[OpenSIPS-Users] Could not enable crypto

samuel samu60 at gmail.com
Tue Nov 15 17:01:26 CET 2011


Hi folks,

It turned out to be a permission problem. The certificate (.pem file) was
not readable by the apache user and it was therefore impossible to set the
TLS socket.
I was calling the PHP script with another user and I was able to read the
certificate.

Aplogies for the noise and congratulations for such a good product.

Best regards,
Samuel.

On 14 November 2011 18:19, Adrian Georgescu <ag at ag-projects.com> wrote:

> The only reason I can imagine is that you have not installed a PHP related
> package for TLS or Encryption in the Apache version.
>
> I would check if I were you, the list of packages that I have installed
> for the CLI version of PHP and the Apache version of PHP, the difference
> could give me a clue about what am I missing o is different from the Apache
> version.
>
> Adrian
>
> On Nov 14, 2011, at 1:15 PM, samuel wrote:
>
> > Hi folks,
> >
> > I've got the following scenario:
> > CDRTool (8.2.2) installed from sources is trying to communicate to a
> media-proxy dispatcher (2.5.2) installed from ag-projects repository.
> > The problem I'm facing is that from the CDRTool web interface, when I
> try to check the real-time usage in the section Sessions, the following
> error appear:
> > (...)
> > Error connecting to tcp://W.X.Y.Z:25061: (Could not enable crypto)
> > (...)
> >
> > The logs at the dispatcher server is the next one:
> > (...)
> > debug: Connection to Management interface client lost: A TLS packet with
> unexpected length was received.
> > (...)
> >
> > The "funny" thing is that if I use the following PHP script from the
> CLI, using the same cert as the installation process describes, I'm able to
> get the sessions:
> >
> > #!/usr/bin/php -q
> >
> > <?php
> > $host ='W.X.Y.Z';
> > $port = 25061;
> > $timeout = 10;
> > $cert = './mediaproxy.W.X.Y.Z.pem';
> > $context = stream_context_create(array('ssl'=>array('local_cert'=>
> $cert,)));
> > $fp = stream_socket_client('tcp://'.$host.':'.$port, $errno, $errstr,
> 30, STREAM_CLIENT_CONNECT, $context);
> > if (!$fp) {
> >     echo "ERROR: $errno - $errstr\n";
> > } else {
> >     if (stream_socket_enable_crypto($fp, true,
> STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {
> >         fputs($fp, "sessions\r\n");
> >         echo fread($fp,8192);
> >         fclose($fp);
> >     } else {
> >         echo "ERROR: could not enable crypto\n";
> >     }
> > }
> >
> > ?>
> >
> > I've got the feeling there's some "stupid" thing either in apache2 or in
> cdrtool configuration that does not let use TLS to the socket and it stays
> in "TCP-mode". Can anyone provide any shed on this issue?
> >
> > Thank you very much in advance,
> > Samuel
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20111115/9b71b911/attachment.htm>


More information about the Users mailing list