[Devel] minisip openser tls
merdal at comcast.net
merdal at comcast.net
Fri Jan 27 16:52:22 CET 2006
Hi,
I am trying to use openser as a proxy and use TLS between openser and minisip. I am using textui. Does anybody have a .minisip.conf file that I can use as a reference for this?
The sniffer shows encrypted TCP packets, but the REGISTER request is not encrypted.
Following error appears on minisip console:
"Some error occured while reading from StreamSocket"
Following error appears on the openser console:
"
3(32299) tls_accept: Error in SSL:
3(32299) tls_error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
"
My .minisip.conf
<account>
<account_name> My account </account_name>
<sip_uri> admin at 10.10.20.69 </sip_uri>
<proxy_addr> 10.10.20.69 </proxy_addr>
<register> yes </register>
<proxy_port> 5061 </proxy_port>
<proxy_username>admin</proxy_username>
<proxy_password>heslo</proxy_password>
<pstn_account> no </pstn_account>
<default_account> yes </default_account>
</account>
<transport> tls </transport>
<tcp_server>yes</tcp_server>
<tls_server>yes</tls_server>
<secured>yes</secured>
<ka_type>dh</ka_type>
<psk>Unspecified PSK</psk>
<certificate>/root/minisip/cert.pem</certificate>
<private_key>/root/minisip/privkey.pem</private_key>
<ca_certificate>/root/minisip/calist.pem</ca_certificate>
<dh_enabled>yes</dh_enabled>
<psk_enabled>no</psk_enabled>
<check_cert>no</check_cert>
<local_udp_port> 5060 </local_udp_port>
<local_tcp_port> 5060 </local_tcp_port>
<local_tls_port> 5061 </local_tls_port>
<local_media_port> 10000 </local_media_port>
<sound_device>/dev/dsp</sound_device>
<codec_prio_1>PCMu</codec_prio_1>
<codec_prio_2>iLBC</codec_prio_2>
<phonebook>file:///root/.minisip.addr</phonebook>
I generated the pem files using the openser tls tutorial.
My openser.cfg file:
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
#log_stderror=no # (cmd line: -E)
log_stderror=yes
/* Uncomment these lines to enter debugging mode
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/openser_fifo"
#
# uncomment the following lines for TLS support
disable_tls = 0
listen = tls:10.10.20.69:5061
tls_verify = 0
tls_require_certificate = 0
#tls_method = SSLv23
tls_method = SSLv3
#tls_method = TLSv1
tls_certificate = "/usr/local/etc/openser/tls/ca/openserX/cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/ca/openserX/privkey.pem"
tls_ca_list = "/usr/local/etc/openser/tls/ca/openserX/calist.pem"
Thanks,
-Muhammet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openser.org/pipermail/devel/attachments/20060127/2eb48178/attachment.htm
More information about the Devel
mailing list