Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Same vanilla version of ca-certificates:
root@ip-172-31-22-12:~# dpkg -l |grep ca-cert
ii ca-certificates 20230311 all Common CA certificates
and just to verify the same number of certs:
root@ip-172-31-22-12:~# ls -l /etc/ssl/certs/|wc -l
282
root@ip-172-31-22-12:~# ls -l /etc/ssl/certs/*.crt|wc -l
1
root@ip-172-31-22-12:~# ls -l /etc/ssl/certs/*.pem|wc -l
140
root@ip-172-31-22-12:~# find /etc/ssl/certs/ -mindepth 1 -not -name '*.crt' -and -not -name '*.pem' |wc -l
140
private_key and certificate are files instead of links in my case.
the cert is a static self-signed cert, is has not been changed since initial install.
the error is consistent on tls.reload:
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:345]: ksr_tls_fill_missing(): TLSs<default>: tls_method=25
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:357]: ksr_tls_fill_missing(): TLSs<default>: certificate='/etc/dsiprouter/certs/dsiprouter-cert.pem'
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:364]: ksr_tls_fill_missing(): TLSs<default>: ca_list='/etc/dsiprouter/certs/ca-list.pem'
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:371]: ksr_tls_fill_missing(): TLSs<default>: ca_path='/etc/dsiprouter/certs/ca'
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:378]: ksr_tls_fill_missing(): TLSs<default>: crl='(null)'
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:382]: ksr_tls_fill_missing(): TLSs<default>: require_certificate=1
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing(): TLSs<default>: cipher_list='(null)'
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:397]: ksr_tls_fill_missing(): TLSs<default>: private_key='/etc/dsiprouter/certs/dsiprouter-key.pem'
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:401]: ksr_tls_fill_missing(): TLSs<default>: verify_certificate=1
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:406]: ksr_tls_fill_missing(): TLSs<default>: verify_depth=9
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: INFO: tls [tls_domain.c:410]: ksr_tls_fill_missing(): TLSs<default>: verify_client=0
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: NOTICE: tls [tls_domain.c:1168]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='<default>' ...
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: ERROR: tls [tls_domain.c:590]: load_cert(): TLSs<default>: Unable to load certificate file '/etc/dsiprouter/certs/dsiprouter-cert.pem'
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:03000072:digital envelope routines::decode error (sni: unknown)
Feb 2 13:50:59 ip-172-31-22-12 /usr/sbin/kamailio[34076]: ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:0A00018F:SSL routines::ee key too small (sni: unknown)
the tls.reload error occurs whether kamailio is run as non-root system user and as root user.
it is definitely is not permissions.
what version of openssl are you on?
root@ip-172-31-22-12:~# openssl version
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.