my actual config section about TLS loadmodule "proto_tls.so" modparam("proto_tls","tls_max_msg_chunks", 8) modparam("proto_tls","tls_handshake_timeout", 600) modparam("proto_tls", "tls_send_timeout", 2000) loadmodule "tls_openssl.so" loadmodule "tls_mgm.so" modparam("tls_mgm", "db_url","mysql://opensips:XXXXXXXXXX@localhost/opensips") modparam("tls_mgm", "db_table", "tls_mgm") modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom") [cid:[email protected]] Em 11 de ago. de 2022 12:59 -0300, Bogdan-Andrei Iancu <[email protected]><mailto:[email protected]>, escreveu: Hi Francisco, So, if you use wildcard for match_sip_domain in the client TLS domain, doesn't work for you ? Regards. Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Summit 27-30 Sept 2022, Athens https://www.opensips.org/events/Summit-2022Athens/ On 8/10/22 5:03 PM, Francisco Neto wrote: Hi Bogdan-Andrei! I’ve made the changes and now I can edit the TLS certificates normally by control panel but I continue having a problem. If I configure the certificate directly on the configuration file the connection with Microsoft Teams is correctly established, if I configure through control panel, I receive on log the following messages: ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn 0x7f22a5f993d0 Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:proto_tls:proto_tls_send: connect failed Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: send() to 52.114.132.46:5061 for proto tls/3 failed Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: attempt to send to 'sip:sip.pstnhub.microsoft.com' failed Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn 0x7f22a5f91420 Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:proto_tls:proto_tls_send: connect failed Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: attempt to send to 'sip:sip2.pstnhub.microsoft.com' failed Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_connect_blocking_timeout: connect timed out, 599667 us elapsed out of 600000 us Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:core:tcp_sync_connect_fd: tcp_blocking_connect failed Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:proto_tls:proto_tls_send: connect failed Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: send() to 52.114.32.169:5061 for proto tls/3 failed Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: attempt to send to 'sip:sip3.pstnhub.microsoft.com' failed Aug 10 11:00:09 bowser /usr/sbin/opensips[55047]: ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found I will send attached the screenshot of the control panel and below the configuration that works. If it isn’t related to the same problem tell me and I send the message to the open list ok! Thanks! # TLS CLIENT #modparam("tls_mgm", "client_domain", "sbcsothis") #modparam("tls_mgm", "match_sip_domain", "[sbcsothis]*") #modparam("tls_mgm", "match_ip_address", "[sbcsothis]*") #modparam("tls_mgm", "verify_cert", "[sbcsothis]1") #modparam("tls_mgm", "require_cert", "[sbcsothis]1") #modparam("tls_mgm", "tls_method", "[sbcsothis]TLSv1-") #modparam("tls_mgm", "certificate", "[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt") #modparam("tls_mgm", "private_key", "[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key") #modparam("tls_mgm", "ca_list", "[sbcsothis]/etc/ssl/certs/ca-certificates.crt") #modparam("tls_mgm", "ca_dir", "[sbcsothis]/etc/ssl/certs/")Config file
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
