<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Dovid,<br>
<br>
The "-c" options is for checking the syntax of the cfg file, not
actually checking the data used by OpenSIPS, so this is why it
does not work for you . I guess you can use some openssl cli tool
to validate / check your certs before a restart / reload of TLS
part.<br>
<br>
Regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
<a class="moz-txt-link-freetext" href="https://www.siphub.com">https://www.siphub.com</a></pre>
<div class="moz-cite-prefix">On 6/27/23 6:43 PM, Dovid Bender wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAM3TTh3CWfPQOkjT90jHezoTG=6wV+U6ZFWdRu-noCWmoe0O2g@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi All,
<div><br>
We are trying to automate the update of our ssl certs. I tried
by creating a "bad" cert file. When I run
"/usr/local/src/opensips/opensips -c
/usr/local/etc/opensips/opensips.cfg" it comes back clean as
the config is sane however when I try to restart OpenSipS it
will obviously fail with:</div>
<div>Jun 27 15:37:53 <a href="http://wss-proxy.example.net"
moz-do-not-send="true">wss-proxy.example.net</a>
/usr/local/src/opensips/opensips[311900]:
ERROR:tls_openssl:tls_print_errstack: TLS errstack:
error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode<br>
Jun 27 15:37:53 <a href="http://wss-proxy.example.net"
moz-do-not-send="true">wss-proxy.example.net</a>
/usr/local/src/opensips/opensips[311900]:
ERROR:tls_openssl:tls_print_errstack: TLS errstack:
error:140DC009:SSL routines:use_certificate_chain_<a class="moz-txt-link-freetext" href="file:PEM">file:PEM</a> lib<br>
Jun 27 15:37:53 <a href="http://wss-proxy.example.net"
moz-do-not-send="true">wss-proxy.example.net</a>
/usr/local/src/opensips/opensips[311900]:
ERROR:tls_openssl:load_certificate: unable to load certificate
file '/usr/local/etc/opensips/<a
href="http://wss-proxy.example.net/cert3_bad.pem"
moz-do-not-send="true">wss-proxy.example.net/cert3_bad.pem</a>'<br>
Jun 27 15:37:53 <a href="http://wss-proxy.example.net"
moz-do-not-send="true">wss-proxy.example.net</a>
/usr/local/src/opensips/opensips[311900]:
ERROR:tls_mgm:init_tls_domains: Failed to init TLS domain
'example'<br>
Jun 27 15:37:53 <a href="http://wss-proxy.example.net"
moz-do-not-send="true">wss-proxy.example.net</a>
/usr/local/src/opensips/opensips[311900]: ERROR:core:init_mod:
failed to initialize module tls_mgm<br>
Jun 27 15:37:53 <a href="http://wss-proxy.example.net"
moz-do-not-send="true">wss-proxy.example.net</a>
/usr/local/src/opensips/opensips[311900]: ERROR:core:main:
error while initializing modules<br>
</div>
<div><br>
</div>
<div>Is there anything I can do to check it see if on restart if
OpenSipS will fail?</div>
<div><br>
TIA.<br>
<br>
Dovid</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>