<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <font face="monospace">You can add extra methods in the combo, not a
      problem - the question is if opensips will understand it when
      loading from DB - do you see any errors on reload ?<br>
      <br>
      Regards,<br>
    </font>
    <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  <a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
  <a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
    <div class="moz-cite-prefix">On 8/17/22 5:52 PM, Francisco Neto
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:fa46243a-bd93-4b24-8499-bbf8eec3d3e8@Spark">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <title></title>
      <div name="messageBodySection">
        <div dir="auto">Hi Bogdan-Andrei!!<br>
          <br>
          I’ve made the changes on the code as you requested. On CP I
          could fill the match_sip_domain With * and update the item,
          after that the errors on log file have changed a lot now.<br>
          Below are the errors that are appearing to me now<br>
          <br>
          By the way, directly on the config file the SSL Method that
          works better for me was “TLSv1-“. This option didn’t exist on
          tviewer.inc.php, but I have created this option on the file.
          Does it have any problem to add a new valid combo option??<br>
          <br>
          Thanks!<br>
          <br>
          ERROR:proto_tls:proto_tls_send: failed to send<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
          ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3
          failed<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
          ERROR:tm:t_uac: attempt to send to
          '<a class="moz-txt-link-freetext" href="sip:sip2.pstnhub.microsoft.com:5061">sip:sip2.pstnhub.microsoft.com:5061</a>' failed<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
          ERROR:tls_openssl:openssl_tls_connect: SSL_ERROR_SYSCALL
          err=Resource temporarily unavailable(11)<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
          ERROR:tls_openssl:openssl_tls_connect: New TLS connection to
          52.114.76.76:5061 failed<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
          ERROR:tls_openssl:openssl_tls_connect: TLS error: 5 (ret=-1)
          err=Resource temporarily unavailable(11)<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
          ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake!<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
          ERROR:tls_openssl:openssl_tls_connect: New TLS connection to
          52.114.14.70:5061 failed<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
          ERROR:tls_openssl:openssl_tls_connect: TLS error: 1 (ret=-1)
          err=Success(0)<br>
          Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
          ERROR:tls_openssl:tls_print_errstack: TLS errstack:
          error:1416F086:SSL
          routines:tls_process_server_certificate:certificate verify
          failed</div>
      </div>
      <div name="messageSignatureSection"><br>
        <div class="matchFont"><br>
        </div>
      </div>
      <div name="messageReplySection">Em 17 de ago. de 2022 04:29 -0300,
        Bogdan-Andrei Iancu <a class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a>, escreveu:<br>
        <blockquote type="cite" style="border-left-color: grey;
          border-left-width: thin; border-left-style: solid; margin: 5px
          5px;padding-left: 10px;">
          <font face="monospace">Hi Francisco,<br>
            <br>
            Please check <a class="moz-txt-link-freetext"
href="https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c"
              moz-do-not-send="true">
https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c</a>
            - update again and give it a try by adding "*" for the
            match_domain<br>
            <br>
            Regards,<br>
          </font>
          <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  <a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
  <a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
          <div class="moz-cite-prefix">On 8/16/22 11:32 PM, Francisco
            Neto wrote:<br>
          </div>
          <blockquote type="cite"
            cite="mid:16c92b38-4306-411c-bf35-b62f88cd2975@Spark">
            <div name="messageBodySection">
              <div dir="auto">Hi Bogdan-Andrei!<br>
                <br>
                Actually I’ve tried with using sip domain as blank, with
                * it didn’t let me press update on CP, and with the
                client certificate (fqdn and domain part only) and in
                all scenarios the error is the same as described below:<br>
                <br>
                ERROR:proto_tls:proto_tls_conn_init: no TLS client
                domain found<br>
                Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
                ERROR:core:tcp_conn_create: failed to do proto 3
                specific init for conn 0x7efe29a648a8<br>
                Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
                ERROR:core:tcp_sync_connect: tcp_conn_create failed,
                closing the socket<br>
                Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
                ERROR:proto_tls:proto_tls_send: connect failed<br>
                Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
                ERROR:tm:msg_send: send() to 52.114.132.46:5061 for
                proto tls/3 failed<br>
                Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
                ERROR:tm:t_uac: attempt to send to '<a
                  class="moz-txt-link-freetext"
                  href="sip:sip.pstnhub.microsoft.com:5061"
                  moz-do-not-send="true">sip:sip.pstnhub.microsoft.com:5061</a>'
                failed<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:proto_tls:proto_tls_conn_init: no TLS client
                domain found<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:core:tcp_conn_create: failed to do proto 3
                specific init for conn 0x7efe29b341a8<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:core:tcp_sync_connect: tcp_conn_create failed,
                closing the socket<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:proto_tls:proto_tls_send: connect failed<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto
                tls/3 failed<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:tm:t_uac: attempt to send to '<a
                  class="moz-txt-link-freetext"
                  href="sip:sip2.pstnhub.microsoft.com:5061"
                  moz-do-not-send="true">sip:sip2.pstnhub.microsoft.com:5061</a>'
                failed<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:proto_tls:proto_tls_conn_init: no TLS client
                domain found<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:core:tcp_conn_create: failed to do proto 3
                specific init for conn 0x7efe29a17ec8<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:core:tcp_sync_connect: tcp_conn_create failed,
                closing the socket<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:proto_tls:proto_tls_send: connect failed<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:tm:msg_send: send() to 52.114.14.70:5061 for proto
                tls/3 failed<br>
                Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
                ERROR:tm:t_uac: attempt to send to '<a
                  class="moz-txt-link-freetext"
                  href="sip:sip3.pstnhub.microsoft.com:5061"
                  moz-do-not-send="true">sip:sip3.pstnhub.microsoft.com:5061</a>'
                failed<br>
                <br>
                Below is my actual config section about TLS<br>
                <br>
                loadmodule "proto_tls.so"<br>
                modparam("proto_tls","tls_max_msg_chunks", 8)<br>
                modparam("proto_tls","tls_handshake_timeout", 600)<br>
                modparam("proto_tls", "tls_send_timeout", 2000)<br>
                <br>
                <br>
                loadmodule "tls_openssl.so"<br>
                loadmodule "tls_mgm.so"<br>
                modparam("tls_mgm",
                "db_url","mysql://opensips:XXXXXXXXXX@localhost/opensips")<br>
                modparam("tls_mgm", "db_table", "tls_mgm")<br>
                modparam("tls_mgm", "client_sip_domain_avp",
                "tls_sip_dom")<br>
              </div>
            </div>
            <div name="messageSignatureSection"><br>
              <div class="matchFont"><br>
              </div>
            </div>
            <div name="messageReplySection">Em 11 de ago. de 2022 12:59
              -0300, Bogdan-Andrei Iancu
              <a class="moz-txt-link-rfc2396E"
                href="mailto:bogdan@opensips.org" moz-do-not-send="true"><bogdan@opensips.org></a>,
              escreveu:<br>
              <blockquote type="cite" style="border-left-color: grey;
                border-left-width: thin; border-left-style: solid;
                margin: 5px 5px;padding-left: 10px;">
                <font face="monospace">Hi Francisco,<br>
                  <br>
                  So, if you use wildcard for</font> <font
                  face="monospace">match_sip_domain in the client TLS
                  domain, doesn't work for you ?<br>
                  <br>
                  Regards.<br>
                </font>
                <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  <a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
  <a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
                <div class="moz-cite-prefix">On 8/10/22 5:03 PM,
                  Francisco Neto wrote:<br>
                </div>
                <blockquote type="cite"
                  cite="mid:d8ec8b2d-9ffb-4741-a3b4-63ff4f662376@Spark">
                  <div name="messageBodySection">
                    <div dir="auto">Hi Bogdan-Andrei!<br>
                      <br>
                      I’ve made the changes and now I can edit the TLS
                      certificates normally by control panel but I
                      continue having a problem.<br>
                      <br>
                      If I configure the certificate directly on the
                      configuration file the connection with Microsoft
                      Teams is correctly established, if I configure
                      through control panel, I receive on log the
                      following messages:<br>
                      <br>
                      ERROR:proto_tls:proto_tls_conn_init: no TLS client
                      domain found<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:core:tcp_conn_create: failed to do proto 3
                      specific init for conn 0x7f22a5f993d0<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:core:tcp_sync_connect: tcp_conn_create
                      failed, closing the socket<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:proto_tls:proto_tls_send: connect failed<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:tm:msg_send: send() to 52.114.132.46:5061
                      for proto tls/3 failed<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:tm:t_uac: attempt to send to '<a
                        class="moz-txt-link-freetext"
                        href="sip:sip.pstnhub.microsoft.com"
                        moz-do-not-send="true">sip:sip.pstnhub.microsoft.com</a>'
                      failed<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:proto_tls:proto_tls_conn_init: no TLS client
                      domain found<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:core:tcp_conn_create: failed to do proto 3
                      specific init for conn 0x7f22a5f91420<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:core:tcp_sync_connect: tcp_conn_create
                      failed, closing the socket<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:proto_tls:proto_tls_send: connect failed<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:tm:msg_send: send() to 52.114.76.76:5061 for
                      proto tls/3 failed<br>
                      Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
                      ERROR:tm:t_uac: attempt to send to '<a
                        class="moz-txt-link-freetext"
                        href="sip:sip2.pstnhub.microsoft.com"
                        moz-do-not-send="true">sip:sip2.pstnhub.microsoft.com</a>'
                      failed<br>
                      Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
                      ERROR:core:tcp_connect_blocking_timeout: connect
                      timed out, 599667 us elapsed out of 600000 us<br>
                      Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
                      ERROR:core:tcp_sync_connect_fd:
                      tcp_blocking_connect failed<br>
                      Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
                      ERROR:proto_tls:proto_tls_send: connect failed<br>
                      Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
                      ERROR:tm:msg_send: send() to 52.114.32.169:5061
                      for proto tls/3 failed<br>
                      Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
                      ERROR:tm:t_uac: attempt to send to '<a
                        class="moz-txt-link-freetext"
                        href="sip:sip3.pstnhub.microsoft.com"
                        moz-do-not-send="true">sip:sip3.pstnhub.microsoft.com</a>'
                      failed<br>
                      Aug 10 11:00:09 bowser /usr/sbin/opensips[55047]:
                      ERROR:proto_tls:proto_tls_conn_init: no TLS client
                      domain found<br>
                      <br>
                      I will send attached the screenshot of the control
                      panel and below the configuration that works.<br>
                      <br>
                      If it isn’t related to the same problem tell me
                      and I send the message to the open list ok!<br>
                      <br>
                      Thanks!<br>
                      <br>
                      # TLS CLIENT<br>
                      #modparam("tls_mgm", "client_domain", "sbcsothis")<br>
                      #modparam("tls_mgm", "match_sip_domain",
                      "[sbcsothis]*")<br>
                      #modparam("tls_mgm", "match_ip_address",
                      "[sbcsothis]*")<br>
                      #modparam("tls_mgm", "verify_cert",
                      "[sbcsothis]1")<br>
                      #modparam("tls_mgm", "require_cert",
                      "[sbcsothis]1")<br>
                      #modparam("tls_mgm", "tls_method",
                      "[sbcsothis]TLSv1-")<br>
                      #modparam("tls_mgm", "certificate",
                      "[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt")<br>
                      #modparam("tls_mgm", "private_key",
                      "[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key")<br>
                      #modparam("tls_mgm", "ca_list",
                      "[sbcsothis]/etc/ssl/certs/ca-certificates.crt")<br>
                      #modparam("tls_mgm", "ca_dir",
                      "[sbcsothis]/etc/ssl/certs/")Config file<br>
                      <br>
                    </div>
                  </div>
                  <div name="messageSignatureSection"><br>
                  </div>
                </blockquote>
              </blockquote>
            </div>
          </blockquote>
          <br>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </body>
</html>