PJSIP TLS register extensions problem
according to the documentations I have following specification and placed following configuration into pjsip.conf
###pjsip.conf###
…
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5062
local_net=192.168.13.0/255.255.255.0
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
ca_list_file=/etc/asterisk/keys/ca.txt
ca_list_path=/etc/asterisk/keys
cipher=ADH-AES256-SHA256,ADH-AES128-SHA256,ADH-AES128-GCM-SHA256,ADH-CAMELLIA256-SHA256
method=TLSv1
…
Conclusion the extensions based on tls transport never got registered.
Any others unsecured registrations (udp, tcp ) works fine.
opensssl ver:OpenSSL 1.1.0f 25 May 2017
system debian 9.4 64bit
Restart Asterisk when changing transport properties to guarantee that they take effect. PJSIP internally doesn’t have a mechanism for reloading, so there is experimental code (disabled by default) to allow it but it does it in a way which may not work fully in all cases.
###messages
…
[Mar 21 10:40:55] NOTICE[6963] loader.c: 297 modules will be loaded.
[Mar 21 10:40:55] WARNING[6963] loader.c: Error loading module ‘res_srtp.so’: /usr/lib/asterisk/modules/res_srtp.so: undefined symbol: crypto_policy_set_rtp_default
[Mar 21 10:40:55] NOTICE[6963] cdr.c: CDR simple logging enabled.
[Mar 21 10:40:55] WARNING[6963] res_phoneprov.c: Unable to find a valid server address or name.
[Mar 21 10:40:55] NOTICE[6963] sdp_translator.c: Placed ops 0x7f04a622f1e0 at slot 1
[Mar 21 10:40:55] NOTICE[6963] chan_skinny.c: Configuring skinny from skinny.conf
[Mar 21 10:40:55] ERROR[6963] ari/config.c: No configured users for ARI
[Mar 21 10:40:55] NOTICE[6963] confbridge/conf_config_parser.c: Adding default_menu menu to app_confbridge
[Mar 21 10:40:55] NOTICE[6963] cel_custom.c: No mappings found in cel_custom.conf. Not logging CEL to custom CSVs.
[Mar 21 10:40:56] WARNING[6963] res_hep_rtcp.c: res_hep is disabled; declining module load
[Mar 21 10:40:56] WARNING[6963] res_hep_pjsip.c: res_hep is disabled; declining module load
[Mar 21 10:41:15] NOTICE[7023] chan_sip.c: Peer ‘dom’ is now Reachable. (3ms / 2000ms)
[Mar 21 10:41:15] NOTICE[7023] chan_sip.c: Received SIP subscribe for peer without mailbox: dom
[Mar 21 10:41:23] WARNING[6989] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> len: 0
[Mar 21 10:41:24] WARNING[6989] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> len: 0
[Mar 21 10:41:25] WARNING[6989] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> len: 0
[Mar 21 10:41:27] WARNING[6989] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> len: 0
…
It could be related with a line:
WARNING[6963] res_phoneprov.c: Unable to find a valid server address or name.
Currently I have got two asterisk system:
Asterisk 15.3.0 built by root @ x-xxx on a x86_64 running Linux on 2018-03-19 16:36:53 UTC
Asterisk UNKNOWN__and_probably_unsupported built by root @ x-xxx on a x86_64 running Linux on 2018-03-20 19:32:37 UTC
The first one installed form source.
the other one (fresh version) form github
both shows the same error