[OpenSIPS-Users] tls_mgm domain database configuration

Pratik Patel pratik.patel19970128 at gmail.com
Fri Apr 7 14:10:44 UTC 2023


Hi James,

Can you please share what parameters you have configured for TLS in
opensips 3.3?

Because I have also facing same issue for wss connection.

I have try same certificate in freeswitch and check that WSS url in
piesocket that connect established.

But when I configured same certificate in opensips and check in piesocket
then connection not established.

So if you share what you have configured I will try same on my side to
solve my issue.

On Fri, Apr 7, 2023, 13:43 James Nicholls via Users <
users at lists.opensips.org> wrote:

> Hi all,
>
> I have an existing opensips 3.3.4 setup that uses modparam to set tls_mgm
> certificates with separate server_domain and client_domain entries. This
> works fine for registration and calling using TLS but I want to be able to
> update certificates with tls_reload so I'm trying to move them to the
> database instead.
>
> The tls_mgm table schema added by opensips-cli has a domain and type
> column. Does "type" mean client/server or is it something else? I have
> tried having separate entries for client/server certs, or combining them
> into one row, but I can't get it to work. Everything seems to result in "no
> TLS client domain found" as below.
>
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:core:tcp_conn_create: failed to do proto 3 specific init for conn
> 0x7f3c9f1b5e98
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> DBG:core:tcpconn_destroy: delaying (0x7f3c9f1b5e98, flags 0018) ref = -1 ...
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:core:tcp_async_connect: tcp_conn_create failed, closing the socket
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:proto_tls:proto_tls_send: async TCP connect failed
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]: ERROR:tm:msg_send:
> send() to (PBX IP):5061 for proto tls/3 failed
> Apr 05 16:02:34 (hostname) /usr/sbin/opensips[22277]:
> ERROR:tm:t_forward_nonack: sending request failed
>
> Example row in the tls_mgm table:
>
>           domain: (SIP branded hostname)
> match_ip_address: (opensips IP):4003
> match_sip_domain: *
>             type: 1
>           method: TLSv1_2-
>      verify_cert: 0
>     require_cert: 0
>      certificate: -----BEGIN CERTIFICATE----- [...]
>      private_key: -----BEGIN RSA PRIVATE KEY----- [...]
>    crl_check_all: 0
>          crl_dir: NULL
>          ca_list: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
>           ca_dir: NULL
>      cipher_list: NULL
>        dh_params: NULL
>         ec_curve: NULL
>
> Is there any documentation for adding certificates to the tls_mgm table? I
> haven't found anything in the 3.3.x docs, the only examples use modparam.
> Hopefully I have got something really obvious wrong.
>
> Kind regards,
>
> James Nicholls
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230407/c1bb97b4/attachment-0001.html>


More information about the Users mailing list