Daniel-Constantin Mierla writes:
The error message seems to be related to failure to open `ca_list` file, not to `ca_path` -- can you check if `ca_list` is still set somewhere there to an invalid file path?
I checked and config file has only this:
modparam("tls", "config", "/etc/sip-proxy/tls.cfg")
and tls.cfg contains:
# more tls.cfg [client:default] verify_certificate = yes require_certificate = yes tls_method = TLSv1.2+ private_key = /etc/sip-proxy/certs/key.pem certificate = /etc/sip-proxy/certs/cert.pem ca_path = /etc/sip-proxy/certs/ca_list
[server:default] verify_certificate = yes require_certificate = no server_name = lohi.tutpro.com tls_method = TLSv1.1+ private_key = /etc/sip-proxy/certs/key.pem certificate = /etc/sip-proxy/certs/cert.pem ca_path = /etc/sip-proxy/certs/ca_list
There is no trace of ca_list anywhere. Also syslog shows that ca_list is null:
Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:322]: ksr_tls_fill_missing(): TLSs<default>: certificate='/etc/sip-proxy/certs/cert.pem' Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:329]: ksr_tls_fill_missing(): TLSs<default>: ca_list='(null)' Mar 23 13:19:03 lohi /usr/bin/sip-proxy[13983]: INFO: tls [tls_domain.c:336]: ksr_tls_fill_missing(): TLSs<default>: ca_path='/etc/sip-proxy/certs/ca_list'