<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,<br>
</p>
<br>
<div class="moz-cite-prefix">On 27.10.17 17:12, Francisco Valentin
Vinagrero wrote:<br>
</div>
<blockquote type="cite"
cite="mid:D344618A4B7B0F4ABA8047A07E92D47401F66C55B3@CERNXCHG51.cern.ch">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.gmail-im
{mso-style-name:gmail-im;}
span.m1328597007067765309apple-converted-space
{mso-style-name:m_1328597007067765309apple-converted-space;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle27
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:2078478996;
mso-list-type:hybrid;
mso-list-template-ids:203219240 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi
all,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I’m
still stuck with this even if I built a new VM to avoid any
buggy configuration.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Some
thoughts on this:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span
style="mso-list:Ignore">1.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I
have tried to change verify_certificate = no on my server
section of tls.cfg, so ideally the remote certificate will
not be verified, but this is not changing anything.</span></p>
</div>
</blockquote>
to understand properly, even if you have verify_certificate = no,
the certificated is verified and fails?<br>
<br>
Otherwise I don't have access to Skype for Business 2015, so I
cannot troubleshoot much.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<blockquote type="cite"
cite="mid:D344618A4B7B0F4ABA8047A07E92D47401F66C55B3@CERNXCHG51.cern.ch">
<div class="WordSection1">
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo2"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span
style="mso-list:Ignore">2.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">My
Kamailio cluster is part of a DNS alias, but the alias is
defined as alias=<myalias>:5061 in the Kamailio.cfg.
Could this be affecting somehow the verification? My tls.cfg
only has server:default and client:default section.<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span
style="mso-list:Ignore">3.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Every
time I reload the configuration, the TLS info and debug
messages for client and server are coherent with what I
would expect from my tls.cfg:<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:278]: fill_missing(): TLSs<default>:
tls_method=20
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:290]: fill_missing(): TLSs<default>:
certificate='/usr/local/etc/kamailio/tls/myCert.pem'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:297]: fill_missing(): TLSs<default>:
ca_list='/usr/local/etc/kamailio/tls/myCAfile.pem'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:304]: fill_missing(): TLSs<default>:
crl='(null)'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:308]: fill_missing(): TLSs<default>:
require_certificate=1
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:315]: fill_missing(): TLSs<default>:
cipher_list='(null)'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:322]: fill_missing(): TLSs<default>:
private_key='/usr/local/etc/kamailio/tls/myKey.pem'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:326]: fill_missing(): TLSs<default>:
verify_certificate=1
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:329]: fill_missing(): TLSs<default>:
verify_depth=9
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_domain.c:968]: fix_domain(): using tls methods
range: 20
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_domain.c:566]: load_crl(): TLSs<default>: No
CRL
configured
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:658]: set_verification():
TLSs<default>: Client MUST present valid
certificate
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:278]: fill_missing(): TLSc<default>:
tls_method=20
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:290]: fill_missing(): TLSc<default>:
certificate='/usr/local/etc/kamailio/tls/myCert.pem'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:297]: fill_missing(): TLSc<default>:
ca_list='/usr/local/etc/kamailio/tls/myCAfile.pem'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:304]: fill_missing(): TLSc<default>:
crl='(null)'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:308]: fill_missing(): TLSc<default>:
require_certificate=1
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:315]: fill_missing(): TLSc<default>:
cipher_list='(null)'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:322]: fill_missing(): TLSc<default>:
private_key='/usr/local/etc/kamailio/tls/myKey.pem'
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:326]: fill_missing(): TLSc<default>:
verify_certificate=1
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:329]: fill_missing(): TLSc<default>:
verify_depth=9
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_domain.c:968]: fix_domain(): using tls methods
range: 20
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_domain.c:566]: load_crl(): TLSc<default>: No
CRL
configured
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">INFO:
tls [tls_domain.c:658]: set_verification():
TLSc<default>: Server MUST present valid
certificate
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_domain.c:1119]: load_private_key():
TLSs<default>: Key
'/usr/local/etc/kamailio/tls/myKey.pem' successfuly loaded
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_domain.c:1119]: load_private_key():
TLSc<default>: Key
'/usr/local/etc/kamailio/tls/myKey.pem' successfuly loaded
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_rpc.c:82]: tls_reload(): TLS configuration
successfuly loaded
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span
style="mso-list:Ignore">4.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">When
the first handshake begins after reloading, it goes to the
TLSs default domain:<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
<core> [ip_addr.c:229]: print_ip(): tcpconn_new: new
tcp connection:
188.185.115.181
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
<core> [tcp_main.c:985]: tcpconn_new(): on port 56404,
type
3
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
<core> [tcp_main.c:1295]: tcpconn_add(): hashes:
2351:1920:1122,
168
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
<core> [io_wait.h:376]: io_watch_add(): DBG:
io_watch_add(0xa25be0, 30, 2, 0x7ff243558420),
fd_no=21
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
<core> [io_wait.h:598]: io_watch_del(): DBG:
io_watch_del (0xa25be0, 30, -1, 0x0) fd_no=22
called
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
<core> [tcp_main.c:4131]: handle_tcpconn_ev(): sending
to child, events 1
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
<core> [tcp_main.c:3813]: send2child(): selected tcp
worker 2 13(13472) for activity on
[tls:<myLocalIP>:5061], 0x7ff243558420
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
<core> [tcp_read.c:1566]: handle_io(): received n=8
con=0x7ff243558420,
fd=8
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_server.c:197]: tls_complete_init(): completing tls
connection
initialization
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">DEBUG:
tls [tls_server.c:226]: tls_complete_init(): Using initial
TLS domain TLSs<default> (dom 0x7ff242d79b40 ctx
0x7ff2430cc448 sn [])
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span
style="mso-list:Ignore">5.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I
wonder if anyone has configured this with Skype for Business
2015 lately? Any clue?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Cheers,
Francisco.<o:p></o:p></span></p>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
Kamailio World Conference - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>
</body>
</html>