[SR-Users] dispatcher seems to use the default client certificate
Mack Hendricks
mack at dopensource.com
Thu Jun 18 14:11:12 CEST 2020
Thanks Daniel and Sergiu!
The other think I notice is that kamcmd tls.reload causes the following error:
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_domain.c:572]: load_ca_list(): TLSc<default>: Unable to load CA list '/etc/dsiprouter/certs/cacert.pem'
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D0AB041:asn1 encoding routines:x509_name_ex_new:malloc failure
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failure
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib
Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
If I restart Kamailio it works fine. Let me know if you have any thoughts on this.
> On Jun 18, 2020, at 2:42 AM, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
>
> Hello,
>
> see:
>
> https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg <https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg>
> And the OPTIONS keepalive can be handled in event_route[tm:local-request].
>
> Cheers,
> Daniel
>
> On 18.06.20 02:48, Mack Hendricks wrote:
>> Yeah...I’m aware. I was just checking if dispatcher could match on the ip:port just in case I wanted to support other use cases with my Kamailio instance. I read thru the source and it looks like the uac module is being used to initiate the OPTIONS message.
>>
>> Sent from my iPhone
>>
>>> On Jun 17, 2020, at 8:09 PM, Sergiu Pojoga <pojogas at gmail.com> <mailto:pojogas at gmail.com> wrote:
>>>
>>>
>>> Hi Mack,
>>>
>>> You wouldn't have the burden of handling multiple domains whatsoever if you followed Microsoft's recommendations on how to configure SBC Teams for multiple tenants. Dispatcher would be used only for carrier's base domain.
>>>
>>> On Wed, Jun 17, 2020, 7:11 PM Mack Hendricks, <mack at dopensource.com <mailto:mack at dopensource.com>> wrote:
>>> Hey All,
>>>
>>> I'm attempting to use dispatcher to send probe messages using TLS for two different domains. I'm providing the socket attribute, which maps to a certificate in /etc/kamailio/tls.cfg. But, it seems to always select the default client cert, which is not the certificate I want to use.
>>>
>>> My attrs column in dispatcher looks like this:
>>>
>>> socket=tls:142.93.159.231:5061;ping_from=sip:mack.dopensource.com <http://mack.dopensource.com/>
>>> socket=tls:142.93.159.231:5062;ping_from=sip:levin.dopensource.com <http://levin.dopensource.com/>
>>>
>>> Is there some way to force dispatcher to do TLS cert matching based on the host:ip?
>>>
>>> Thanks
>>>
>>> -Mack
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> --
> Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com/>
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
> Funding: https://www.paypal.me/dcmierla <https://www.paypal.me/dcmierla>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200618/43d38f3a/attachment.html>
More information about the sr-users
mailing list