[Freeswitch-users] sips, tls, srtp, etc
Bzzz
lazyvirus at gmx.com
Fri Mar 16 18:17:47 MSK 2012
On Fri, 16 Mar 2012 07:59:39 -0700
Mitch Capper <mitch.capper at gmail.com> wrote:
> saw your PB and your issue. FS will drop priv by default and I am
> guessing the freeswitch user can't read the keys you generated, apply
> proper permissions to them and you should be in good shape:
> tport_tls_init_master(0x92a3f78): tls key =
> /usr/local/freeswitch/conf/ssl/agent.pem
> tls_init_context: invalid local certificate:
> /usr/local/freeswitch/conf/ssl/agent.pem
> tls_init_context: 0200100d:system library:fopen:Permission denied
> tls_init_context: 20074002:BIO routines:FILE_CTRL:system lib
> tls_init_context: 140ad002:SSL routines:SSL_CTX_use_certificate_file:system lib
> tls_init_context: invalid private key: /usr/local/freeswitch/conf/ssl/agent.pem
> tls_init_context(key): 0200100d:system library:fopen:Permission denied
Yep, I also saw it.
My mistake was to think FS was running under www-data:www-data
(this because of fusionpbx) when it is running under
www-data:nogroup, and as conf/ssl was root:www-data (perms 42740),
it was impossible for it to read anything.
I chown -R www-data ssl/, restarted and... its aliiiveee!
Thanks a lot for debugging me:)
BTW, log level 9 mean an almost continuous flow of data and it
took me 4 times to correctly catch the reload logs; so, is there a
way to redirect temporarily the console output to a file?
JY
--
QOTD:
"The only real difference between men and women is that men
are crabby all month long."
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list