[SR-Users] sr-users Digest, Vol 188, Issue 9
Daniel-Constantin Mierla
miconda at gmail.com
Tue Jan 26 19:11:01 CET 2021
Hello,
do not reply to mailing list digest messages, they have no relation to
the message you want to continue the discussion.
If you want to engage in an active discussion, disable the digest option
and follow up by replying to specific messages.
Or just create a new message, and if you want to refer to an existing
discussion, then paste the link to the thread discussion on mailing list
web archive.
Cheers,
DAniel
On 26.01.21 17:54, Willy Valles Rios wrote:
> Hello community,
>
> After a while, I finally got the connection from my Kamailio server to
> MsTeams and I can validate that the connection to MsTeams is in AP.
>
> [root @ kamailio-server kamailio] # kamcmd dispatcher.list | egrep
> "URI | FLAGS"
> URI: sip:
> sip.pstnhub.microsoft.com <http://sip.pstnhub.microsoft.com>;
> transport = tls
> FLAGS: AP
>
> However, from the admin panel of MsTeams (Direct Routing) I see that
> the connection to my sbc "sbc.netvoiceperu.com
> <http://sbc.netvoiceperu.com>" is with TLS connectivity status in
> "Active" but the SIP options status is in "Warning".
>
> I have made calls from MsTeams thinking that the SIP options status
> would change to "active" but it is still in "Warning" state. On the
> other hand, I have enabled a siptrace in Kamailio and verify that the
> SIP OPTIONS from kamailio are being sent in the following format to
> MsTeams.
>
> OPTIONS sip: sip.pstnhub.microsoft.com
> <http://sip.pstnhub.microsoft.com>; transport = tls SIP / 2.0
> Via: SIP / 2.0 / TLS
> 161.35.44.66:5061;branch=z9hG4bKea07.52224687000000000000000000000000.0
> To: <sip: sip.pstnhub.microsoft.com
> <http://sip.pstnhub.microsoft.com>; transport = tls>
> From: <sip: sbc.netvoiceperu.com <http://sbc.netvoiceperu.com>>; tag =
> d3569c818b500aeb8c373426e76c2884-81763c71
> CSeq: 10 OPTIONS
> Call-ID: 13ea237a751e0c48-9148 at 161.35.44.66
> <mailto:13ea237a751e0c48-9148 at 161.35.44.66>
> Max-Forwards: 70
> Content-Length: 0
> User-Agent: kamailio (5.4.0 (x86_64 / linux))
>
> As you can see, the SIP OPTIONS sent from Kamailio to MsTeams does not
> contain the "Contact" field, which in theory said "Contact" field
> should have been added by Kamailio according to the configuration
> added in kamailio.cfg
>
> event_route [tm: local-request] {
> sip_trace ();
> if (is_method ("OPTIONS") && $ ru = ~ "pstnhub.microsoft.com
> <http://pstnhub.microsoft.com>") {
> append_hf ("Contact: <sip: sbc.netvoiceperu.com
> <http://sbc.netvoiceperu.com>: 5061; transport = tls> \ r \ n");
> }
> xlog ("L_INFO", "Sent out tm request: $ mb \ n");
> }
>
> As additional information, I inform you that I also managed to observe
> the SIP OPTIONS that MsTeams sends to Kamailio.
>
> OPTIONS sip: sbc.netvoiceperu.com <http://sbc.netvoiceperu.com>: 5061;
> transport = tls SIP / 2.0
> FROM: <sip: sip-du-a-eu.pstnhub.microsoft.com
> <http://sip-du-a-eu.pstnhub.microsoft.com>: 5061>; tag =
> f1bdeb5f-662f-4544-a436-e9aa9ad78da4
> TO: <sip: sbc.netvoiceperu.com <http://sbc.netvoiceperu.com>>
> CSEQ: 1 OPTIONS
> CALL-ID: c47e2782-16c3-49cb-8931-24e9709d260a
> MAX-FORWARDS: 70
> VIA: SIP / 2.0 / TLS 52.114.75.24:5061;branch=z9hG4bK48b0e6be
> CONTACT: <sip: sip-du-a-eu.pstnhub.microsoft.com
> <http://sip-du-a-eu.pstnhub.microsoft.com>: 5061>
> CONTENT-LENGTH: 0
> USER-AGENT: Microsoft.PSTNHub.SIPProxy v.2021.1.15.7 i.EUWE.10
> ALLOW: INVITE, ACK, OPTIONS, CANCEL, BYE, NOTIFY
>
> However I don't see the 200 OK SIP responses from Kamailio to MsTeams.
>
> I think this may be the reason why I see the SIP OPTIONS status in
> "Warning" from the MsTeams panel. Maybe the contact field is not being
> added in the SIP OPTIONS messages that Kamailio sends to MsTeams and
> for that reason I don't see 200OK responses from MsTeams.
>
> Could you help me solve this please.
>
> Cheers
>
> Saludos Cordiales
> --
> _Willy Valles Rios_
> *Unified Communications Specialist*
> *
> *
> phone: +51955747343
> em at il: willyvalles17 at gmail.com <mailto:willyvalles17 at gmail.com>
>
>
> El dom, 10 ene 2021 a las 6:03, <sr-users-request at lists.kamailio.org
> <mailto:sr-users-request at lists.kamailio.org>> escribió:
>
> Send sr-users mailing list submissions to
> sr-users at lists.kamailio.org
> <mailto:sr-users at lists.kamailio.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> or, via email, send a message with subject or body 'help' to
> sr-users-request at lists.kamailio.org
> <mailto:sr-users-request at lists.kamailio.org>
>
> You can reach the person managing the list at
> sr-users-owner at lists.kamailio.org
> <mailto:sr-users-owner at lists.kamailio.org>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of sr-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Problems establishing SIP signaling between MsTeams and
> Kamailio (Carlos Mestanza T.)
> 2. Re: Problems establishing SIP signaling between MsTeams and
> Kamailio (Rob van den Bulk)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 8 Jan 2021 19:16:30 -0500
> From: "Carlos Mestanza T." <mestacart at gmail.com
> <mailto:mestacart at gmail.com>>
> To: Ovidiu Sas <osas at voipembedded.com <mailto:osas at voipembedded.com>>
> Cc: "Kamailio (SER) - Users Mailing List"
> <sr-users at lists.kamailio.org
> <mailto:sr-users at lists.kamailio.org>>, "Daniel Constantin Mierla
> (asipto)"
> <miconda at gmail.com <mailto:miconda at gmail.com>>
> Subject: Re: [SR-Users] Problems establishing SIP signaling between
> MsTeams and Kamailio
> Message-ID:
>
> <CAHcXM7PN0zuJC9jONTERZdfur3b+ucwnCC712Ss1OBxCiMctUg at mail.gmail.com
> <mailto:CAHcXM7PN0zuJC9jONTERZdfur3b%2BucwnCC712Ss1OBxCiMctUg at mail.gmail.com>>
> Content-Type: text/plain; charset="utf-8"
>
> Dear Kamilio Community,
>
> After doing several reads to our Kamailio configuration, the
> dispatcher
> list is in AP:
>
> URI: sip: sip.pstnhub.microsoft.com
> <http://sip.pstnhub.microsoft.com>; transport = tls
> FLAGS: AP
> URI: sip: sip2.pstnhub.microsoft.com
> <http://sip2.pstnhub.microsoft.com>; transport = tls
> FLAGS: AP
> URI: sip: sip3.pstnhub.microsoft.com
> <http://sip3.pstnhub.microsoft.com>; transport = tls
> FLAGS: AP
>
> But in the MS Teams dashboard the SIP OPTIONS STATUS column is
> WARNING.
>
> In the LOGs sent to OPTIONS, it gives us to understand that with
> sent to MS
> TEAMS:
>
> Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO:
> <script>:
> Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com
> <http://sip.pstnhub.microsoft.com>;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS
> 161.35.44.66:5061;branch=z9hG4bKd25f.2835f676000000000000000000000000.0#015#012To:
> <sip:sip.pstnhub.microsoft.com
> <http://sip.pstnhub.microsoft.com>;transport=tls>#015#012From: <sip:
> sbc.netvoiceperu.com
> <http://sbc.netvoiceperu.com>>;tag=69ae0da9200ed8d142f2e4a69f531080-213e3c71#015#012CSeq:
> 10 OPTIONS#015#012Call-ID:
> 07561978687e60d0-1444 at 10.131.245.99#015#012Max-Forwards
> <http://07561978687e60d0-1444@10.131.245.99#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
> (x86_64/linux))
> Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO:
> <script>:
> Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com
> <http://sip2.pstnhub.microsoft.com>;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS
> 161.35.44.66:5061;branch=z9hG4bKe25f.b14dc514000000000000000000000000.0#015#012To:
> <sip:sip2.pstnhub.microsoft.com
> <http://sip2.pstnhub.microsoft.com>;transport=tls>#015#012From: <sip:
> sbc.netvoiceperu.com
> <http://sbc.netvoiceperu.com>>;tag=69ae0da9200ed8d142f2e4a69f531080-44c3af70#015#012CSeq:
> 10 OPTIONS#015#012Call-ID:
> 07561978687e60d1-1444 at 10.131.245.99#015#012Max-Forwards
> <http://07561978687e60d1-1444@10.131.245.99#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
> (x86_64/linux))
> Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO:
> <script>:
> Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com
> <http://sip3.pstnhub.microsoft.com>;transport=tls
> SIP/2.0#015#012Via: SIP/2.0/TLS
> 161.35.44.66:5061;branch=z9hG4bKb25f.8442f914000000000000000000000000.0#015#012To:
> <sip:sip3.pstnhub.microsoft.com
> <http://sip3.pstnhub.microsoft.com>;transport=tls>#015#012From: <sip:
> sbc.netvoiceperu.com
> <http://sbc.netvoiceperu.com>>;tag=69ae0da9200ed8d142f2e4a69f531080-fa555adb#015#012CSeq:
> 10 OPTIONS#015#012Call-ID:
> 07561978687e60d2-1444 at 10.131.245.99#015#012Max-Forwards
> <http://07561978687e60d2-1444@10.131.245.99#015%23012Max-Forwards>:
> 70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
> (x86_64/linux))
> Jan 8 19:01:42 Kamailio-Server journal: Suppressed 103 messages from
> /system.slice/kamailio.service
>
> In the kamailio.cfg configuration it is declared:
>
> listen=tls:161.35.44.66:5061 <http://161.35.44.66:5061>
> listen=tcp:10.131.245.99:5061 <http://10.131.245.99:5061>
>
> modparam ("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
> modparam ("dispatcher", "ds_probing_mode", 1)
> modparam ("dispatcher", "ds_ping_interval", 60)
>
> And this fragment was also added:
>
> event_route [tm: local-request] {
>
> if (is_method ("OPTIONS") && $ ru = ~
> "pstnhub.microsoft.com <http://pstnhub.microsoft.com>") {
> append_hf ("Contact: <sip: sbc.netvoiceperu.com
> <http://sbc.netvoiceperu.com>: 5061;
> transport = tls> \ r \ n");
> }
> xlog ("L_INFO", "Sent out tm request: $ mb \ n");
> }
>
> There is something additional that has to be declared so that in
> the MS
> Teams panel the SIP OPTIONS STATUS column is shown as ACTIVE and
> not as
> WARNNING, in the MS TEAMS documentation it is a possible problem
> related to
> OPTIONS events.
>
> Atentamente
>
> *Adalberto Carlos Mestanza T.*
>
>
>
> El jue, 7 ene 2021 a las 21:54, Ovidiu Sas (<osas at voipembedded.com
> <mailto:osas at voipembedded.com>>)
> escribi?:
>
> > That certificate should already be present under the OS's trusted
> > certificates directory (debian and ubuntu certs are stored under
> > /etc/ssl/certs), maybe under a different name, and is required for
> > remote endpoint's certificate validation.
> > One can load a particular certificate or a list of certificates.
> > Multiple certificates can be concatenated into one single file as
> > stated in the documentation:
> >
> https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.ca_list
> <https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.ca_list>
> > Hope this helps a little bit in understanding of the ca_list param.
> >
> > Regards,
> > Ovidiu Sas
> >
> > On Thu, Jan 7, 2021 at 8:10 AM <rob.van.den.bulk at gmail.com
> <mailto:rob.van.den.bulk at gmail.com>> wrote:
> > >
> > > I Used this tls.cfg
> > >
> > >
> > >
> > > Use bc2025.pem as extra, Microsoft needs this?
> > >
> > >
> > >
> > > And works fine on different Kamailio-msteams sbcs
> > >
> > >
> > >
> > >
> > >
> > > [server:default]
> > >
> > > method = TLSv1.2+
> > >
> > > verify_certificate = yes
> > >
> > > require_certificate = yes
> > >
> > > private_key =
> /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
> > >
> > > certificate =
> > /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
> > >
> > > ca_list =
> /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
> > >
> > > server_name = sbc.combivoipdom.nl <http://sbc.combivoipdom.nl>
> > >
> > >
> > >
> > > [client:default]
> > >
> > > method = TLSv1.2+
> > >
> > > verify_certificate = yes
> > >
> > > require_certificate = yes
> > >
> > > private_key =
> /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
> > >
> > > certificate =
> > /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
> > >
> > > ca_list =
> /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Cheers Rob
> > >
> > >
> > >
> > > Van: sr-users <sr-users-bounces at lists.kamailio.org
> <mailto:sr-users-bounces at lists.kamailio.org>> Namens
> > Daniel-Constantin Mierla
> > > Verzonden: donderdag 7 januari 2021 08:53
> > > Aan: Kamailio (SER) - Users Mailing List
> <sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>>;
> > Willy Valles Rios <willyvalles17 at gmail.com
> <mailto:willyvalles17 at gmail.com>>
> > > CC: Carlos Mestanza T. <mestacart at gmail.com
> <mailto:mestacart at gmail.com>>
> > > Onderwerp: Re: [SR-Users] Problems establishing SIP signaling
> between
> > MsTeams and Kamailio
> > >
> > >
> > >
> > > Does this happen when Kamailio connects to MS Teams? The logs
> indicate
> > the received TLS certificate is not trusted:
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]:
> ERROR: tls
> > [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> > routines:ssl3_get_server_certificate:certificate verify failed
> > >
> > >
> > >
> > > You can set debug=3 in kamailio.cfg and see if the DEBUG messages
> > provide more hints. For me it worked fine with Letsencrypt certs in
> > Kamailio and accepting what ever MS sent back. I used Debian 10
> and libssl
> > 1.1.
> > >
> > >
> > >
> > > Cheers,
> > > Daniel
> > >
> > >
> > >
> > > On 06.01.21 21:47, Willy Valles Rios wrote:
> > >
> > > Hello community,
> > >
> > >
> > >
> > > I am having trouble establishing SIP signaling between MsTeams and
> > Kamailio. I currently have this configuration in my tls.cfg file
> > >
> > >
> > >
> > > [server: default]
> > >
> > > method = TLSv1.2 +
> > >
> > > verify_certificate = yes
> > >
> > > require_certificate = yes
> > >
> > > private_key = /etc/kamailio/certificates/private-key.pem
> > >
> > > certificate = /etc/kamailio/certificates/certificate.pem
> > >
> > >
> > >
> > > [client: default]
> > >
> > > method = TLSv1.2 +
> > >
> > > verify_certificate = yes
> > >
> > > require_certificate = yes
> > >
> > > private_key = /etc/kamailio/certificates/private-key.pem
> > >
> > > certificate = /etc/kamailio/certificates/certificate.pem
> > >
> > >
> > >
> > > My domain was certified with ssl through an authoritative
> certifier
> > (GoDaddy), however I see these errors in the / var / log /
> messages of the
> > Kamailio server.
> > >
> > >
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_mod.c:389]: mod_init(): With ECDH-Support!
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_mod.c:392]: mod_init(): With Diffie Hellman
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
> > "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos
> support: on,
> > compression: on
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library
> version
> > "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos
> support: on, zlib
> > compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC
> -DOPENSSL_PIC
> > -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
> -DKRB5_MIT
> > -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
> > -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
> > -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
> > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> > -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> > -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
> -DGHASH_ASM
> > -DECP_NISTZ256_ASM
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> WARNING: tls
> > [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491
> (crash/mem leaks on
> > low memory) workaround enabled (on low memory tls operations
> will fail
> > preemptively) with free memory thresholds 13107200 and 6553600 bytes
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> > [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1
> has been
> > changed to 13107200
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> > [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2
> has been
> > changed to 6553600
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> > [main.c:2834]: main(): processes (at least): 25 - shm size:
> 67108864 - pkg
> > size: 4194304
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> > [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF
> is initially
> > 212992
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> > [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF
> is finally
> > 425984
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
> > certificate='/etc/kamailio/certificados/certificate.pem'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs:
> require_certificate=1
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs:
> cipher_list='(null)'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
> > private_key='/etc/kamailio/certificados/private-key.pem'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs:
> verify_certificate=1
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> NOTICE: tls
> > [tls_domain.c:1107]: ksr_tls_fix_domain(): registered
> server_name callback
> > handler for socket [:0], server_name='' ...
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:697]: set_verification(): TLSs: Client MUST
> present valid
> > certificate
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
> > certificate='/etc/kamailio/certificados/certificate.pem'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc:
> require_certificate=1
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc:
> cipher_list='(null)'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
> > private_key='/etc/kamailio/certificados/private-key.pem'
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc:
> verify_certificate=1
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]:
> INFO: tls
> > [tls_domain.c:697]: set_verification(): TLSc: Server MUST
> present valid
> > certificate
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]:
> INFO: jsonrpcs
> > [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
> > >
> > > Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]:
> INFO: ctl
> > [io_listener.c:214]: io_listen_loop(): io_listen_loop: using
> epoll_lt io
> > watch method (config)
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]:
> ERROR: tls
> > [tls_server.c:1283]: tls_h_read_f(): protocol level error
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]:
> ERROR: tls
> > [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> > routines:ssl3_get_server_certificate:certificate verify failed
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]:
> ERROR: tls
> > [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]:
> ERROR: tls
> > [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> > [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req:
> error reading
> > - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]:
> ERROR: tls
> > [tls_server.c:1283]: tls_h_read_f(): protocol level error
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]:
> ERROR: tls
> > [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> > routines:ssl3_get_server_certificate:certificate verify failed
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]:
> ERROR: tls
> > [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]:
> ERROR: tls
> > [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> > [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req:
> error reading
> > - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]:
> ERROR: tls
> > [tls_server.c:1283]: tls_h_read_f(): protocol level error
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]:
> ERROR: tls
> > [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> > routines:ssl3_get_server_certificate:certificate verify failed
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]:
> ERROR: tls
> > [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]:
> ERROR: tls
> > [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
> > >
> > > Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> > [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req:
> error reading
> > - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
> > >
> > >
> > >
> > > Could you help me identify the problem please.
> > >
> > >
> > >
> > > Cheers
> > >
> > >
> > >
> > > Saludos Cordiales
> > >
> > > --
> > >
> > > Willy Valles Rios
> > >
> > > Unified Communications Specialist
> > >
> > >
> > >
> > > phone: +51955747343
> > >
> > > em at il: willyvalles17 at gmail.com <mailto:willyvalles17 at gmail.com>
> > >
> > >
> > >
> > > _______________________________________________
> > >
> > > Kamailio (SER) - Users Mailing List
> > >
> > > sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> > >
> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> > >
> > > --
> > >
> > > Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com>
> > >
> > > www.twitter.com/miconda <http://www.twitter.com/miconda> --
> www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
> > >
> > > Funding: https://www.paypal.me/dcmierla
> <https://www.paypal.me/dcmierla>
> > >
> > > _______________________________________________
> > > Kamailio (SER) - Users Mailing List
> > > sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> >
> >
> >
> > --
> > VoIP Embedded, Inc.
> > http://www.voipembedded.com <http://www.voipembedded.com>
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.kamailio.org/pipermail/sr-users/attachments/20210108/2e3d09f0/attachment-0001.htm
> <http://lists.kamailio.org/pipermail/sr-users/attachments/20210108/2e3d09f0/attachment-0001.htm>>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 9 Jan 2021 14:46:40 +0000
> From: Rob van den Bulk <rob.van.den.bulk at gmail.com
> <mailto:rob.van.den.bulk at gmail.com>>
> To: Carlos Mestanza T. <mestacart at gmail.com
> <mailto:mestacart at gmail.com>>
> Cc: "miconda at gmail.com <mailto:miconda at gmail.com>"
> <miconda at gmail.com <mailto:miconda at gmail.com>>, "Kamailio (SER) -
> Users
> Mailing List" <sr-users at lists.kamailio.org
> <mailto:sr-users at lists.kamailio.org>>
> Subject: Re: [SR-Users] Problems establishing SIP signaling between
> MsTeams and Kamailio
> Message-ID:
>
> <AM8PR08MB5554666278B67C6359764945FCAF0 at AM8PR08MB5554.eurprd08.prod.outlook.com
> <mailto:AM8PR08MB5554666278B67C6359764945FCAF0 at AM8PR08MB5554.eurprd08.prod.outlook.com>>
>
> Content-Type: text/plain; charset="windows-1252"
>
> Hallo, warning from Microsoft is "normal" till the first calls are
> established.
>
>
> Sent from mobile, with due apologies for brevity and errors. Rob
> van den Bulk
>
>
> ________________________________
> From: Carlos Mestanza T. <mestacart at gmail.com
> <mailto:mestacart at gmail.com>>
> Sent: Thursday, January 7, 2021 9:41:44 PM
> To: rob.van.den.bulk at gmail.com <mailto:rob.van.den.bulk at gmail.com>
> <rob.van.den.bulk at gmail.com <mailto:rob.van.den.bulk at gmail.com>>
> Cc: miconda at gmail.com <mailto:miconda at gmail.com>
> <miconda at gmail.com <mailto:miconda at gmail.com>>; Kamailio (SER) -
> Users Mailing List <sr-users at lists.kamailio.org
> <mailto:sr-users at lists.kamailio.org>>
> Subject: Re: [SR-Users] Problems establishing SIP signaling
> between MsTeams and Kamailio
>
> I am a friend of Willy and we are doing this integration, today I
> create wildcard certificates in letsencrypt, for this use acme.sh
> and integrate it with the DNS CLOUDNS provider, the certificates
> were generated successfully, we replace the old ones, in the LOGs
> it gives us understanding q accept the certificates.
>
> [image.png]
>
> [image.png]
>
>
> But he has the same messages.
>
>
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR:
> tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR:
> tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR:
> tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR:
> <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR:
> tcp_read_req: error reading - c: 0x7fdfc14a8cf8 r: 0x7fdfc14a8e20 (-1)
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR:
> tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR:
> tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.7.24
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR:
> tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
> Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR:
> <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR:
> tcp_read_req: error reading - c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
> Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR:
> tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
> Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
> Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR:
> tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
> Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR:
> tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
> Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR:
> <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR:
> tcp_read_req: error reading - c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR:
> tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR:
> tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR:
> tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR:
> <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR:
> tcp_read_req: error reading - c: 0x7fdfc1494d20 r: 0x7fdfc1494e48 (-1)
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR:
> tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR:
> tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
> Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR:
> tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
>
>
> Atentamente
>
> Adalberto Carlos Mestanza T.
>
>
>
> El jue, 7 ene 2021 a las 8:08, <rob.van.den.bulk at gmail.com
> <mailto:rob.van.den.bulk at gmail.com><mailto:rob.van.den.bulk at gmail.com
> <mailto:rob.van.den.bulk at gmail.com>>> escribi?:
>
> I Used this tls.cfg
>
>
>
> Use bc2025.pem as extra, Microsoft needs this?
>
>
>
> And works fine on different Kamailio-msteams sbcs
>
>
>
>
>
> [server:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key =
> /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
>
> certificate =
> /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
>
> ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
>
> server_name = sbc.combivoipdom.nl
> <http://sbc.combivoipdom.nl><http://sbc.combivoipdom.nl
> <http://sbc.combivoipdom.nl>>
>
>
>
> [client:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key =
> /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
>
> certificate =
> /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
>
> ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
>
>
>
>
>
>
>
> Cheers Rob
>
>
>
> Van: sr-users <sr-users-bounces at lists.kamailio.org
> <mailto:sr-users-bounces at lists.kamailio.org><mailto:sr-users-bounces at lists.kamailio.org
> <mailto:sr-users-bounces at lists.kamailio.org>>> Namens
> Daniel-Constantin Mierla
> Verzonden: donderdag 7 januari 2021 08:53
> Aan: Kamailio (SER) - Users Mailing List
> <sr-users at lists.kamailio.org
> <mailto:sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org
> <mailto:sr-users at lists.kamailio.org>>>; Willy Valles Rios
> <willyvalles17 at gmail.com
> <mailto:willyvalles17 at gmail.com><mailto:willyvalles17 at gmail.com
> <mailto:willyvalles17 at gmail.com>>>
> CC: Carlos Mestanza T. <mestacart at gmail.com
> <mailto:mestacart at gmail.com><mailto:mestacart at gmail.com
> <mailto:mestacart at gmail.com>>>
> Onderwerp: Re: [SR-Users] Problems establishing SIP signaling
> between MsTeams and Kamailio
>
>
>
> Does this happen when Kamailio connects to MS Teams? The logs
> indicate the received TLS certificate is not trusted:
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
>
>
> You can set debug=3 in kamailio.cfg and see if the DEBUG messages
> provide more hints. For me it worked fine with Letsencrypt certs
> in Kamailio and accepting what ever MS sent back. I used Debian 10
> and libssl 1.1.
>
>
>
> Cheers,
> Daniel
>
>
>
> On 06.01.21 21:47, Willy Valles Rios wrote:
>
> Hello community,
>
>
>
> I am having trouble establishing SIP signaling between MsTeams and
> Kamailio. I currently have this configuration in my tls.cfg file
>
>
>
> [server: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
>
> [client: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
>
> My domain was certified with ssl through an authoritative
> certifier (GoDaddy), however I see these errors in the / var / log
> / messages of the Kamailio server.
>
>
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_mod.c:389]: mod_init(): With ECDH-Support!
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_mod.c:392]: mod_init(): With Diffie Hellman
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl
> version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos
> support: on, compression: on
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_init.c:730]: tls_h_mod_init_f(): installed openssl
> library version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf),
> kerberos support: on, zlib compression: on#012 compiler: gcc -I.
> -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
> -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN
> -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector-strong --param=ssp-buffer-size=4
> -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack
> -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
> -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM
> -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
> -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING:
> tls [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491
> (crash/mem leaks on low memory) workaround enabled (on low memory
> tls operations will fail preemptively) with free memory thresholds
> 13107200 and 6553600 bytes
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1
> has been changed to 13107200
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2
> has been changed to 6553600
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [main.c:2834]: main(): processes (at least): 25 - shm size:
> 67108864 - pkg size: 4194304
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is
> initially 212992
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is
> finally 425984
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs:
> require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs:
> cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs:
> verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE:
> tls [tls_domain.c:1107]: ksr_tls_fix_domain(): registered
> server_name callback handler for socket [:0], server_name='' ...
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:697]: set_verification(): TLSs: Client MUST
> present valid certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc:
> require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc:
> cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc:
> verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> tls [tls_domain.c:697]: set_verification(): TLSc: Server MUST
> present valid certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO:
> jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new
> child 0/32422
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO:
> ctl [io_listener.c:214]: io_listen_loop(): io_listen_loop: using
> epoll_lt io watch method (config)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
> reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
> reading - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> tls [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> tls [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
> reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
>
>
> Could you help me identify the problem please.
>
>
>
> Cheers
>
>
>
> Saludos Cordiales
>
> --
>
> Willy Valles Rios
>
> Unified Communications Specialist
>
>
>
> phone: +51955747343
>
> em at il: willyvalles17 at gmail.com
> <mailto:willyvalles17 at gmail.com><mailto:willyvalles17 at gmail.com
> <mailto:willyvalles17 at gmail.com>>
>
>
>
> _______________________________________________
>
> Kamailio (SER) - Users Mailing List
>
> sr-users at lists.kamailio.org
> <mailto:sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org
> <mailto:sr-users at lists.kamailio.org>>
>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
> --
>
> Daniel-Constantin Mierla -- www.asipto.com
> <http://www.asipto.com><http://www.asipto.com <http://www.asipto.com>>
>
> www.twitter.com/miconda
> <http://www.twitter.com/miconda><http://www.twitter.com/miconda
> <http://www.twitter.com/miconda>> -- www.linkedin.com/in/miconda
> <http://www.linkedin.com/in/miconda><http://www.linkedin.com/in/miconda
> <http://www.linkedin.com/in/miconda>>
>
> Funding: https://www.paypal.me/dcmierla
> <https://www.paypal.me/dcmierla>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.kamailio.org/pipermail/sr-users/attachments/20210109/8317dbba/attachment-0001.htm
> <http://lists.kamailio.org/pipermail/sr-users/attachments/20210109/8317dbba/attachment-0001.htm>>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image.png
> Type: image/png
> Size: 5460 bytes
> Desc: image.png
> URL:
> <http://lists.kamailio.org/pipermail/sr-users/attachments/20210109/8317dbba/attachment-0002.png
> <http://lists.kamailio.org/pipermail/sr-users/attachments/20210109/8317dbba/attachment-0002.png>>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image.png
> Type: image/png
> Size: 6528 bytes
> Desc: image.png
> URL:
> <http://lists.kamailio.org/pipermail/sr-users/attachments/20210109/8317dbba/attachment-0003.png
> <http://lists.kamailio.org/pipermail/sr-users/attachments/20210109/8317dbba/attachment-0003.png>>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> sr-users mailing list
> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
>
> ------------------------------
>
> End of sr-users Digest, Vol 188, Issue 9
> ****************************************
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210126/37c8d2b8/attachment.htm>
More information about the sr-users
mailing list