Hi folks,<br><br>It turned out to be a permission problem. The certificate (.pem file) was not readable by the apache user and it was therefore impossible to set the TLS socket.<br>I was calling the PHP script with another user and I was able to read the certificate.<br>
<br>Aplogies for the noise and congratulations for such a good product.<br><br>Best regards,<br>Samuel.<br><br><div class="gmail_quote">On 14 November 2011 18:19, Adrian Georgescu <span dir="ltr"><<a href="mailto:ag@ag-projects.com">ag@ag-projects.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">The only reason I can imagine is that you have not installed a PHP related package for TLS or Encryption in the Apache version.<br>
<br>
I would check if I were you, the list of packages that I have installed for the CLI version of PHP and the Apache version of PHP, the difference could give me a clue about what am I missing o is different from the Apache version.<br>
<br>
Adrian<br>
<div><div></div><div class="h5"><br>
On Nov 14, 2011, at 1:15 PM, samuel wrote:<br>
<br>
> Hi folks,<br>
><br>
> I've got the following scenario:<br>
> CDRTool (8.2.2) installed from sources is trying to communicate to a media-proxy dispatcher (2.5.2) installed from ag-projects repository.<br>
> The problem I'm facing is that from the CDRTool web interface, when I try to check the real-time usage in the section Sessions, the following error appear:<br>
> (...)<br>
> Error connecting to tcp://W.X.Y.Z:25061: (Could not enable crypto)<br>
> (...)<br>
><br>
> The logs at the dispatcher server is the next one:<br>
> (...)<br>
> debug: Connection to Management interface client lost: A TLS packet with unexpected length was received.<br>
> (...)<br>
><br>
> The "funny" thing is that if I use the following PHP script from the CLI, using the same cert as the installation process describes, I'm able to get the sessions:<br>
><br>
> #!/usr/bin/php -q<br>
><br>
> <?php<br>
> $host ='W.X.Y.Z';<br>
> $port = 25061;<br>
> $timeout = 10;<br>
> $cert = './mediaproxy.W.X.Y.Z.pem';<br>
> $context = stream_context_create(array('ssl'=>array('local_cert'=> $cert,)));<br>
> $fp = stream_socket_client('tcp://'.$host.':'.$port, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);<br>
> if (!$fp) {<br>
> echo "ERROR: $errno - $errstr\n";<br>
> } else {<br>
> if (stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {<br>
> fputs($fp, "sessions\r\n");<br>
> echo fread($fp,8192);<br>
> fclose($fp);<br>
> } else {<br>
> echo "ERROR: could not enable crypto\n";<br>
> }<br>
> }<br>
><br>
> ?><br>
><br>
> I've got the feeling there's some "stupid" thing either in apache2 or in cdrtool configuration that does not let use TLS to the socket and it stays in "TCP-mode". Can anyone provide any shed on this issue?<br>
><br>
> Thank you very much in advance,<br>
> Samuel<br>
</div></div>> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div><br>