<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Francisco,<br>
<br>
So, if you use wildcard for </font><font face="monospace">match_sip_domain
in the client TLS domain, doesn't work for you ?<br>
<br>
Regards.<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/10/22 5:03 PM, Francisco Neto
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d8ec8b2d-9ffb-4741-a3b4-63ff4f662376@Spark">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
<div name="messageBodySection">
<div dir="auto">Hi Bogdan-Andrei!<br>
<br>
I’ve made the changes and now I can edit the TLS certificates
normally by control panel but I continue having a problem.<br>
<br>
If I configure the certificate directly on the configuration
file the connection with Microsoft Teams is correctly
established, if I configure through control panel, I receive
on log the following messages:<br>
<br>
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain
found<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_conn_create: failed to do proto 3 specific init
for conn 0x7f22a5f993d0<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing
the socket<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.132.46:5061 for proto
tls/3 failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to
'<a class="moz-txt-link-freetext" href="sip:sip.pstnhub.microsoft.com">sip:sip.pstnhub.microsoft.com</a>' failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain
found<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_conn_create: failed to do proto 3 specific init
for conn 0x7f22a5f91420<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed, closing
the socket<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3
failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to
'<a class="moz-txt-link-freetext" href="sip:sip2.pstnhub.microsoft.com">sip:sip2.pstnhub.microsoft.com</a>' failed<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_connect_blocking_timeout: connect timed out,
599667 us elapsed out of 600000 us<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect_fd: tcp_blocking_connect failed<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.32.169:5061 for proto
tls/3 failed<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to
'<a class="moz-txt-link-freetext" href="sip:sip3.pstnhub.microsoft.com">sip:sip3.pstnhub.microsoft.com</a>' failed<br>
Aug 10 11:00:09 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain
found<br>
<br>
I will send attached the screenshot of the control panel and
below the configuration that works.<br>
<br>
If it isn’t related to the same problem tell me and I send the
message to the open list ok!<br>
<br>
Thanks!<br>
<br>
# TLS CLIENT<br>
#modparam("tls_mgm", "client_domain", "sbcsothis")<br>
#modparam("tls_mgm", "match_sip_domain", "[sbcsothis]*")<br>
#modparam("tls_mgm", "match_ip_address", "[sbcsothis]*")<br>
#modparam("tls_mgm", "verify_cert", "[sbcsothis]1")<br>
#modparam("tls_mgm", "require_cert", "[sbcsothis]1")<br>
#modparam("tls_mgm", "tls_method", "[sbcsothis]TLSv1-")<br>
#modparam("tls_mgm", "certificate",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt")<br>
#modparam("tls_mgm", "private_key",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key")<br>
#modparam("tls_mgm", "ca_list",
"[sbcsothis]/etc/ssl/certs/ca-certificates.crt")<br>
#modparam("tls_mgm", "ca_dir",
"[sbcsothis]/etc/ssl/certs/")Config file<br>
<br>
</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont"><img
src="cid:part1.785A2611.F166D4B1@opensips.org" class=""><br>
</div>
</div>
<div name="messageReplySection">Em 10 de ago. de 2022 04:50 -0300,
Bogdan-Andrei Iancu <a class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a>, escreveu:<br>
<blockquote type="cite" style="border-left-color: grey;
border-left-width: thin; border-left-style: solid; margin: 5px
5px;padding-left: 10px;">
<font face="monospace">Hi Francisco,<br>
<br>
Thanks for the info, it seems it was an issue with the
validation regexp, see <a class="moz-txt-link-freetext"
href="https://github.com/OpenSIPS/opensips-cp/commit/7558bc7e36c03293858c7086edfc724d56a2b9b4"
moz-do-not-send="true">
https://github.com/OpenSIPS/opensips-cp/commit/7558bc7e36c03293858c7086edfc724d56a2b9b4</a><br>
<br>
So please update from GIT or TAR and give it a try (or
simply do a manual change as per the diff link).<br>
<br>
Let me know if it works now.<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/9/22 11:46 PM, Francisco
Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:f66ea8e9-2233-4d72-a00c-816053e9be68@Spark">
<div name="messageBodySection">
<div dir="auto">Hi Bogdan-Andrei! How are you!<br>
<br>
Below is all the information that you have request ok,
fell free to ask me if you need something more!<br>
<br>
<strong>version: opensips 3.2.5 (x86_64/linux)</strong><br>
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP,
PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT<br>
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144,
MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535<br>
poll method support: poll, epoll, sigio_rt, select.<br>
main.c compiled on with gcc 10<br>
<br>
<strong>Opensips Control Panel 9.3.2</strong><br>
<br>
<strong>Debian Version 11.2</strong><br>
<br>
<br>
Thank you very much for the help!<br>
<br>
</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont"><img
src="cid:part5.FD9717CC.4C36158D@opensips.org"
class=""><br>
</div>
</div>
<div name="messageReplySection">Em 9 de ago. de 2022 05:39
-0300, Bogdan-Andrei Iancu
<a class="moz-txt-link-rfc2396E"
href="mailto:bogdan@opensips.org" moz-do-not-send="true"><bogdan@opensips.org></a>,
escreveu:<br>
<blockquote type="cite" style="border-left-color: grey;
border-left-width: thin; border-left-style: solid;
margin: 5px 5px;padding-left: 10px;">
<font face="monospace">Hi Francisco,<br>
<br>
I guess you are talking about managing certificates
via the Control Panel, right ? if so, what version of
OpenSIPS and OpenSIPS CP are you using ? Also, could
you provide a screenshot of the add / update form,
showing the issue? IF you have any sensitive data,
please send the screenshot privately to me.<br>
<br>
Best regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/3/22 9:27 PM,
Francisco Neto via Users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:86d5afe7-8236-42eb-948a-3e0432b25bf8@Spark">
<div name="messageBodySection">
<div dir="auto">Hi All!<br>
<br>
I’ve just installed open sips and everything is
working ok, except the TLS Management interface.<br>
<br>
When I try to add ou update any entry, it only
accept “Network Address” as “*”.<br>
<br>
If I type the IP address as x.x.x.x:port or
“x.x.x.x:port” or ‘x.x.x.x:port’ it always
complain with the following message: Failed to
validate input for match_ip_address<br>
<br>
Can someone give me a tip of how should I write
the IP address or if it a bug?<br>
<br>
Thanks!</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont"><img
src="cid:part9.0C13D810.9ABAE774@opensips.org"
class=""><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org" moz-do-not-send="true">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</blockquote>
</div>
</blockquote>
<br>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>