[asterisk-users] Asterisk 16.14.0 pjsip transport-tls cert parsing error
Michael Maier
m1278468 at mailbox.org
Sat Jan 30 01:41:23 CST 2021
On 29.01.21 at 22:33 Ruisheng Peng wrote:
> Thanks for the detailed explanation Michael.
>
> I stop the current asterisk process (started by systemd), and restart it as
> asterisk:
>
> [asterisk at voip1 ~]$ strace -f -o /home/asterisk/strace.log asterisk -fmq
> -vvv -C /etc/asterisk/asterisk.conf
>
>
> from the log there was no attempt to even open the cert file. I edited
> /etc/asterisk/pjsip.conf to add a "method = tlsv1" line to the
> transport-tls section. Rerun the strace command, and here the part re cert
> files:
>
> 8189 stat("/home/asterisk/certs/asterisk.crt", {st_mode=S_IFREG|0640,
> st_size=1
>
> 212, ...}) = 0
>
> 8189 geteuid() = 1002
>
> 8189 getegid() = 1002
>
> 8189 getuid() = 1002
>
> 8189 getgid() = 1002
>
> 8189 access("/home/asterisk/certs/asterisk.crt", R_OK) = 0
>
> 8189 stat("/home/asterisk/certs/asterisk.key", {st_mode=S_IFREG|0640,
> st_size=8
>
> 91, ...}) = 0
>
> 8189 geteuid() = 1002
>
> 8189 getegid() = 1002
>
> 8189 getuid() = 1002
>
> 8189 getgid() = 1002
>
> 8189 access("/home/asterisk/certs/asterisk.key", R_OK) = 0
>
> 8189 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 16
>
> 8189 setsockopt(16, SOL_SOCKET, 0xffff /* SO_??? */, [1], 4) = -1
> ENOPROTOOPT (
I'm missing the "open" (or "openat") and the following "read" call - weren't there
any or didn't you post them? These are the important calls! They will show, if the
file is used at all or not (and possibly the reason, why it is not used - EACCESS
e.g.).
Thanks
Michael
More information about the asterisk-users
mailing list