[OpenSIPS-Users] Could not enable crypto

samuel samu60 at gmail.com
Mon Nov 14 13:15:17 CET 2011


Hi folks,

I've got the following scenario:
CDRTool (8.2.2) installed from sources is trying to communicate to a
media-proxy dispatcher (2.5.2) installed from ag-projects repository.
The problem I'm facing is that from the CDRTool web interface, when I try
to check the real-time usage in the section Sessions, the following error
appear:
(...)
Error connecting to tcp://W.X.Y.Z:25061: (Could not enable crypto)
(...)

The logs at the dispatcher server is the next one:
(...)
debug: Connection to Management interface client lost: A TLS packet with
unexpected length was received.
(...)

The "funny" thing is that if I use the following PHP script from the CLI,
using the same cert as the installation process describes, I'm able to get
the sessions:

#!/usr/bin/php -q

<?php
$host ='W.X.Y.Z';
$port = 25061;
$timeout = 10;
$cert = './mediaproxy.W.X.Y.Z.pem';
$context = stream_context_create(array('ssl'=>array('local_cert'=>
$cert,)));
$fp = stream_socket_client('tcp://'.$host.':'.$port, $errno, $errstr, 30,
STREAM_CLIENT_CONNECT, $context);
if (!$fp) {
    echo "ERROR: $errno - $errstr\n";
} else {
    if (stream_socket_enable_crypto($fp, true,
STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {
        fputs($fp, "sessions\r\n");
        echo fread($fp,8192);
        fclose($fp);
    } else {
        echo "ERROR: could not enable crypto\n";
    }
}

?>

I've got the feeling there's some "stupid" thing either in apache2 or in
cdrtool configuration that does not let use TLS to the socket and it stays
in "TCP-mode". Can anyone provide any shed on this issue?

Thank you very much in advance,
Samuel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20111114/a0ea443d/attachment.htm>


More information about the Users mailing list