[OpenSIPS-Users] no TLS client domain found error
Jehanzaib Younis
jehanzaib.kiani at gmail.com
Tue May 17 23:38:51 UTC 2022
Hi Bogdan,
That's the problem, when I try to add the client_domain I get an error.
Actually, I have a working config for webrtc but now I am adding a new
domain for MS teams direct route. In fact, any other domain gives an error.
If I disable MS Teams domain, the opensips do not give an error message and
my webrtc client can connect without any issue.
loadmodule "tls_mgm.so"
modparam("tls_mgm", "tls_library", "wolfssl")
#### (WebRTC) Client
modparam("tls_mgm", "server_domain", "sip.mywebphone.xx")
modparam("tls_mgm", "certificate",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/cert.pem")
modparam("tls_mgm", "private_key",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/privkey.pem")
modparam("tls_mgm", "ca_list",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx/fullchain.pem")
modparam("tls_mgm", "ca_dir",
"[sip.mywebphone.xx]/etc/letsencrypt/live/sip.mywebphone.xx")
modparam("tls_mgm", "tls_method", "[sip.mywebphone.xx]SSLv23")
modparam("tls_mgm", "verify_cert", "[sip.mywebphone.xx]1")
modparam("tls_mgm", "require_cert", "[sip.mywebphone.xx]1")
### This is for MS-Teams direct route
modparam("tls_mgm", "server_domain", "dom1.formsteams.com")
modparam("tls_mgm", "client_domain", "dom1.formsteams.com")
modparam("tls_mgm", "certificate", "[dom1.formsteams.com
]/etc/letsencrypt/live/dom1.formsteams.com/cert.pem")
modparam("tls_mgm", "private_key", "[dom1.formsteams.com
]/etc/letsencrypt/live/dom1.formsteams.com/privkey.pem")
modparam("tls_mgm", "ca_list", "[dom1.formsteams.com]/etc/letsencrypt/live/
dom1.formsteams.com/fullchain.pem")
modparam("tls_mgm", "ca_dir", "[dom1.formsteams.com]/etc/letsencrypt/live/
dom1.formsteams.com")
modparam("tls_mgm", "tls_method", "[dom1.formsteams.com]SSLv23")
modparam("tls_mgm", "verify_cert", "[dom1.formsteams.com]1")
modparam("tls_mgm", "require_cert", "[dom1.formsteams.com]1")
modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
When i enable the MS-Teams direct route domain i get the below error:
no certificate for tls domain ' dom1.formsteams.com ' defined
Regards,
Jehanzaib
On Wed, May 18, 2022 at 3:04 AM Bogdan-Andrei Iancu <bogdan at opensips.org>
wrote:
> Hi Jehanzaib,
>
> What are the TLS client domains you have defined in your tls_mgm module ?
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> OpenSIPS eBootcamp 23rd May - 3rd June 2022
> https://opensips.org/training/OpenSIPS_eBootcamp_2022/
>
> On 5/17/22 4:32 PM, Jehanzaib Younis wrote:
>
> Hi,
>
> I am having trouble to send/receive OPTIONS to ms teams.
> Using the dispatcher module. The socket is defined as tls:*mysbcip*:5061
> Looks like when my opensips (3.2.x) tries to send OPTIONS. it is giving me
> the following error
>
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn
> 0x7f00ef2a85a0
> ERROR:core:tcp_async_connect: tcp_conn_create failed
> ERROR:proto_tls:proto_tls_send: async TCP connect failed
> ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3 failed
> ERROR:tm:t_uac: attempt to send to '
> sip:sip3.pstnhub.microsoft.com:5061;transport:tls' failed
>
> I am setting the Contact as <sip:mytlsdomain:5061;transport=tls>
>
> Looks like the client domain is used for outgoing TLS connection but no
> idea which domain i need to add here. The socket is my opensips ip address.
>
> Has anyone seen a similar kind of behaviour?
>
> Thank you.
>
> Regards,
> Jehanzaib
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220518/e73673f8/attachment.html>
More information about the Users
mailing list