[Freeswitch-users] Curious TLS issue: "tls.pem" file

[Michael Collins]

Hello all,

I have been attempting to set up a CentOS (yeah, I know...) system for a
buddy and the TLS on the internal profile is causing a failure. I did a
sofia loglevel tport 9 and then loaded the internal profile. I see a
curious reference to /usr/conf/ssl/tls.pem:

2014-11-12 18:51:26.223262 [DEBUG] sofia.c:2747 Creating agent for internal
tport.c:498 tport_tcreate() tport_create(): 0x7f0cf8046840
tport.c:1615 tport_bind_server() tport_bind_server(0x7f0cf8046840) to
*/EXTERN_IP_ADDR:5060/sip
tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840): calling
tport_listen for udp
tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new
primary tport 0x7f0cf8021be0
tport.c:751 tport_listen() tport_listen(0x7f0cf8021be0): listening at
udp/EXTERN_IP_ADDR:5060/sip
tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840): calling
tport_listen for tcp
tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new
primary tport 0x7f0cf8070d30
tport.c:751 tport_listen() tport_listen(0x7f0cf8070d30): listening at
tcp/EXTERN_IP_ADDR:5060/sip
tport.c:1615 tport_bind_server() tport_bind_server(0x7f0cf8046840) to
tls/EXTERN_IP_ADDR:5061/sips
tport.c:1685 tport_bind_server() tport_bind_server(0x7f0cf8046840): calling
tport_listen for tls
tport.c:621 tport_alloc_primary() tport_alloc_primary(0x7f0cf8046840): new
primary tport 0x7f0cf8066c90
tport_type_tls.c:239 tport_tls_init_master()
tport_tls_init_master(0x7f0cf8066c90): tls key = /usr/conf/ssl/tls.pem
tport_tls.c:353 tls_init_context() tls_init_context: invalid local
certificate: /usr/conf/ssl/tls.pem
tport_tls.c:158 tls_log_errors() tls_init_context: 0200100d:system
library:fopen:Permission denied
tport_tls.c:158 tls_log_errors() tls_init_context: 20074002:BIO
routines:FILE_CTRL:system lib
tport_tls.c:158 tls_log_errors() tls_init_context: 140ad002:SSL
routines:SSL_CTX_use_certificate_file:system lib
tport_tls.c:367 tls_init_context() tls_init_context: invalid private key:
/usr/conf/ssl/tls.pem
tport_tls.c:158 tls_log_errors() tls_init_context(key): 0200100d:system
library:fopen:Permission denied
tport_tls.c:158 tls_log_errors() tls_init_context(key): 20074002:BIO
routines:FILE_CTRL:system lib
tport_tls.c:158 tls_log_errors() tls_init_context(key): 140b0002:SSL
routines:SSL_CTX_use_PrivateKey_file:system lib
tport_tls.c:379 tls_init_context() tls_init_context: private key does not
match the certificate public key
tport_tls.c:391 tls_init_context() tls_init_context: error loading CA list:
cafile.pem
tport_tls.c:158 tls_log_errors() tls_init_context(CA): 140a80b1:SSL
routines:SSL_CTX_check_private_key:no certificate assigned
tport_tls.c:158 tls_log_errors() tls_init_context(CA): 02001002:system
library:fopen:No such file or directory
tport_tls.c:158 tls_log_errors() tls_init_context(CA): 2006d080:BIO
routines:BIO_new_file:no such file
tport_tls.c:158 tls_log_errors() tls_init_context(CA): 0b084002:x509
certificate routines:X509_load_cert_crl_file:system lib
tport.c:727 tport_listen() tport_listen(0x7f0cf8046840):
tls_init_master(pf=2 tls/[EXTERN_IP_ADDR]:5061): Input/output error
tport.c:555 tport_destroy() tport_destroy(0x7f0cf8046840)
2014-11-12 18:51:26.223262 [ERR] sofia.c:2847 Error Creating SIP UA for
profile: internal (sip:mod_sofia at EXTERN_IP_ADDR:5060;transport=udp,tcp)
ATTEMPT 1 (RETRY IN 5 SEC)

I can't find any tls.pem file referred to in any config file and a google
search of "tls.pem" yields many references to agent.pem, key.pem, foo.pem
but never "tls.pem"...

The gentls stuff in the wiki all seemed to work as I saw no errors and I
got agent.pem and cafile.pem and other miscellaneous files. Any thoughts on
this?

Thanks!
-MC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141112/e7b7e59e/attachment.html