[OpenSIPS-Users] Could not enable crypto

Adrian Georgescu ag at ag-projects.com
Mon Nov 14 18:19:27 CET 2011


The only reason I can imagine is that you have not installed a PHP related package for TLS or Encryption in the Apache version.

I would check if I were you, the list of packages that I have installed for the CLI version of PHP and the Apache version of PHP, the difference could give me a clue about what am I missing o is different from the Apache version.

Adrian
 
On Nov 14, 2011, at 1:15 PM, samuel wrote:

> Hi folks,
> 
> I've got the following scenario:
> CDRTool (8.2.2) installed from sources is trying to communicate to a media-proxy dispatcher (2.5.2) installed from ag-projects repository.
> The problem I'm facing is that from the CDRTool web interface, when I try to check the real-time usage in the section Sessions, the following error appear:
> (...)
> Error connecting to tcp://W.X.Y.Z:25061: (Could not enable crypto)
> (...)
> 
> The logs at the dispatcher server is the next one:
> (...)
> debug: Connection to Management interface client lost: A TLS packet with unexpected length was received.
> (...)
> 
> The "funny" thing is that if I use the following PHP script from the CLI, using the same cert as the installation process describes, I'm able to get the sessions:
> 
> #!/usr/bin/php -q
> 
> <?php
> $host ='W.X.Y.Z';
> $port = 25061;
> $timeout = 10;
> $cert = './mediaproxy.W.X.Y.Z.pem';
> $context = stream_context_create(array('ssl'=>array('local_cert'=> $cert,)));
> $fp = stream_socket_client('tcp://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
> if (!$fp) {
>     echo "ERROR: $errno - $errstr\n";
> } else {
>     if (stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {
>         fputs($fp, "sessions\r\n");
>         echo fread($fp,8192);
>         fclose($fp);
>     } else {
>         echo "ERROR: could not enable crypto\n";
>     }
> }
> 
> ?>
> 
> I've got the feeling there's some "stupid" thing either in apache2 or in cdrtool configuration that does not let use TLS to the socket and it stays in "TCP-mode". Can anyone provide any shed on this issue?
> 
> Thank you very much in advance,
> Samuel
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list