<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Thanks Daniel and Sergiu!</div><div class=""><br class=""></div><div class="">The other think I notice is that kamcmd tls.reload causes the following error:</div><div class=""><br class=""></div><div class=""><div class="">Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_domain.c:572]: load_ca_list(): TLSc<default>: Unable to load CA list '/etc/dsiprouter/certs/cacert.pem'</div><div class="">Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D0AB041:asn1 encoding routines:x509_name_ex_new:malloc failure</div><div class="">Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure</div><div class="">Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure</div><div class="">Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure</div><div class="">Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error</div><div class="">Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib</div><div class="">Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">If I restart Kamailio it works fine. Let me know if you have any thoughts on this.</div><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Jun 18, 2020, at 2:42 AM, Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com" class="">miconda@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div class=""><p class="">Hello,</p><p class="">see:</p><p class=""><a href="https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg" class="">https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg</a></p><p class="">And the OPTIONS keepalive can be handled in
event_route[tm:local-request].</p><p class="">Cheers,<br class="">
Daniel<br class="">
</p>
<div class="moz-cite-prefix">On 18.06.20 02:48, Mack Hendricks
wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:FFE96D6E-ECF6-48B9-B799-5CBF8A156A07@goflyball.com" class="">
<meta http-equiv="content-type" content="text/html; charset=UTF-8" class="">
Yeah...I’m aware. I was just checking if dispatcher could match
on the ip:port just in case I wanted to support other use cases
with my Kamailio instance. I read thru the source and it looks
like the uac module is being used to initiate the OPTIONS message.
<br class="">
<br class="">
<div dir="ltr" class="">Sent from my iPhone</div>
<div dir="ltr" class=""><br class="">
<blockquote type="cite" class="">On Jun 17, 2020, at 8:09 PM, Sergiu
Pojoga <a class="moz-txt-link-rfc2396E" href="mailto:pojogas@gmail.com"><pojogas@gmail.com></a> wrote:<br class="">
<br class="">
</blockquote>
</div>
<blockquote type="cite" class="">
<div dir="ltr" class="">
<div dir="auto" class="">
<div class="">Hi Mack, </div>
<div dir="auto" class=""><br class="">
</div>
<div dir="auto" class="">You wouldn't have the burden of handling
multiple domains whatsoever if you followed Microsoft's
recommendations on how to configure SBC Teams for multiple
tenants. Dispatcher would be used only for carrier's base
domain.<br class="">
<br class="">
<div class="gmail_quote" dir="auto">
<div dir="ltr" class="gmail_attr">On Wed, Jun 17, 2020,
7:11 PM Mack Hendricks, <<a href="mailto:mack@dopensource.com" moz-do-not-send="true" class="">mack@dopensource.com</a>>
wrote:<br class="">
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr" class="">
<div class="">Hey All,<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">I'm attempting to use dispatcher to send probe
messages using TLS for two different domains. I'm
providing the socket attribute, which maps to a
certificate in /etc/kamailio/tls.cfg. But, it
seems to always select the default client cert,
which is not the certificate I want to use.</div>
<div class=""><br class="">
</div>
<div class="">My attrs column in dispatcher looks like this:</div>
<div class=""><br class="">
</div>
<div class="">socket=tls:142.93.159.231:5061;ping_from=sip:<a href="http://mack.dopensource.com/" target="_blank" rel="noreferrer" moz-do-not-send="true" class="">mack.dopensource.com</a><br class="">
</div>
<div class="">socket=tls:142.93.159.231:5062;ping_from=sip:<a href="http://levin.dopensource.com/" target="_blank" rel="noreferrer" moz-do-not-send="true" class="">levin.dopensource.com</a><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Is there some way to force dispatcher to do TLS
cert matching based on the host:ip?</div>
<div class=""><br class="">
</div>
<div class="">Thanks</div>
<div class=""><br class="">
</div>
<div class="">-Mack</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
</div>
_______________________________________________<br class="">
Kamailio (SER) - Users Mailing List<br class="">
<a href="mailto:sr-users@lists.kamailio.org" target="_blank" rel="noreferrer" moz-do-not-send="true" class="">sr-users@lists.kamailio.org</a><br class="">
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true" class="">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br class="">
</blockquote>
</div>
</div>
</div>
<span class="">_______________________________________________</span><br class="">
<span class="">Kamailio (SER) - Users Mailing List</span><br class="">
<span class=""><a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a></span><br class="">
<span class=""><a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></span><br class="">
</div>
</blockquote>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com/">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Funding: <a class="moz-txt-link-freetext" href="https://www.paypal.me/dcmierla">https://www.paypal.me/dcmierla</a></pre>
</div>
</div></blockquote></div><br class=""></body></html>