[OpenSIPS-Users] Testing of opensips.cfg
Bogdan-Andrei Iancu
bogdan at opensips.org
Wed Jun 28 06:41:00 UTC 2023
Hi Dovid,
The "-c" options is for checking the syntax of the cfg file, not
actually checking the data used by OpenSIPS, so this is why it does not
work for you . I guess you can use some openssl cli tool to validate /
check your certs before a restart / reload of TLS part.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 6/27/23 6:43 PM, Dovid Bender wrote:
> Hi All,
>
> We are trying to automate the update of our ssl certs. I tried by
> creating a "bad" cert file. When I run
> "/usr/local/src/opensips/opensips -c
> /usr/local/etc/opensips/opensips.cfg" it comes back clean as the
> config is sane however when I try to restart OpenSipS it will
> obviously fail with:
> Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net>
> /usr/local/src/opensips/opensips[311900]:
> ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:09091064:PEM
> routines:PEM_read_bio_ex:bad base64 decode
> Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net>
> /usr/local/src/opensips/opensips[311900]:
> ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:140DC009:SSL
> routines:use_certificate_chain_file:PEM lib
> Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net>
> /usr/local/src/opensips/opensips[311900]:
> ERROR:tls_openssl:load_certificate: unable to load certificate file
> '/usr/local/etc/opensips/wss-proxy.example.net/cert3_bad.pem
> <http://wss-proxy.example.net/cert3_bad.pem>'
> Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net>
> /usr/local/src/opensips/opensips[311900]:
> ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'example'
> Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net>
> /usr/local/src/opensips/opensips[311900]: ERROR:core:init_mod: failed
> to initialize module tls_mgm
> Jun 27 15:37:53 wss-proxy.example.net <http://wss-proxy.example.net>
> /usr/local/src/opensips/opensips[311900]: ERROR:core:main: error while
> initializing modules
>
> Is there anything I can do to check it see if on restart if OpenSipS
> will fail?
>
> TIA.
>
> Dovid
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230628/a41a9221/attachment.html>
More information about the Users
mailing list