Thanks Daniel and Sergiu!

The other think I notice is that kamcmd tls.reload causes the following error:

Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_domain.c:572]: load_ca_list(): TLSc<default>: Unable to load CA list '/etc/dsiprouter/certs/cacert.pem'
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D0AB041:asn1 encoding routines:x509_name_ex_new:malloc failure
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib


If I restart Kamailio it works fine.   Let me know if you have any thoughts on this.


On Jun 18, 2020, at 2:42 AM, Daniel-Constantin Mierla <miconda@gmail.com> wrote:

Hello,

see:

https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg

And the OPTIONS keepalive can be handled in event_route[tm:local-request].

Cheers,
Daniel

On 18.06.20 02:48, Mack Hendricks wrote:
Yeah...I’m aware.  I was just checking if dispatcher could match on the ip:port just in case I wanted to support other use cases with my Kamailio instance.   I read thru the source and it looks like the uac module is being used to initiate the OPTIONS message.  

Sent from my iPhone

On Jun 17, 2020, at 8:09 PM, Sergiu Pojoga <pojogas@gmail.com> wrote:


Hi Mack, 

You wouldn't have the burden of handling multiple domains whatsoever if you followed Microsoft's recommendations on how to configure SBC Teams for multiple tenants. Dispatcher would be used only for carrier's base domain.

On Wed, Jun 17, 2020, 7:11 PM Mack Hendricks, <mack@dopensource.com> wrote:
Hey All,

I'm attempting to use dispatcher to send probe messages using TLS for two different domains.  I'm providing the socket attribute, which maps to a certificate in /etc/kamailio/tls.cfg.  But, it seems to always select the default client cert, which is not the certificate I want to use.

My attrs column in dispatcher looks like this:

socket=tls:142.93.159.231:5061;ping_from=sip:mack.dopensource.com
socket=tls:142.93.159.231:5062;ping_from=sip:levin.dopensource.com

Is there some way to force dispatcher to do TLS cert matching based on the host:ip?

Thanks

-Mack





_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla