<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
it is recommended to enable multi-process mode in the config-file for
an adequate function of OpenSER with TLS (fork=yes).<br>
<br>
Your log shows that OpenSER is not able to open the Socket for TLS,
which is, as far as I know, due to the fact that no child process could
have been started for that socket. <br>
<br>
Btw: Last year I set up an environment with MiniSIP as well where
everything worked well, referring to the descriptions in the
TLS-tutorial.<br>
<br>
Regards<br>
PC<br>
<br>
fengbin schrieb:
<blockquote
cite="mid:99f654280801100110o7bf25fddt8bdb1190a949082d@mail.gmail.com"
type="cite"><br clear="all">
Hi,all<br>
I met a strange problem while I am testing TLS connection between
minisip and openser.<br>
The following is my openser.cfg (part of that)<br>
<div align="left">
<blockquote>.........<br>
fork=no<br>
log_stderror=yes
<br>
<br>
# Uncomment this to prevent the blacklisting of temporary not available
destinations<br>
#disable_dns_blacklist=yes<br>
<br>
# # Uncomment this to prevent the IPv6 lookup after v4 dns lookup
failures<br>
#dns_try_ipv6=no
<br>
<br>
# uncomment the following lines for TLS support<br>
disable_tls = 0<br>
listen = tls:<a moz-do-not-send="true" href="http://10.11.57.197:5060">10.11.57.197:5060</a><br>
<br>
<br>
tls_verify_client = 1<br>
tls_method = TLSv1<br>
tls_certificate = "/usr/local/etc/openser//tls/user/user-
cert.pem"<br>
tls_private_key = "/usr/local/etc/openser//tls/user/user-privkey.pem"<br>
tls_ca_list = "/usr/local/etc/openser//tls/user/user-calist.pem"<br>
tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
<br>
......<br>
</blockquote>
When I set "tls:<a moz-do-not-send="true"
href="http://10.11.57.197:5061">10.11.57.197:5061</a>" the
registration never succeed. But if I set it to 5060 the registration
over TLS is OK.<br>
I compared the log of two scenarioes and found the TLS session both are
OK,but the difference is that:
<br>
when the port is 5061 there is an error of forwarding. but the
forwarding is because openser think it's not the destination of <br>
the registration request. See bellow:<br>
<blockquote>Jan 10 16:46:56 [9199] DBG:rr:after_loose: No next URI
found
<br>
Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if host==us:
12==12 && [<a moz-do-not-send="true" href="http://10.11.57.197">10.11.57.197</a>]
== [<a moz-do-not-send="true" href="http://10.11.57.197">10.11.57.197</a>]<br>
Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: <font color="#ff0000">checking
if port 5061 matches port 5060</font><br>
Jan 10 16:46:56 [9199] DBG:core:check_self:<font color="#ff0000"> host
!= me</font><br>
Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff
<br>
Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on entrance=0xffffffff<br>
Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff<br>
Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=78<br>
Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: start searching:
hash=58073, isACK=0
<br>
Jan 10 16:46:56 [9199] DBG:tm:matching_3261: RFC3261 transaction
matching failed<br>
Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no transaction found<br>
Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS lookup...
<br>
Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst: failed to<font
color="#ff0000"> fwd t</font>o af 2, proto 1 (no corresponding
listening socket)<br>
Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack: failure to add
branches
<br>
</blockquote>
<br>
<br>
With comparition to that when the port is set to 5060 the trace is :<br>
<blockquote>Jan 10 17:07:59 [9410] DBG:rr:find_next_route: No next
Route HF found<br>
Jan 10 17:07:59 [9410] DBG:rr:after_loose: No next URI found
<br>
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us:
12==12 && [<a moz-do-not-send="true" href="http://10.11.57.197">10.11.57.197</a>]
== [<a moz-do-not-send="true" href="http://10.11.57.197">10.11.57.197</a>]<br>
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060
matches port 5060
<br>
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us:
12==12 && [<a moz-do-not-send="true" href="http://10.11.57.197">10.11.57.197</a>]
== [<a moz-do-not-send="true" href="http://10.11.57.197">10.11.57.197</a>]<br>
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: <font color="#ff0000">checking
if port 5060 matches port 5060</font><br>
Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff<br>
Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=8000000<br>
Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff
<br>
Jan 10 17:07:59 [9410] DBG:registrar:build_contact: created Contact HF:
Contact: <a class="moz-txt-link-rfc2396E" href="sip:888@10.11.57.192:5061;transport=TLS"><sip:888@10.11.57.192:5061;transport=TLS></a>;expires=1000<br>
<br>
</blockquote>
<br>
<br>
And there is no fwd needed then.So the error didnt occur.
<br>
<br>
Its a little bit strange that when I set the port to 5061,why did
openser check the port 5060?????<br>
Can anyone help me to figure it out?<br>
THX<br>
BR<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<blockquote><br>
</blockquote>
</div>
<br>
<br>
-- <br>
Fengbin
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.openser.org">Users@lists.openser.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openser.org/cgi-bin/mailman/listinfo/users">http://lists.openser.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Christian Prechtl
A-1100 Wien
Kundratstraße 16/3/4/62
Mobile: +43 664 5205764
<a class="moz-txt-link-freetext" href="sip:8656261@sipgate.at">sip:8656261@sipgate.at</a>
<a class="moz-txt-link-freetext" href="Callto:c.prechl">Callto:c.prechl</a>
<a class="moz-txt-link-freetext" href="mailto:christian.prechtl@gmx.net">mailto:christian.prechtl@gmx.net</a></pre>
</body>
</html>