_______________________________________________Thanks Daniel and Sergiu!The other think I notice is that kamcmd tls.reload causes the following error:Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_domain.c:572]: load_ca_list(): TLSc<default>: Unable to load CA list '/etc/dsiprouter/certs/cacert.pem'Jun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D0AB041:asn1 encoding routines:x509_name_ex_new:malloc failureJun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failureJun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failureJun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D079041:asn1 encoding routines:asn1_item_embed_new:malloc failureJun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 errorJun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 libJun 18 12:05:47 sbc2 /usr/sbin/kamailio[32058]: ERROR: tls [tls_util.h:42]: tls_err_ret(): load_ca_list:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM libIf I restart Kamailio it works fine. Let me know if you have any thoughts on this.On Jun 18, 2020, at 2:42 AM, Daniel-Constantin Mierla <miconda@gmail.com> wrote:Hello,
see:
https://www.kamailio.org/docs/modules/stable/modules/tls.html#tls.p.xavp_cfg
And the OPTIONS keepalive can be handled in event_route[tm:local-request].
Cheers,
Daniel
On 18.06.20 02:48, Mack Hendricks wrote:
Yeah...I’m aware. I was just checking if dispatcher could match on the ip:port just in case I wanted to support other use cases with my Kamailio instance. I read thru the source and it looks like the uac module is being used to initiate the OPTIONS message.
Sent from my iPhone
On Jun 17, 2020, at 8:09 PM, Sergiu Pojoga <pojogas@gmail.com> wrote:
_______________________________________________Hi Mack,
You wouldn't have the burden of handling multiple domains whatsoever if you followed Microsoft's recommendations on how to configure SBC Teams for multiple tenants. Dispatcher would be used only for carrier's base domain.
On Wed, Jun 17, 2020, 7:11 PM Mack Hendricks, <mack@dopensource.com> wrote:
_______________________________________________Hey All,
I'm attempting to use dispatcher to send probe messages using TLS for two different domains. I'm providing the socket attribute, which maps to a certificate in /etc/kamailio/tls.cfg. But, it seems to always select the default client cert, which is not the certificate I want to use.
My attrs column in dispatcher looks like this:
socket=tls:142.93.159.231:5061;ping_from=sip:mack.dopensource.com
socket=tls:142.93.159.231:5062;ping_from=sip:levin.dopensource.com
Is there some way to force dispatcher to do TLS cert matching based on the host:ip?
Thanks
-Mack
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Funding: https://www.paypal.me/dcmierla
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users