Michael Maier
2021-Jan-29 05:41 UTC
[asterisk-users] Asterisk 16.14.0 pjsip transport-tls cert parsing error
On 27.01.21 at 22:57 Ruisheng Peng wrote:> Thanks Michael for the suggestion! I've installed strace and assigned one > of the endpoints (SOFTPHONE_B) to use transport-tls. Then run strace (as > user asterisk): > > [asterisk at voip1 ~]$ strace asterisk -rx "module reload res_pjsip.so"You should use strace like this as root and from the very beginning of the start of asterisk: strace -f -o /tmp/strace.log asterisk -vvv -mqf -C /etc/asterisk/asterisk.conf -f means, to follow even forked processes, ... (see man page) -o writes all the output to a file. You can search afterwards pretty easily for the file (or the open call). You shouldn't do this in production but in the test environment! You have to run it as long as the error has happened. Thanks Michael
Michael Maier
2021-Jan-29 08:06 UTC
[asterisk-users] Asterisk 16.14.0 pjsip transport-tls cert parsing error
On 29.01.21 at 06:41 Michael Maier wrote:> > On 27.01.21 at 22:57 Ruisheng Peng wrote: >> Thanks Michael for the suggestion! I've installed strace and assigned one >> of the endpoints (SOFTPHONE_B) to use transport-tls. Then run strace (as >> user asterisk): >> >> [asterisk at voip1 ~]$ strace asterisk -rx "module reload res_pjsip.so" > > You should use strace like this as root and from the very beginning of the start > of asterisk:Sorry - my wrong - not necessarily as root - it should be started the same way and in the same context as it runs normally.> > strace -f -o /tmp/strace.log asterisk -vvv -mqf -C /etc/asterisk/asterisk.conf > > -f means, to follow even forked processes, ... (see man page) > -o writes all the output to a file. You can search afterwards pretty easily for > the file (or the open call). > > You shouldn't do this in production but in the test environment! > > You have to run it as long as the error has happened. > > > Thanks > Michael >
Ruisheng Peng
2021-Jan-29 21:33 UTC
[asterisk-users] Asterisk 16.14.0 pjsip transport-tls cert parsing error
Thanks for the detailed explanation Michael. I stop the current asterisk process (started by systemd), and restart it as asterisk: [asterisk at voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq -vvv -C /etc/asterisk/asterisk.conf from the log there was no attempt to even open the cert file. I edited /etc/asterisk/pjsip.conf to add a "method = tlsv1" line to the transport-tls section. Rerun the strace command, and here the part re cert files: 8189 stat("/home/asterisk/certs/asterisk.crt", {st_mode=S_IFREG|0640, st_size=1 212, ...}) = 0 8189 geteuid() = 1002 8189 getegid() = 1002 8189 getuid() = 1002 8189 getgid() = 1002 8189 access("/home/asterisk/certs/asterisk.crt", R_OK) = 0 8189 stat("/home/asterisk/certs/asterisk.key", {st_mode=S_IFREG|0640, st_size=8 91, ...}) = 0 8189 geteuid() = 1002 8189 getegid() = 1002 8189 getuid() = 1002 8189 getgid() = 1002 8189 access("/home/asterisk/certs/asterisk.key", R_OK) = 0 8189 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16 8189 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1 ENOPROTOOPT ( Protocol not available) 8189 setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 8189 setsockopt(16, SOL_TCP, TCP_NODELAY, [1], 4) = 0 The tls transport is not established in the end. Only the two hard phones using udp transport and a softphone using tcp transport are registered. Thanks, --Ruisheng On Thu, Jan 28, 2021 at 7:42 PM Michael Maier <m1278468 at mailbox.org> wrote:> > On 27.01.21 at 22:57 Ruisheng Peng wrote: > > Thanks Michael for the suggestion! I've installed strace and assigned > one > > of the endpoints (SOFTPHONE_B) to use transport-tls. Then run strace (as > > user asterisk): > > > > [asterisk at voip1 ~]$ strace asterisk -rx "module reload res_pjsip.so" > > You should use strace like this as root and from the very beginning of the > start > of asterisk: > > strace -f -o /tmp/strace.log asterisk -vvv -mqf -C > /etc/asterisk/asterisk.conf > > -f means, to follow even forked processes, ... (see man page) > -o writes all the output to a file. You can search afterwards pretty > easily for > the file (or the open call). > > You shouldn't do this in production but in the test environment! > > You have to run it as long as the error has happened. > > > Thanks > Michael > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20210129/9087b9d9/attachment.html>