[asterisk-users] Asterisk 16.14.0 pjsip transport-tls cert parsing error

Ruisheng Peng rpeng at ifa.hawaii.edu
Fri Jan 29 15:33:40 CST 2021 

Thanks for the detailed explanation Michael.

I stop the current asterisk process (started by systemd), and restart it as
asterisk:

[asterisk at voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq
-vvv -C /etc/asterisk/asterisk.conf


from the log there was no attempt to even open the cert file.  I edited
/etc/asterisk/pjsip.conf to add a "method = tlsv1" line to the
transport-tls section. Rerun the strace command, and here the part re cert
files:

8189  stat("/home/asterisk/certs/asterisk.crt", {st_mode=S_IFREG|0640,
st_size=1

212, ...}) = 0

8189  geteuid()                         = 1002

8189  getegid()                         = 1002

8189  getuid()                          = 1002

8189  getgid()                          = 1002

8189  access("/home/asterisk/certs/asterisk.crt", R_OK) = 0

8189  stat("/home/asterisk/certs/asterisk.key", {st_mode=S_IFREG|0640,
st_size=8

91, ...}) = 0

8189  geteuid()                         = 1002

8189  getegid()                         = 1002

8189  getuid()                          = 1002

8189  getgid()                          = 1002

8189  access("/home/asterisk/certs/asterisk.key", R_OK) = 0

8189  socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16

8189  setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1
ENOPROTOOPT (

Protocol not available)

8189  setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0

8189  setsockopt(16, SOL_TCP, TCP_NODELAY, [1], 4) = 0

The tls transport is not established in the end.  Only the two hard phones
using udp transport and a softphone using tcp transport are registered.


Thanks,

--Ruisheng


On Thu, Jan 28, 2021 at 7:42 PM Michael Maier <m1278468 at mailbox.org> wrote:

>
> On 27.01.21 at 22:57 Ruisheng Peng wrote:
> > Thanks Michael for the suggestion!  I've installed strace and assigned
> one
> > of the endpoints (SOFTPHONE_B) to use transport-tls. Then run strace (as
> > user asterisk):
> >
> > [asterisk at voip1 ~]$ strace asterisk -rx "module reload res_pjsip.so"
>
> You should use strace like this as root and from the very beginning of the
> start
> of asterisk:
>
> strace -f -o /tmp/strace.log asterisk -vvv -mqf -C
> /etc/asterisk/asterisk.conf
>
> -f means, to follow even forked processes, ... (see man page)
> -o writes all the output to a file. You can search afterwards pretty
> easily for
> the file (or the open call).
>
> You shouldn't do this in production but in the test environment!
>
> You have to run it as long as the error has happened.
>
>
> Thanks
> Michael
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20210129/9087b9d9/attachment.html>

More information about the asterisk-users mailing list