<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">You can add extra methods in the combo, not a
problem - the question is if opensips will understand it when
loading from DB - do you see any errors on reload ?<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/17/22 5:52 PM, Francisco Neto
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:fa46243a-bd93-4b24-8499-bbf8eec3d3e8@Spark">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
<div name="messageBodySection">
<div dir="auto">Hi Bogdan-Andrei!!<br>
<br>
I’ve made the changes on the code as you requested. On CP I
could fill the match_sip_domain With * and update the item,
after that the errors on log file have changed a lot now.<br>
Below are the errors that are appearing to me now<br>
<br>
By the way, directly on the config file the SSL Method that
works better for me was “TLSv1-“. This option didn’t exist on
tviewer.inc.php, but I have created this option on the file.
Does it have any problem to add a new valid combo option??<br>
<br>
Thanks!<br>
<br>
ERROR:proto_tls:proto_tls_send: failed to send<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto tls/3
failed<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tm:t_uac: attempt to send to
'<a class="moz-txt-link-freetext" href="sip:sip2.pstnhub.microsoft.com:5061">sip:sip2.pstnhub.microsoft.com:5061</a>' failed<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: SSL_ERROR_SYSCALL
err=Resource temporarily unavailable(11)<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: New TLS connection to
52.114.76.76:5061 failed<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:tls_openssl:openssl_tls_connect: TLS error: 5 (ret=-1)
err=Resource temporarily unavailable(11)<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1948]:
ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake!<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:openssl_tls_connect: New TLS connection to
52.114.14.70:5061 failed<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:openssl_tls_connect: TLS error: 1 (ret=-1)
err=Success(0)<br>
Aug 17 11:49:15 bowser /usr/sbin/opensips[1958]:
ERROR:tls_openssl:tls_print_errstack: TLS errstack:
error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify
failed</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont"><br>
</div>
</div>
<div name="messageReplySection">Em 17 de ago. de 2022 04:29 -0300,
Bogdan-Andrei Iancu <a class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a>, escreveu:<br>
<blockquote type="cite" style="border-left-color: grey;
border-left-width: thin; border-left-style: solid; margin: 5px
5px;padding-left: 10px;">
<font face="monospace">Hi Francisco,<br>
<br>
Please check <a class="moz-txt-link-freetext"
href="https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c"
moz-do-not-send="true">
https://github.com/OpenSIPS/opensips-cp/commit/1e738fd948fcc83004b0b99edb4f361c0a8b784c</a>
- update again and give it a try by adding "*" for the
match_domain<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/16/22 11:32 PM, Francisco
Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:16c92b38-4306-411c-bf35-b62f88cd2975@Spark">
<div name="messageBodySection">
<div dir="auto">Hi Bogdan-Andrei!<br>
<br>
Actually I’ve tried with using sip domain as blank, with
* it didn’t let me press update on CP, and with the
client certificate (fqdn and domain part only) and in
all scenarios the error is the same as described below:<br>
<br>
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7efe29a648a8<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed,
closing the socket<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.132.46:5061 for
proto tls/3 failed<br>
Aug 16 17:29:30 bowser /usr/sbin/opensips[1128]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip.pstnhub.microsoft.com:5061"
moz-do-not-send="true">sip:sip.pstnhub.microsoft.com:5061</a>'
failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7efe29b341a8<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed,
closing the socket<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.76.76:5061 for proto
tls/3 failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip2.pstnhub.microsoft.com:5061"
moz-do-not-send="true">sip:sip2.pstnhub.microsoft.com:5061</a>'
failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7efe29a17ec8<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:core:tcp_sync_connect: tcp_conn_create failed,
closing the socket<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:msg_send: send() to 52.114.14.70:5061 for proto
tls/3 failed<br>
Aug 16 17:29:31 bowser /usr/sbin/opensips[1128]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip3.pstnhub.microsoft.com:5061"
moz-do-not-send="true">sip:sip3.pstnhub.microsoft.com:5061</a>'
failed<br>
<br>
Below is my actual config section about TLS<br>
<br>
loadmodule "proto_tls.so"<br>
modparam("proto_tls","tls_max_msg_chunks", 8)<br>
modparam("proto_tls","tls_handshake_timeout", 600)<br>
modparam("proto_tls", "tls_send_timeout", 2000)<br>
<br>
<br>
loadmodule "tls_openssl.so"<br>
loadmodule "tls_mgm.so"<br>
modparam("tls_mgm",
"db_url","mysql://opensips:XXXXXXXXXX@localhost/opensips")<br>
modparam("tls_mgm", "db_table", "tls_mgm")<br>
modparam("tls_mgm", "client_sip_domain_avp",
"tls_sip_dom")<br>
</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont"><br>
</div>
</div>
<div name="messageReplySection">Em 11 de ago. de 2022 12:59
-0300, Bogdan-Andrei Iancu
<a class="moz-txt-link-rfc2396E"
href="mailto:bogdan@opensips.org" moz-do-not-send="true"><bogdan@opensips.org></a>,
escreveu:<br>
<blockquote type="cite" style="border-left-color: grey;
border-left-width: thin; border-left-style: solid;
margin: 5px 5px;padding-left: 10px;">
<font face="monospace">Hi Francisco,<br>
<br>
So, if you use wildcard for</font> <font
face="monospace">match_sip_domain in the client TLS
domain, doesn't work for you ?<br>
<br>
Regards.<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com" moz-do-not-send="true">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/" moz-do-not-send="true">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/10/22 5:03 PM,
Francisco Neto wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d8ec8b2d-9ffb-4741-a3b4-63ff4f662376@Spark">
<div name="messageBodySection">
<div dir="auto">Hi Bogdan-Andrei!<br>
<br>
I’ve made the changes and now I can edit the TLS
certificates normally by control panel but I
continue having a problem.<br>
<br>
If I configure the certificate directly on the
configuration file the connection with Microsoft
Teams is correctly established, if I configure
through control panel, I receive on log the
following messages:<br>
<br>
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7f22a5f993d0<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect: tcp_conn_create
failed, closing the socket<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.132.46:5061
for proto tls/3 failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip.pstnhub.microsoft.com"
moz-do-not-send="true">sip:sip.pstnhub.microsoft.com</a>'
failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_conn_create: failed to do proto 3
specific init for conn 0x7f22a5f91420<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect: tcp_conn_create
failed, closing the socket<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.76.76:5061 for
proto tls/3 failed<br>
Aug 10 11:00:04 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip2.pstnhub.microsoft.com"
moz-do-not-send="true">sip:sip2.pstnhub.microsoft.com</a>'
failed<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_connect_blocking_timeout: connect
timed out, 599667 us elapsed out of 600000 us<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:core:tcp_sync_connect_fd:
tcp_blocking_connect failed<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_send: connect failed<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:tm:msg_send: send() to 52.114.32.169:5061
for proto tls/3 failed<br>
Aug 10 11:00:05 bowser /usr/sbin/opensips[55047]:
ERROR:tm:t_uac: attempt to send to '<a
class="moz-txt-link-freetext"
href="sip:sip3.pstnhub.microsoft.com"
moz-do-not-send="true">sip:sip3.pstnhub.microsoft.com</a>'
failed<br>
Aug 10 11:00:09 bowser /usr/sbin/opensips[55047]:
ERROR:proto_tls:proto_tls_conn_init: no TLS client
domain found<br>
<br>
I will send attached the screenshot of the control
panel and below the configuration that works.<br>
<br>
If it isn’t related to the same problem tell me
and I send the message to the open list ok!<br>
<br>
Thanks!<br>
<br>
# TLS CLIENT<br>
#modparam("tls_mgm", "client_domain", "sbcsothis")<br>
#modparam("tls_mgm", "match_sip_domain",
"[sbcsothis]*")<br>
#modparam("tls_mgm", "match_ip_address",
"[sbcsothis]*")<br>
#modparam("tls_mgm", "verify_cert",
"[sbcsothis]1")<br>
#modparam("tls_mgm", "require_cert",
"[sbcsothis]1")<br>
#modparam("tls_mgm", "tls_method",
"[sbcsothis]TLSv1-")<br>
#modparam("tls_mgm", "certificate",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.crt")<br>
#modparam("tls_mgm", "private_key",
"[sbcsothis]/etc/opensips/tls/user/sothistelecom.com.key")<br>
#modparam("tls_mgm", "ca_list",
"[sbcsothis]/etc/ssl/certs/ca-certificates.crt")<br>
#modparam("tls_mgm", "ca_dir",
"[sbcsothis]/etc/ssl/certs/")Config file<br>
<br>
</div>
</div>
<div name="messageSignatureSection"><br>
</div>
</blockquote>
</blockquote>
</div>
</blockquote>
<br>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>