<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">Michael,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"> There weren't any open or openat actions on the cert files (located under /home/asterisk/certs). The same is true for cert files located under /etc/asterisk/keys:</div><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 stat("/etc/asterisk/keys/fullchain.pem", {st_mode=S_IFREG|0640, st_size=34</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">44, ...}) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 geteuid() = 1002</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 getegid() = 1002</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 getuid() = 1002</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 getgid() = 1002</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 access("/etc/asterisk/keys/fullchain.pem", R_OK) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 stat("/etc/asterisk/keys/privkey.pem", {st_mode=S_IFREG|0640, st_size=1704</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">, ...}) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 geteuid() = 1002</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 getegid() = 1002</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 getuid() = 1002</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 getgid() = 1002</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 access("/etc/asterisk/keys/privkey.pem", R_OK) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1 ENOPROTOOPT (</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">Protocol not available)</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 setsockopt(16, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 setsockopt(16, SOL_TCP, TCP_NODELAY, [1], 4) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 bind(16, {sa_family=AF_INET, sin_port=htons(5061), sin_addr=inet_addr("0.0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">.0.0")}, 16) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 listen(16, 5) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 ioctl(16, FIONBIO, [1]) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 getsockopt(16, SOL_SOCKET, SO_TYPE, [1], [4]) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 epoll_ctl(11, EPOLL_CTL_ADD, 16, {EPOLLIN|EPOLLERR, {u32=23894976, u64=238</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">94976}}) = 0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 accept(16, 0x1a765c0, [28]) = -1 EAGAIN (Resource temporarily unavai</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">lable)</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">24138 getsockname(16, {sa_family=AF_INET, sin_port=htons(5061), sin_addr=inet_ad</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">dr("0.0.0.0")}, [16]) = 0</font></span></p><div class="gmail_default"><br></div><div class="gmail_default"><font face="arial, sans-serif">In the latter case transport-tls was successfully established.</font></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 29, 2021 at 9:42 PM Michael Maier <<a href="mailto:m1278468@mailbox.org">m1278468@mailbox.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><br>
On 29.01.21 at 22:33 Ruisheng Peng wrote:<br>
> Thanks for the detailed explanation Michael.<br>
> <br>
> I stop the current asterisk process (started by systemd), and restart it as<br>
> asterisk:<br>
> <br>
> [asterisk@voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq<br>
> -vvv -C /etc/asterisk/asterisk.conf<br>
> <br>
> <br>
> from the log there was no attempt to even open the cert file. I edited<br>
> /etc/asterisk/pjsip.conf to add a "method = tlsv1" line to the<br>
> transport-tls section. Rerun the strace command, and here the part re cert<br>
> files:<br>
> <br>
> 8189 stat("/home/asterisk/certs/asterisk.crt", {st_mode=S_IFREG|0640,<br>
> st_size=1<br>
> <br>
> 212, ...}) = 0<br>
> <br>
> 8189 geteuid() = 1002<br>
> <br>
> 8189 getegid() = 1002<br>
> <br>
> 8189 getuid() = 1002<br>
> <br>
> 8189 getgid() = 1002<br>
> <br>
> 8189 access("/home/asterisk/certs/asterisk.crt", R_OK) = 0<br>
> <br>
> 8189 stat("/home/asterisk/certs/asterisk.key", {st_mode=S_IFREG|0640,<br>
> st_size=8<br>
> <br>
> 91, ...}) = 0<br>
> <br>
> 8189 geteuid() = 1002<br>
> <br>
> 8189 getegid() = 1002<br>
> <br>
> 8189 getuid() = 1002<br>
> <br>
> 8189 getgid() = 1002<br>
> <br>
> 8189 access("/home/asterisk/certs/asterisk.key", R_OK) = 0<br>
> <br>
> 8189 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16<br>
> <br>
> 8189 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1<br>
> ENOPROTOOPT (<br>
<br>
I'm missing the "open" (or "openat") and the following "read" call - weren't there <br>
any or didn't you post them? These are the important calls! They will show, if the <br>
file is used at all or not (and possibly the reason, why it is not used - EACCESS <br>
e.g.).<br>
<br>
<br>
Thanks<br>
Michael<br>
<br>
-- <br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
Check out the new Asterisk community forum at: <a href="https://community.asterisk.org/" rel="noreferrer" target="_blank">https://community.asterisk.org/</a><br>
<br>
New to Asterisk? Start here:<br>
<a href="https://wiki.asterisk.org/wiki/display/AST/Getting+Started" rel="noreferrer" target="_blank">https://wiki.asterisk.org/wiki/display/AST/Getting+Started</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
<br>
</blockquote></div>