Thanks Daniel and Sergiu!
The other think I notice is that kamcmd tls.reload causes the following error:
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_domain.c:572]: load_ca_list(): TLSc<default>: Unable to load CA list '/etc/dsiprouter/certs/cacert.pem' Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D0AB041:asn1 encoding routines:x509_name_ex_new:malloc failure Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
If I restart Kamailio it works fine. Let me know if you have any thoughts on this.
On Jun 18, 2020, at 2:42 AM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
see:
https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg And the OPTIONS keepalive can be handled in event_route[tm:local-request].
Cheers, Daniel
On 18.06.20 02:48, Mack Hendricks wrote:
Yeah...I’m aware. I was just checking if dispatcher could match on the ip:port just in case I wanted to support other use cases with my Kamailio instance. I read thru the source and it looks like the uac module is being used to initiate the OPTIONS message.
Sent from my iPhone
On Jun 17, 2020, at 8:09 PM, Sergiu Pojoga pojogas@gmail.com mailto:pojogas@gmail.com wrote:
Hi Mack,
You wouldn't have the burden of handling multiple domains whatsoever if you followed Microsoft's recommendations on how to configure SBC Teams for multiple tenants. Dispatcher would be used only for carrier's base domain.
On Wed, Jun 17, 2020, 7:11 PM Mack Hendricks, <mack@dopensource.com mailto:mack@dopensource.com> wrote: Hey All,
I'm attempting to use dispatcher to send probe messages using TLS for two different domains. I'm providing the socket attribute, which maps to a certificate in /etc/kamailio/tls.cfg. But, it seems to always select the default client cert, which is not the certificate I want to use.
My attrs column in dispatcher looks like this:
socket=tls:142.93.159.231:5061;ping_from=sip:mack.dopensource.com http://mack.dopensource.com/ socket=tls:142.93.159.231:5062;ping_from=sip:levin.dopensource.com http://levin.dopensource.com/
Is there some way to force dispatcher to do TLS cert matching based on the host:ip?
Thanks
-Mack
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.com http://www.asipto.com/ www.twitter.com/miconda http://www.twitter.com/miconda -- www.linkedin.com/in/miconda http://www.linkedin.com/in/miconda Funding: https://www.paypal.me/dcmierla https://www.paypal.me/dcmierla