[SR-Users] dispatcher seems to use the default client certificate

Bastian Triller bastian.triller at gmail.com
Thu Jun 18 15:12:44 CEST 2020 

check permissions on that file and the directories in path, if all are
accessible by your user running Kamailio.

On Thu, Jun 18, 2020 at 2:12 PM Mack Hendricks <mack at dopensource.com> wrote:

> Thanks Daniel and Sergiu!
>
> The other think I notice is that kamcmd tls.reload causes the following
> error:
>
> Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls
> [tls_domain.c:572]: load_ca_list(): TLSc<default>: Unable to load CA list
> '/etc/dsiprouter/certs/cacert.pem'
> Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D0AB041:asn1 encoding
> routines:x509_name_ex_new:malloc failure
> Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding
> routines:asn1_item_embed_new:malloc failure
> Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding
> routines:asn1_item_embed_new:malloc failure
> Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding
> routines:asn1_item_embed_new:malloc failure
> Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1 error
> Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0907400D:PEM
> routines:PEM_X509_INFO_read_bio:ASN1 lib
> Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0B084009:x509
> certificate routines:X509_load_cert_crl_file:PEM lib
>
>
> If I restart Kamailio it works fine.   Let me know if you have any
> thoughts on this.
>
>
> On Jun 18, 2020, at 2:42 AM, Daniel-Constantin Mierla <miconda at gmail.com>
> wrote:
>
> Hello,
>
> see:
>
>
> https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg
>
> And the OPTIONS keepalive can be handled in event_route[tm:local-request].
>
> Cheers,
> Daniel
> On 18.06.20 02:48, Mack Hendricks wrote:
>
> Yeah...I’m aware.  I was just checking if dispatcher could match on the
> ip:port just in case I wanted to support other use cases with my Kamailio
> instance.   I read thru the source and it looks like the uac module is
> being used to initiate the OPTIONS message.
>
> Sent from my iPhone
>
> On Jun 17, 2020, at 8:09 PM, Sergiu Pojoga <pojogas at gmail.com>
> <pojogas at gmail.com> wrote:
>
> 
> Hi Mack,
>
> You wouldn't have the burden of handling multiple domains whatsoever if
> you followed Microsoft's recommendations on how to configure SBC Teams for
> multiple tenants. Dispatcher would be used only for carrier's base domain.
>
> On Wed, Jun 17, 2020, 7:11 PM Mack Hendricks, <mack at dopensource.com>
> wrote:
>
>> Hey All,
>>
>> I'm attempting to use dispatcher to send probe messages using TLS for two
>> different domains.  I'm providing the socket attribute, which maps to a
>> certificate in /etc/kamailio/tls.cfg.  But, it seems to always select the
>> default client cert, which is not the certificate I want to use.
>>
>> My attrs column in dispatcher looks like this:
>>
>> socket=tls:142.93.159.231:5061;ping_from=sip:mack.dopensource.com
>> socket=tls:142.93.159.231:5062;ping_from=sip:levin.dopensource.com
>>
>> Is there some way to force dispatcher to do TLS cert matching based on
>> the host:ip?
>>
>> Thanks
>>
>> -Mack
>>
>>
>>
>>
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200618/d8c001ba/attachment.html>

More information about the sr-users mailing list