<div dir="ltr">check permissions on that file and the directories in path, if all are accessible by your user running Kamailio.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jun 18, 2020 at 2:12 PM Mack Hendricks <<a href="mailto:mack@dopensource.com">mack@dopensource.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;"><div>Thanks Daniel and Sergiu!</div><div><br></div><div>The other think I notice is that kamcmd tls.reload causes the following error:</div><div><br></div><div><div>Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_domain.c:572]: load_ca_list(): TLSc<default>: Unable to load CA list '/etc/dsiprouter/certs/cacert.pem'</div><div>Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D0AB041:asn1 encoding routines:x509_name_ex_new:malloc failure</div><div>Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure</div><div>Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure</div><div>Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure</div><div>Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error</div><div>Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib</div><div>Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib</div></div><div><br></div><div><br></div><div>If I restart Kamailio it works fine. Let me know if you have any thoughts on this.</div><br><div><br><blockquote type="cite"><div>On Jun 18, 2020, at 2:42 AM, Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>> wrote:</div><br><div>
<div><p>Hello,</p><p>see:</p><p><a href="https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg" target="_blank">https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg</a></p><p>And the OPTIONS keepalive can be handled in
event_route[tm:local-request].</p><p>Cheers,<br>
Daniel<br>
</p>
<div>On 18.06.20 02:48, Mack Hendricks
wrote:<br>
</div>
<blockquote type="cite">
Yeah...I’m aware. I was just checking if dispatcher could match
on the ip:port just in case I wanted to support other use cases
with my Kamailio instance. I read thru the source and it looks
like the uac module is being used to initiate the OPTIONS message.
<br>
<br>
<div dir="ltr">Sent from my iPhone</div>
<div dir="ltr"><br>
<blockquote type="cite">On Jun 17, 2020, at 8:09 PM, Sergiu
Pojoga <a href="mailto:pojogas@gmail.com" target="_blank"><pojogas@gmail.com></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="auto">
<div>Hi Mack, </div>
<div dir="auto"><br>
</div>
<div dir="auto">You wouldn't have the burden of handling
multiple domains whatsoever if you followed Microsoft's
recommendations on how to configure SBC Teams for multiple
tenants. Dispatcher would be used only for carrier's base
domain.<br>
<br>
<div class="gmail_quote" dir="auto">
<div dir="ltr" class="gmail_attr">On Wed, Jun 17, 2020,
7:11 PM Mack Hendricks, <<a href="mailto:mack@dopensource.com" target="_blank">mack@dopensource.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>Hey All,<br>
</div>
<div><br>
</div>
<div>I'm attempting to use dispatcher to send probe
messages using TLS for two different domains. I'm
providing the socket attribute, which maps to a
certificate in /etc/kamailio/tls.cfg. But, it
seems to always select the default client cert,
which is not the certificate I want to use.</div>
<div><br>
</div>
<div>My attrs column in dispatcher looks like this:</div>
<div><br>
</div>
<div>socket=tls:142.93.159.231:5061;ping_from=sip:<a href="http://mack.dopensource.com/" rel="noreferrer" target="_blank">mack.dopensource.com</a><br>
</div>
<div>socket=tls:142.93.159.231:5062;ping_from=sip:<a href="http://levin.dopensource.com/" rel="noreferrer" target="_blank">levin.dopensource.com</a><br>
</div>
<div><br>
</div>
<div>Is there some way to force dispatcher to do TLS
cert matching based on the host:ip?</div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>-Mack</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" rel="noreferrer" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
</div>
</div>
<span>_______________________________________________</span><br>
<span>Kamailio (SER) - Users Mailing List</span><br>
<span><a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a></span><br>
<span><a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></span><br>
</div>
</blockquote>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Kamailio (SER) - Users Mailing List
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com/" target="_blank">www.asipto.com</a>
<a href="http://www.twitter.com/miconda" target="_blank">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda" target="_blank">www.linkedin.com/in/miconda</a>
Funding: <a href="https://www.paypal.me/dcmierla" target="_blank">https://www.paypal.me/dcmierla</a></pre>
</div>
</div></blockquote></div><br></div>_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>