[OpenSIPS-Users] Trying to get TLS working with OpenSips 1.5

Anil Pannikode anilpannikode at hotmail.com
Thu Apr 23 22:49:35 CEST 2009


THanks for the tip. I did not cut and paste the private key properly. It is now loading how ever the connection is failing with the following error

 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tls_find_server_domain: virtual TLS server domain not found, Using default TLS server domain settings 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tls_tcpconn_init: found socket based TLS server domain [0.0.0.0:0] 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server) 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tcpconn_add: hashes: 594, 1 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:handle_new_connect: new connection: 0xb3ebdf50 24 flags: 0002 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:send2child: to tcp child 0 0(16980), 0xb3ebdf50 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: DBG:core:handle_io: received n=4 con=0xb3ebdf50, fd=19 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: DBG:core:io_watch_add: io_watch_add(0x826ab20, 19, 2, 0xb3ebdf50), fd_no=1 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: DBG:core:tls_update_fd: New fd is 19 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: ERROR:core:tls_accept: some error in SSL: 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: ERROR:core:tls_print_errstack: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: DBG:core:io_watch_del: io_watch_del (0x826ab20, 19, -1, 0x10) fd_no=2 called 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: DBG:core:release_tcpconn: releasing con 0xb3ebdf50, state -2, fd=19, id=1 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: DBG:core:release_tcpconn: extra_data 0xb3ece068 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:handle_tcp_child: reader response= b3ebdf50, -2 from 0 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tcpconn_destroy: destroying connection 0xb3ebdf50, flags 0002 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tls_close: closing SSL connection 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tls_update_fd: New fd is 24 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tls_shutdown: shutdown successful 

Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: DBG:core:tls_tcpconn_clean: entered 

 

 

Regards

 

Anil

 


 
> Date: Thu, 23 Apr 2009 23:24:44 +0300
> From: bogdan at voice-system.ro
> To: anilpannikode at hotmail.com
> CC: users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] Trying to get TLS working with OpenSips 1.5
> 
> Hi Anil,
> 
> Typical error cases:
> - the private key file does not exist or you do not have permission 
> to read that file
> - the private key file is not in PEM (base64 encoded) format.
> - if the private key file is encrypted, the password is not correct 
> or no password was provided
> - if you loaded a certificate file before issuing this function, the 
> public key in that certificate does not match the corresponding private 
> key in the private key file.
> 
> Regards,
> Bogdan
> 
> Anil M Pannikode (hotmail) wrote:
> >
> > I am getting the following error in the log files
> >
> > 
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_certificate: 
> > entered
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_certificate: 
> > '//etc/opensips/tls/user/certonly.pem' successfuly loaded
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: Entered
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: CA 
> > '//etc/opensips/tls/user/user-calist.pem' successfuly loaded
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_private_key: 
> > entered
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key: 
> > unable to load private key file 
> > '//etc/opensips/tls/user/privatekey.pem'. Retry (2 left) (check 
> > password case)
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key: 
> > unable to load private key file 
> > '//etc/opensips/tls/user/privatekey.pem'. Retry (1 left) (check 
> > password case)
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key: 
> > unable to load private key file 
> > '//etc/opensips/tls/user/privatekey.pem'. Retry (0 left) (check 
> > password case)
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key: 
> > unable to load private key file '//etc/opensips/tls/user/privatekey.pem'
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: CRITICAL:core:main: could not 
> > initialize tls, exiting...
> >
> > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:dispatcher:destroy: 
> > destroying module ...
> >
> > 
> >
> > Anybody know what the issues or where to set the password ?
> >
> > 
> >
> > Anil
> >
> > 
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > 
> 

_________________________________________________________________
Create a cool, new character for your Windows Live™ Messenger.
http://go.microsoft.com/?linkid=9656621
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090423/d25dd79b/attachment.htm 


More information about the Users mailing list