[OpenSIPS-Users] TLS Error

Wed May 25 07:50:20 UTC 2022

Hi Wang,

A quick googling shows that the problem is with your certificate, being 
md5 signed - and this is considered a week signature. Check this
https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/

On 5/23/22 5:40 AM, Wang Wilson wrote:
>
> This is my folder user rights status, and I am running Opensips3.1 
> under root userprivilege.
>
> root at wilson-VirtualBox:/etc/opensips/tls/user# ls -lrth 
> /etc/opensips/tls/user
>
> total 20K
>
> -rw------- 1 root root 1.7K 5月  23 10:34 user-privkey.pem
>
> -rw-r--r-- 1 root root 1.1K 5月  23 10:34 user-cert_req.pem
>
> -rw-r--r-- 1 root root 4.2K 5月  23 10:34 user-cert.pem
>
> -rw-r--r-- 1 root root 1.3K 5月  23 10:34 user-calist.pem
>
> root at wilson-VirtualBox:/etc/opensips/tls/user#
>
> Can you tell if there is anything need to pay attention?
>
> Regards
>
> Wilson
>
> ------------------------------------------------------------------------
> *From:* Users <users-bounces at lists.opensips.org> on behalf of ideanet 
> help <ideanethelp at gmail.com>
> *Sent:* Monday, May 23, 2022 6:53:41 AM
> *To:* OpenSIPS users mailling list <users at lists.opensips.org>
> *Subject:* Re: [OpenSIPS-Users] TLS Error
> Hi Wang,
> Can you check the user rights of that directory? ls -lrth 
> /etc/opensips/tls/user
>
>
> On Mon, May 23, 2022 at 3:10 AM Wang Wilson <wyhc at hotmail.com 
> <mailto:wyhc at hotmail.com>> wrote:
>
>     Hello,
>
>     I am sending this to follow the issue that was reported on /Sep 17
>     13:13:06 EST 2020./
>
>     My problem is that I get the same error message, but the path to
>     /etc/opensips/tls/user/user-cert.pem is correct and it is not
>     symlink file.
>
>     I just start to explore the TLS method for us to support SIP
>     service. What could be the reason for this？
>
>     Thanks in advance.
>
>     Regards
>
>     Wilson
>
>     ------------------------------------------------------------------------------------------
>
>     INFO:core:mod_init: initializing TCP-plain protocol
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init:
>     initializing TLS management
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]: INFO:tls_mgm:mod_init:
>     disabling compression due ZLIB problems
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]:
>     INFO:tls_mgm:init_tls_dom: Processing TLS domain 'default'
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]:
>     NOTICE:tls_mgm:init_tls_dom: No EC curve defined
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]:
>     INFO:tls_mgm:get_ssl_ctx_verify_mode: client verification
>     activated. Client certificates are NOT mandatory.
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]:
>     NOTICE:tls_mgm:init_tls_dom: no CA dir for tls 'default' defined,
>     using default '/etc/pki/CA/'
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]:
>     NOTICE:tls_mgm:init_tls_dom: no crl for tls, using none
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]:
>     ERROR:tls_mgm:tls_print_errstack: TLS errstack: error:140AB18E:SSL
>     routines:SSL_CTX_use_certificate:ca md too weak
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]:
>     ERROR:tls_mgm:load_certificate: unable to load certificate file
>     '/etc/opensips/tls/user/user-cert.pem'
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]:
>     ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain 'default'
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]: ERROR:core:init_mod:
>     failed to initialize module tls_mgm
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]: ERROR:core:main: error
>     while initializing modules
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]: INFO:core:cleanup: cleanup
>
>     May 22 22:32:45 wilson-VirtualBox
>     /usr/local/opensips/sbin/opensips[7437]: NOTICE:core:main: Exiting....
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>     <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220525/63cc4d06/attachment-0001.html>