[SR-Users] What does "tls.reload" actually do?
hw at skalatan.de
Tue Aug 24 14:21:31 CEST 2021
on a first look to the code the tls.reload does similar operations as done during normal server startup, like
- load configuration
- fixing domains
- check sockets
If the error only happens sporadic and, on some servers, it is probably either an error that only occurs in specific circumstances unrelated to kamailio, or some internal corruption topic in the module/server.
Do you see it also on e.g., test systems without any real load? Is there a difference between the systems in kind of load, and this maybe also causes some difference when the error occurs?
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://gilawa.com
From: sr-users <sr-users-bounces at lists.kamailio.org> On Behalf Of Sebastian Damm
Sent: Tuesday, August 24, 2021 1:58 PM
To: sr-users <sr-users at lists.kamailio.org>
Subject: [SR-Users] What does "tls.reload" actually do?
I noticed a strange behavior on some of our proxy servers, all running Kamailio 5.3.8. After running for some time (weeks), our monitoring system sporadically starts reporting errors. The check connects via tls and registers to an Asterisk behind the proxy server. When this happens, the Kamailio log shows the following line:
ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
When restarting Kamailio, the problem goes away only to come back after some weeks uptime again.
On one host, I tried to find something using kamcmd, and I don't know why but I also issued "tls.reload". And from that point, the monitoring system has not reported the system as faulty anymore. I repeated the same thing on other hosts when the problem occured there, all with the same result. "tls.reload" helps. But from the documentation, I don't know why.
Does anybody have an explanation for it?
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users at lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
More information about the sr-users