1 Oct
2021
1 Oct
'21
10:04 p.m.
Hello,
I'm wondering if anyone had any issues yesterday with the expiration of
the DST Root CA X3 cert?
Out of all the servers I manage, only a couple were affected (debian 8).
They were production servers so we replaced the cert with a different one
to solve the issue while we find the root cause.
Anyone out there had any issues yesterday because of this? I'm just curious!
Joel.
1 Oct
1 Oct
10:11 p.m.
Hi,
I had some issues with docker containers running debian 9, I was not able
to connect to services that were using Lets Encrypt certs from those
containers, strange enough update-ca-certificates --fresh from inside
container didn't help. Deleting docker images and recreating from scratch
made everything work again. Host was running Ubuntu 20 and it had no
problem at all, I was able to connect to the same services from the host
without any manipulations on the host.
Jurijs
On Fri, Oct 1, 2021 at 10:06 PM Joel Serrano <joel(a)textplus.com> wrote:
Hello,
I'm wondering if anyone had any issues yesterday with the expiration of
the DST Root CA X3 cert?
Out of all the servers I manage, only a couple were affected (debian 8).
They were production servers so we replaced the cert with a different one
to solve the issue while we find the root cause.
Anyone out there had any issues yesterday because of this? I'm just
curious!
Joel.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
10:56 p.m.
Kamailio related? Some old firmware EOL Yealink phones stopped trusting
Lets Encrypt issued cert. Some old softphones as well.
Otherwise, Postman refusing to connect, they pushed an update earlier today.
Overall, it was "fun".
Cheers,
--Sergiu
On Fri, Oct 1, 2021 at 3:12 PM Jurijs Ivolga <jurijs.ivolga(a)gmail.com>
wrote:
Hi,
I had some issues with docker containers running debian 9, I was not able
to connect to services that were using Lets Encrypt certs from those
containers, strange enough update-ca-certificates --fresh from inside
container didn't help. Deleting docker images and recreating from scratch
made everything work again. Host was running Ubuntu 20 and it had no
problem at all, I was able to connect to the same services from the host
without any manipulations on the host.
Jurijs
On Fri, Oct 1, 2021 at 10:06 PM Joel Serrano <joel(a)textplus.com> wrote:
Hello,
I'm wondering if anyone had any issues yesterday with the expiration of
the DST Root CA X3 cert?
Out of all the servers I manage, only a couple were affected (debian 8).
They were production servers so we replaced the cert with a different one
to solve the issue while we find the root cause.
Anyone out there had any issues yesterday because of this? I'm just
curious!
Joel.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
8 Oct
8 Oct
6:23 p.m.
Hello,
in total we had three customer incidents (two server related, one client related) because
of this, one of them was a major incident.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of Joel Serrano
Sent: Friday, October 1, 2021 9:05 PM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: [SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration 30th/Sept - Any
issues?
Hello,
I'm wondering if anyone had any issues yesterday with the expiration of the DST Root
CA X3 cert?
Out of all the servers I manage, only a couple were affected (debian 8). They were
production servers so we replaced the cert with a different one to solve the issue while
we find the root cause.
Anyone out there had any issues yesterday because of this? I'm just curious!
Joel.
6:48 p.m.
New subject: pua_json_publish is not realtime...
Hey there,
I have this, as per documentation, that I assume is going to push out
the publish events real-time as that is what the docs indicate...
===
event_route[xhttp:request] {
$var(call-id) = $(rb{json.parse,Call-ID});
if ($(rb{json.parse,Event-Package}) == "dialog") {
xlog("L_INFO", "$var(call-id)|log|received
$(rb{json.parse,Event-Package}) update for $(rb{json.parse,From})");
pua_json_publish($rb);
}
}
===
Problem is, it does NOT send out a notification - the BLFs do not change UNTIL the devices
do a re-subscribe....
Does anyone know what I am missing?
Thanks In Advance....
Jerry
9 Oct
9 Oct
1:22 a.m.
New subject: Ring Groups not publishing status for BLFs
Hey there Kamailio Users....
I have followed the guidance of: https://kamailio.org/docs/modules/5.1.x/modules/tm.html
I have created a dial code '8888' and will change the URI and add a few others...
------------
request_route {
if($rU=~"^8888$") {
seturi("sip:a@example.com");
append_branch("sip:b@example.com");
append_branch("sip:c@example.com");
append_branch("sip:d@example.com");
t_relay();
}
}
-----------------
It works great BUT....
There no PUBLISH events sent out, as a result, no BLFs flash,etc...
Also, no audio on the line when I pick up the phone.
If I call the dest directly, everything works as expected..
Any ideas?
Jerry
10 Oct
10 Oct
4:58 a.m.
New subject: add branch during onreply_route..
Hey there,
Is there a way to add a new branch to a call in the onreply_route if
the result is a redirect?
OpenSIPS has this 't_inject_branches()' function that allows you to add
another branch to an existing transaction...if needed...
Is there some mechanism to do this in Kamailio?
Any ideas?
Jerry
11 Oct
11 Oct
3:16 p.m.
New subject: pua_json_publish is not realtime...
Can you attach a sip subscribe message and json payload ($rb) which you
expect to send a notify to the subscribe?
On Fri, Oct 8, 2021 at 11:49 AM Jerry Kendall <
Jerry.Kendall(a)bishophosting.com> wrote:
Hey there,
I have this, as per documentation, that I assume is going to push out the
publish events real-time as that is what the docs indicate...
===
event_route[xhttp:request] {
$var(call-id) = $(rb{json.parse,Call-ID});
if ($(rb{json.parse,Event-Package}) == "dialog") {
xlog("L_INFO", "$var(call-id)|log|received
$(rb{json.parse,Event-Package}) update for $(rb{json.parse,From})");
pua_json_publish($rb);
}
}
===
Problem is, it does NOT send out a notification - the BLFs do not change UNTIL the
devices do a re-subscribe....
Does anyone know what I am missing?
Thanks In Advance....
Jerry
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
8 Oct
8 Oct
7:28 p.m.
Some of our internal API have started to fail and most of software update
routines jammed up as a result until we figured out how to cope with that
issue.
Not the first one and certainly not the last. In general PKI/TLS is by
design prone to issues like this and I am sad industry has not come up with
anything better yet to communicate over insecure channels. :( Noise
protocol certainly holds lots of potential in my view but mills of IETF
mill slowly, so we are going to be suffering for many years to come I am
afraid.
-Max
On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt, <hw(a)skalatan.de> wrote:
Hello,
in total we had three customer incidents (two server related, one client
related) because of this, one of them was a major incident.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org> *On Behalf Of *Joel
Serrano
*Sent:* Friday, October 1, 2021 9:05 PM
*To:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
*Subject:* [SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration
30th/Sept - Any issues?
Hello,
I'm wondering if anyone had any issues yesterday with the expiration of
the DST Root CA X3 cert?
Out of all the servers I manage, only a couple were affected (debian 8).
They were production servers so we replaced the cert with a different one
to solve the issue while we find the root cause.
Anyone out there had any issues yesterday because of this? I'm just
curious!
Joel.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
8:49 p.m.
Like our comrades at APIBAN. Had to patch the CA list on older linux
distros to get this restarted.
Oct 8 10:20:21 kamailio[8476]: WARNING: http_client [functions.c:308]:
curL_request_url(): TLS server certificate validation error (No valid CA
cert) (url: https://apiban.org/api/...)
@Fred, all good out there bud? lol
On Fri, Oct 8, 2021 at 12:30 PM Maxim Sobolev <sobomax(a)sippysoft.com> wrote:
Some of our internal API have started to fail and most
of software update
routines jammed up as a result until we figured out how to cope with that
issue.
Not the first one and certainly not the last. In general PKI/TLS is by
design prone to issues like this and I am sad industry has not come up with
anything better yet to communicate over insecure channels. :( Noise
protocol certainly holds lots of potential in my view but mills of IETF
mill slowly, so we are going to be suffering for many years to come I am
afraid.
-Max
On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt, <hw(a)skalatan.de>
wrote:
Hello,
in total we had three customer incidents (two server related, one client
related) because of this, one of them was a major incident.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org> *On Behalf Of *Joel
Serrano
*Sent:* Friday, October 1, 2021 9:05 PM
*To:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
*Subject:* [SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration
30th/Sept - Any issues?
Hello,
I'm wondering if anyone had any issues yesterday with the expiration of
the DST Root CA X3 cert?
Out of all the servers I manage, only a couple were affected (debian 8).
They were production servers so we replaced the cert with a different one
to solve the issue while we find the root cause.
Anyone out there had any issues yesterday because of this? I'm just
curious!
Joel.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
9:08 p.m.
A client had Digium phones that hated the expired part of the cert as
well. Had to hack out the cross-signing to make them happy.
On Fri, Oct 8, 2021 at 12:49 PM Sergiu Pojoga <pojogas(a)gmail.com> wrote:
Like our comrades at APIBAN. Had to patch the CA list
on older linux
distros to get this restarted.
Oct 8 10:20:21 kamailio[8476]: WARNING: http_client [functions.c:308]:
curL_request_url(): TLS server certificate validation error (No valid CA
cert) (url: https://apiban.org/api/...)
@Fred, all good out there bud? lol
On Fri, Oct 8, 2021 at 12:30 PM Maxim Sobolev <sobomax(a)sippysoft.com>
wrote:
Some of our internal API have started to fail and
most of software update
routines jammed up as a result until we figured out how to cope with that
issue.
Not the first one and certainly not the last. In general PKI/TLS is by
design prone to issues like this and I am sad industry has not come up with
anything better yet to communicate over insecure channels. :( Noise
protocol certainly holds lots of potential in my view but mills of IETF
mill slowly, so we are going to be suffering for many years to come I am
afraid.
-Max
On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt, <hw(a)skalatan.de>
wrote:
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hello,
in total we had three customer incidents (two server related, one client
related) because of this, one of them was a major incident.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org> *On Behalf Of *Joel
Serrano
*Sent:* Friday, October 1, 2021 9:05 PM
*To:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
*Subject:* [SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration
30th/Sept - Any issues?
Hello,
I'm wondering if anyone had any issues yesterday with the expiration of
the DST Root CA X3 cert?
Out of all the servers I manage, only a couple were affected (debian 8).
They were production servers so we replaced the cert with a different one
to solve the issue while we find the root cause.
Anyone out there had any issues yesterday because of this? I'm just
curious!
Joel.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
9:09 p.m.
On 10/8/21 1:49 PM, Sergiu Pojoga wrote:
Like our comrades at APIBAN. Had to patch the CA list
on older linux
distros to get this restarted.
Oct 8 10:20:21 kamailio[8476]: WARNING: http_client [functions.c:308]:
curL_request_url(): TLS server certificate validation error (No valid CA
cert) (url: https://apiban.org/api/.. <https://apiban.org/api/..>.)
@Fred, all good out there bud? lol
The only problems I'm seeing are on local systems that don't trust the
cert as the apiban cert is valid. If the system has the updated CA, the
request will work.
"if clients of your API are using OpenSSL, they must use version 1.1.0
or later"
Fred Posner | palner.com
Matrix: @fred:matrix.lod.com
o: +1 (212) 937-7844
9 Oct
9 Oct
2:15 p.m.
Here we had problems with clients using an Auerswald PBX showing the
following error message:
503: Certificate Validation Failure
SSL-Error 10: certificate has expired, depth=3 /O=Digital Signature
Trust Co./CN=DST Root CA X3 )
Regards,
Matthias
On 08.10.21 19:49, Sergiu Pojoga wrote:
Like our comrades at APIBAN. Had to patch the CA list
on older linux
distros to get this restarted.
Oct 8 10:20:21 kamailio[8476]: WARNING: http_client
[functions.c:308]: curL_request_url(): TLS server certificate
validation error (No valid CA cert) (url: https://apiban.org/api/..
<https://apiban.org/api/..>.)
@Fred, all good out there bud? lol
On Fri, Oct 8, 2021 at 12:30 PM Maxim Sobolev <sobomax(a)sippysoft.com
<mailto:sobomax@sippysoft.com>> wrote:
Some of our internal API have started to fail and most of software
update routines jammed up as a result until we figured out how to
cope with that issue.
Not the first one and certainly not the last. In general PKI/TLS
is by design prone to issues like this and I am sad industry has
not come up with anything better yet to communicate over insecure
channels. :( Noise protocol certainly holds lots of potential in
my view but mills of IETF mill slowly, so we are going to be
suffering for many years to come I am afraid.
-Max
On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt,
<hw(a)skalatan.de <mailto:hw@skalatan.de>> wrote:
Hello,
in total we had three customer incidents (two server related,
one client related) because of this, one of them was a major
incident.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
<https://skalatan.de/blog/>
Kamailio services – https://gilawa.com <https://gilawa.com/>
*From:* sr-users <sr-users-bounces(a)lists.kamailio.org
<mailto:sr-users-bounces@lists.kamailio.org>> *On Behalf Of
*Joel Serrano
*Sent:* Friday, October 1, 2021 9:05 PM
*To:* Kamailio (SER) - Users Mailing List
<sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org>>
*Subject:* [SR-Users] Let's Encrypt DST Root CA X3 cert CA
expiration 30th/Sept - Any issues?
Hello,
I'm wondering if anyone had any issues yesterday with the
expiration of the DST Root CA X3 cert?
Out of all the servers I manage, only a couple were affected
(debian 8). They were production servers so we replaced the
cert with a different one to solve the issue while we find the
root cause.
Anyone out there had any issues yesterday because of this? I'm
just curious!
Joel.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
<mailto:sr-users@lists.kamailio.org>
Important: keep the mailing list in the recipients, do not
reply only to the sender!
Edit mailing list options or unsubscribe:
*
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
<https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply
only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
<https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
1141
days inactive
1151
days old
12 comments
10 participants
participants (10)
-
E. Schmidbauer -
Fred Posner -
Henning Westerholt -
James Van Vleet -
Jerry Kendall -
Joel Serrano -
Jurijs Ivolga -
Matthias Wimmer -
Maxim Sobolev -
Sergiu Pojoga