[OpenSIPS-Users] Frequent TLS failures

Daniel Lakeland dlakelan at street-artists.org
Thu Jan 25 11:56:59 EST 2018


I have set up monit to monitor TLS connectivity for my opensips 
instance. It just connects via openssl s_client and greps for errors, it 
reboots openssl if it has errors more than a few times in a row.

I get errors as follows about 3 to 5 times a day:

	Description: status failed (1) -- 140444316333312:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:../crypto/rsa/rsa_pk1.c:67:
140444316333312:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:../crypto/rsa/rsa_ossl.c:586:
140444316333312:error:1416D07B:SSL routines:tls_process_key_exchange:bad signature:../ssl/statem/statem_clnt.c:1721:


rebooting opensips makes them go away for several hours. For example monit rebooted opensips at 2:37 AM, 4:55 AM, and 6:48 AM so far this morning (it's about 8:55 am where I am now).

This seems suspicious, and btw several other processes use the same certs with no problems day in and day out (prosody jabber server for example, probably some others).

I suspect some memory gets corrupted in opensips and this causes it to fail to work.

Opensips is version 2.3.2-1 installed from the opensips apt repository on a mixed Debian system, openssl and libssl = 1.1.0g

Any thoughts?





More information about the Users mailing list