[OpenSIPS-Users] Bug on TLS Management Interface

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Aug 11 15:59:45 UTC 2022 

Hi Francisco,

So, if you use wildcard for match_sip_domain in the client TLS domain, 
doesn't work for you ?

Regards.

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/

On 8/10/22 5:03 PM, Francisco Neto wrote:
> Hi Bogdan-Andrei!
>
> I’ve made the changes and now I can edit the TLS certificates normally 
> by control panel but I continue having a problem.
>
> If I configure the certificate directly on the configuration file the 
> connection with Microsoft Teams is correctly established, if I 
> configure through control panel, I receive on log the following messages:
>
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for 
> conn 0x7f22a5f993d0
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
> ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
> ERROR:proto_tls:proto_tls_send: connect failed
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: 
> send() to 52.114.132.46:5061 for proto tls/3 failed
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: 
> attempt to send to 'sip:sip.pstnhub.microsoft.com' failed
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for 
> conn 0x7f22a5f91420
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
> ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
> ERROR:proto_tls:proto_tls_send: connect failed
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: 
> send() to 52.114.76.76:5061 for proto tls/3 failed
> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: 
> attempt to send to 'sip:sip2.pstnhub.microsoft.com' failed
> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: 
> ERROR:core:tcp_connect_blocking_timeout: connect timed out, 599667 us 
> elapsed out of 600000 us
> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: 
> ERROR:core:tcp_sync_connect_fd: tcp_blocking_connect failed
> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: 
> ERROR:proto_tls:proto_tls_send: connect failed
> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: 
> send() to 52.114.32.169:5061 for proto tls/3 failed
> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: 
> attempt to send to 'sip:sip3.pstnhub.microsoft.com' failed
> Aug 10 11:00:09 bowser /usr/sbin/opensips[55047]: 
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
>
> I will send attached the screenshot of the control panel and below the 
> configuration that works.
>
> If it isn’t related to the same problem tell me and I send the message 
> to the open list ok!
>
> Thanks!
>
> # TLS CLIENT
> #modparam("tls_mgm", "client_domain", "sbcsothis")
> #modparam("tls_mgm", "match_sip_domain", "[sbcsothis]*")
> #modparam("tls_mgm", "match_ip_address", "[sbcsothis]*")
> #modparam("tls_mgm", "verify_cert", "[sbcsothis]1")
> #modparam("tls_mgm", "require_cert", "[sbcsothis]1")
> #modparam("tls_mgm", "tls_method", "[sbcsothis]TLSv1-")
> #modparam("tls_mgm", "certificate", 
> "[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt")
> #modparam("tls_mgm", "private_key", 
> "[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key")
> #modparam("tls_mgm", "ca_list", 
> "[sbcsothis]/etc/ssl/certs/ca-certificates.crt")
> #modparam("tls_mgm", "ca_dir", "[sbcsothis]/etc/ssl/certs/")Config file
>
>
>
> Em 10 de ago. de 2022 04:50 -0300, Bogdan-Andrei Iancu 
> <bogdan at opensips.org>, escreveu:
>> Hi Francisco,
>>
>> Thanks for the info, it seems it was an issue with the validation 
>> regexp, see 
>> https://github.com/OpenSIPS/opensips-cp/commit/7558bc7e36c03293858c7086edfc724d56a2b9b4
>>
>> So please update from GIT or TAR and give it a try (or simply do a 
>> manual change as per the diff link).
>>
>> Let me know if it works now.
>>
>> Regards,
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>    https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>    https://www.opensips.org/events/Summit-2022Athens/
>> On 8/9/22 11:46 PM, Francisco Neto wrote:
>>> Hi Bogdan-Andrei! How are you!
>>>
>>> Below is all the information that you have request ok, fell free to 
>>> ask me if you need something more!
>>>
>>> *version: opensips 3.2.5 (x86_64/linux)*
>>> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, 
>>> Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 
>>> 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
>>> poll method support: poll, epoll, sigio_rt, select.
>>> main.c compiled on with gcc 10
>>>
>>> *Opensips Control Panel 9.3.2*
>>>
>>> *Debian Version 11.2*
>>>
>>>
>>> Thank you very much for the help!
>>>
>>>
>>>
>>> Em 9 de ago. de 2022 05:39 -0300, Bogdan-Andrei Iancu 
>>> <bogdan at opensips.org>, escreveu:
>>>> Hi Francisco,
>>>>
>>>> I guess you are talking about managing certificates via the Control 
>>>> Panel, right ? if so, what version of OpenSIPS and OpenSIPS CP are 
>>>> you using ? Also, could you provide a screenshot of the add / 
>>>> update form, showing the issue? IF you have any sensitive data, 
>>>> please send the screenshot privately to me.
>>>>
>>>> Best regards,
>>>> Bogdan-Andrei Iancu
>>>>
>>>> OpenSIPS Founder and Developer
>>>>    https://www.opensips-solutions.com
>>>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>>>    https://www.opensips.org/events/Summit-2022Athens/
>>>> On 8/3/22 9:27 PM, Francisco Neto via Users wrote:
>>>>> Hi All!
>>>>>
>>>>> I’ve just installed open sips and everything is working ok, except 
>>>>> the TLS Management interface.
>>>>>
>>>>> When I try to add ou update any entry, it only accept “Network 
>>>>> Address” as “*”.
>>>>>
>>>>> If I type the IP address as x.x.x.x:port or “x.x.x.x:port” or 
>>>>> ‘x.x.x.x:port’ it always complain with the following message: 
>>>>> Failed to validate input for match_ip_address
>>>>>
>>>>> Can someone give me a tip of how should I write the IP address or 
>>>>> if it a bug?
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opensips.org
>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220811/a69cd9b3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D04BD69EB4754314AF257A93D3ADA588.png
Type: image/png
Size: 8292 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20220811/a69cd9b3/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DB7D58DE644C44489200EED54502B4A4.png
Type: image/png
Size: 8292 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20220811/a69cd9b3/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 4D4E11AC4AD945D9B0DAB9AFC951BF99.png
Type: image/png
Size: 8292 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20220811/a69cd9b3/attachment-0005.png>

More information about the Users mailing list