[OpenSIPS-Users] Bug on TLS Management Interface

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Aug 17 07:28:49 UTC 2022 

Hi Francisco,

Please check 
https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c 
- update again and give it a try by adding "*" for the match_domain

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/

On 8/16/22 11:32 PM, Francisco Neto wrote:
> Hi Bogdan-Andrei!
>
> Actually I’ve tried with using sip domain as blank, with * it didn’t 
> let me press update on CP, and with the client certificate (fqdn and 
> domain part only) and in all scenarios the error is the same as 
> described below:
>
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: 
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for 
> conn 0x7efe29a648a8
> Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: 
> ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket
> Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: 
> ERROR:proto_tls:proto_tls_send: connect failed
> Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: 
> send() to 52.114.132.46:5061 for proto tls/3 failed
> Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: 
> attempt to send to 'sip:sip.pstnhub.microsoft.com:5061' failed
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: 
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: 
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for 
> conn 0x7efe29b341a8
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: 
> ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: 
> ERROR:proto_tls:proto_tls_send: connect failed
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: 
> send() to 52.114.76.76:5061 for proto tls/3 failed
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: 
> attempt to send to 'sip:sip2.pstnhub.microsoft.com:5061' failed
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: 
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: 
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for 
> conn 0x7efe29a17ec8
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: 
> ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: 
> ERROR:proto_tls:proto_tls_send: connect failed
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:msg_send: 
> send() to 52.114.14.70:5061 for proto tls/3 failed
> Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]: ERROR:tm:t_uac: 
> attempt to send to 'sip:sip3.pstnhub.microsoft.com:5061' failed
>
> Below is my actual config section about TLS
>
> loadmodule "proto_tls.so"
> modparam("proto_tls","tls_max_msg_chunks", 8)
> modparam("proto_tls","tls_handshake_timeout", 600)
> modparam("proto_tls", "tls_send_timeout", 2000)
>
>
> loadmodule "tls_openssl.so"
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", 
> "db_url","mysql://opensips:XXXXXXXXXX@localhost/opensips")
> modparam("tls_mgm", "db_table", "tls_mgm")
> modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
>
>
> Em 11 de ago. de 2022 12:59 -0300, Bogdan-Andrei Iancu 
> <bogdan at opensips.org>, escreveu:
>> Hi Francisco,
>>
>> So, if you use wildcard for match_sip_domain in the client TLS 
>> domain, doesn't work for you ?
>>
>> Regards.
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>    https://www.opensips-solutions.com
>> OpenSIPS Summit 27-30 Sept 2022, Athens
>>    https://www.opensips.org/events/Summit-2022Athens/
>> On 8/10/22 5:03 PM, Francisco Neto wrote:
>>> Hi Bogdan-Andrei!
>>>
>>> I’ve made the changes and now I can edit the TLS certificates 
>>> normally by control panel but I continue having a problem.
>>>
>>> If I configure the certificate directly on the configuration file 
>>> the connection with Microsoft Teams is correctly established, if I 
>>> configure through control panel, I receive on log the following 
>>> messages:
>>>
>>> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for 
>>> conn 0x7f22a5f993d0
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:proto_tls:proto_tls_send: connect failed
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: 
>>> send() to 52.114.132.46:5061 for proto tls/3 failed
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: 
>>> attempt to send to 'sip:sip.pstnhub.microsoft.com' failed
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for 
>>> conn 0x7f22a5f91420
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing the socket
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:proto_tls:proto_tls_send: connect failed
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: 
>>> send() to 52.114.76.76:5061 for proto tls/3 failed
>>> Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: 
>>> attempt to send to 'sip:sip2.pstnhub.microsoft.com' failed
>>> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:core:tcp_connect_blocking_timeout: connect timed out, 599667 
>>> us elapsed out of 600000 us
>>> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:core:tcp_sync_connect_fd: tcp_blocking_connect failed
>>> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:proto_tls:proto_tls_send: connect failed
>>> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:tm:msg_send: 
>>> send() to 52.114.32.169:5061 for proto tls/3 failed
>>> Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]: ERROR:tm:t_uac: 
>>> attempt to send to 'sip:sip3.pstnhub.microsoft.com' failed
>>> Aug 10 11:00:09 bowser /usr/sbin/opensips[55047]: 
>>> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
>>>
>>> I will send attached the screenshot of the control panel and below 
>>> the configuration that works.
>>>
>>> If it isn’t related to the same problem tell me and I send the 
>>> message to the open list ok!
>>>
>>> Thanks!
>>>
>>> # TLS CLIENT
>>> #modparam("tls_mgm", "client_domain", "sbcsothis")
>>> #modparam("tls_mgm", "match_sip_domain", "[sbcsothis]*")
>>> #modparam("tls_mgm", "match_ip_address", "[sbcsothis]*")
>>> #modparam("tls_mgm", "verify_cert", "[sbcsothis]1")
>>> #modparam("tls_mgm", "require_cert", "[sbcsothis]1")
>>> #modparam("tls_mgm", "tls_method", "[sbcsothis]TLSv1-")
>>> #modparam("tls_mgm", "certificate", 
>>> "[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt")
>>> #modparam("tls_mgm", "private_key", 
>>> "[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key")
>>> #modparam("tls_mgm", "ca_list", 
>>> "[sbcsothis]/etc/ssl/certs/ca-certificates.crt")
>>> #modparam("tls_mgm", "ca_dir", "[sbcsothis]/etc/ssl/certs/")Config file
>>>
>>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220817/bbe12cad/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: F4F396411D0249C49A1BE4F226E20C17.png
Type: image/png
Size: 8292 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20220817/bbe12cad/attachment-0001.png>

More information about the Users mailing list