Hi James, Can you please share what parameters you have configured for TLS in opensips 3.3?
Because I have also facing same issue for wss connection. I have try same certificate in freeswitch and check that WSS url in piesocket that connect established. But when I configured same certificate in opensips and check in piesocket then connection not established. So if you share what you have configured I will try same on my side to solve my issue. On Fri, Apr 7, 2023, 13:43 James Nicholls via Users < [email protected]> wrote: > Hi all, > > I have an existing opensips 3.3.4 setup that uses modparam to set tls_mgm > certificates with separate server_domain and client_domain entries. This > works fine for registration and calling using TLS but I want to be able to > update certificates with tls_reload so I'm trying to move them to the > database instead. > > The tls_mgm table schema added by opensips-cli has a domain and type > column. Does "type" mean client/server or is it something else? I have > tried having separate entries for client/server certs, or combining them > into one row, but I can't get it to work. Everything seems to result in "no > TLS client domain found" as below. > > Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: > ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found > Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: > ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn > 0x7f3c9f1b5e98 > Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: > DBG:core:tcpconn_destroy: delaying (0x7f3c9f1b5e98, flags 0018) ref = -1 ... > Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: > ERROR:core:tcp_async_connect: tcp_conn_create failed, closing the socket > Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: > ERROR:proto_tls:proto_tls_send: async TCP connect failed > Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: ERROR:tm:msg_send: > send() to (PBX IP):5061 for proto tls/3 failed > Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: > ERROR:tm:t_forward_nonack: sending request failed > > Example row in the tls_mgm table: > > domain: (SIP branded hostname) > match_ip_address: (opensips IP):4003 > match_sip_domain: * > type: 1 > method: TLSv1_2- > verify_cert: 0 > require_cert: 0 > certificate: -----BEGIN CERTIFICATE----- [...] > private_key: -----BEGIN RSA PRIVATE KEY----- [...] > crl_check_all: 0 > crl_dir: NULL > ca_list: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem > ca_dir: NULL > cipher_list: NULL > dh_params: NULL > ec_curve: NULL > > Is there any documentation for adding certificates to the tls_mgm table? I > haven't found anything in the 3.3.x docs, the only examples use modparam. > Hopefully I have got something really obvious wrong. > > Kind regards, > > James Nicholls > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
