[Freeswitch-users] Curious TLS issue: "tls.pem" file

Brian West brian at freeswitch.org
Thu Nov 13 16:43:15 MSK 2014


Its what it will look at if nothing is defined, what exactly have you setup
so far for TLS?


On Wed, Nov 12, 2014 at 9:08 PM, Michael Collins <msc at freeswitch.org> wrote:

> Hello all,
>
> I have been attempting to set up a CentOS (yeah, I know...) system for a
> buddy and the TLS on the internal profile is causing a failure. I did a
> sofia loglevel tport 9 and then loaded the internal profile. I see a
> curious reference to /usr/conf/ssl/tls.pem:
>
> 2014-11-12 18:51:26.223262 [DEBUG] sofia.c:2747 Creating agent for internal
> tport.c:498 tport_tcreate() tport_create(): 0x7f0cf8046840
> tport.c:1615 tport_bind_server() tport_bind_server(0x7f0cf8046840) to
> */EXTERN_IP_ADDR:5060/sip
> tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840):
> calling tport_listen for udp
> tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new
> primary tport 0x7f0cf8021be0
> tport.c:751 tport_listen() tport_listen(0x7f0cf8021be0): listening at
> udp/EXTERN_IP_ADDR:5060/sip
> tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840):
> calling tport_listen for tcp
> tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new
> primary tport 0x7f0cf8070d30
> tport.c:751 tport_listen() tport_listen(0x7f0cf8070d30): listening at
> tcp/EXTERN_IP_ADDR:5060/sip
> tport.c:1615 tport_bind_server() tport_bind_server(0x7f0cf8046840) to
> tls/EXTERN_IP_ADDR:5061/sips
> tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840):
> calling tport_listen for tls
> tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new
> primary tport 0x7f0cf8066c90
> tport_type_tls.c:239 tport_tls_init_master()
> tport_tls_init_master(0x7f0cf8066c90): tls key = /usr/conf/ssl/tls.pem
> tport_tls.c:353 tls_init_context() tls_init_context: invalid local
> certificate: /usr/conf/ssl/tls.pem
> tport_tls.c:158 tls_log_errors() tls_init_context: 0200100d:system
> library:fopen:Permission denied
> tport_tls.c:158 tls_log_errors() tls_init_context: 20074002:BIO
> routines:FILE_CTRL:system lib
> tport_tls.c:158 tls_log_errors() tls_init_context: 140ad002:SSL
> routines:SSL_CTX_use_certificate_file:system lib
> tport_tls.c:367 tls_init_context() tls_init_context: invalid private key:
> /usr/conf/ssl/tls.pem
> tport_tls.c:158 tls_log_errors() tls_init_context(key): 0200100d:system
> library:fopen:Permission denied
> tport_tls.c:158 tls_log_errors() tls_init_context(key): 20074002:BIO
> routines:FILE_CTRL:system lib
> tport_tls.c:158 tls_log_errors() tls_init_context(key): 140b0002:SSL
> routines:SSL_CTX_use_PrivateKey_file:system lib
> tport_tls.c:379 tls_init_context() tls_init_context: private key does not
> match the certificate public key
> tport_tls.c:391 tls_init_context() tls_init_context: error loading CA
> list: cafile.pem
> tport_tls.c:158 tls_log_errors() tls_init_context(CA): 140a80b1:SSL
> routines:SSL_CTX_check_private_key:no certificate assigned
> tport_tls.c:158 tls_log_errors() tls_init_context(CA): 02001002:system
> library:fopen:No such file or directory
> tport_tls.c:158 tls_log_errors() tls_init_context(CA): 2006d080:BIO
> routines:BIO_new_file:no such file
> tport_tls.c:158 tls_log_errors() tls_init_context(CA): 0b084002:x509
> certificate routines:X509_load_cert_crl_file:system lib
> tport.c:727 tport_listen() tport_listen(0x7f0cf8046840):
> tls_init_master(pf=2 tls/[EXTERN_IP_ADDR]:5061): Input/output error
> tport.c:555 tport_destroy() tport_destroy(0x7f0cf8046840)
> 2014-11-12 18:51:26.223262 [ERR] sofia.c:2847 Error Creating SIP UA for
> profile: internal (sip:mod_sofia at EXTERN_IP_ADDR:5060;transport=udp,tcp)
> ATTEMPT 1 (RETRY IN 5 SEC)
>
> I can't find any tls.pem file referred to in any config file and a google
> search of "tls.pem" yields many references to agent.pem, key.pem, foo.pem
> but never "tls.pem"...
>
> The gentls stuff in the wiki all seemed to work as I saw no errors and I
> got agent.pem and cafile.pem and other miscellaneous files. Any thoughts on
> this?
>
> Thanks!
> -MC
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 

*Brian West*
brian at freeswitch.org


*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141113/31d74a59/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list