<br clear="all">Hi,all<br>I met a strange problem while I am testing TLS connection between minisip and openser.<br>The following is my openser.cfg (part of that)<br><div align="left"><blockquote>.........<br>fork=no<br>log_stderror=yes
<br><br># Uncomment this to prevent the blacklisting of temporary not available destinations<br>#disable_dns_blacklist=yes<br><br># # Uncomment this to prevent the IPv6 lookup after v4 dns lookup failures<br>#dns_try_ipv6=no
<br><br># uncomment the following lines for TLS support<br>disable_tls = 0<br>listen = tls:<a href="http://10.11.57.197:5060">10.11.57.197:5060</a><br><br><br>tls_verify_client = 1<br>tls_method = TLSv1<br>tls_certificate = "/usr/local/etc/openser//tls/user/user-
cert.pem"<br>tls_private_key = "/usr/local/etc/openser//tls/user/user-privkey.pem"<br>tls_ca_list = "/usr/local/etc/openser//tls/user/user-calist.pem"<br>tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
<br>......<br></blockquote>When I set "tls:<a href="http://10.11.57.197:5061">10.11.57.197:5061</a>" the registration never succeed. But if I set it to 5060 the registration over TLS is OK.<br>I compared the log of two scenarioes and found the TLS session both are OK,but the difference is that:
<br>when the port is 5061 there is an error of forwarding. but the forwarding is because openser think it's not the destination of <br>the registration request. See bellow:<br><blockquote>Jan 10 16:46:56 [9199] DBG:rr:after_loose: No next URI found
<br>Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if host==us: 12==12 && [<a href="http://10.11.57.197">10.11.57.197</a>] == [<a href="http://10.11.57.197">10.11.57.197</a>]<br>Jan 10 16:46:56 [9199] DBG:core:grep_sock_info:
<font color="#ff0000">checking if port 5061 matches port 5060</font><br>Jan 10 16:46:56 [9199] DBG:core:check_self:<font color="#ff0000"> host != me</font><br>Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff
<br>Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on entrance=0xffffffff<br>Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff<br>Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=78<br>Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: start searching: hash=58073, isACK=0
<br>Jan 10 16:46:56 [9199] DBG:tm:matching_3261: RFC3261 transaction matching failed<br>Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no transaction found<br>Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS lookup...
<br>Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst: failed to<font color="#ff0000"> fwd t</font>o af 2, proto 1 (no corresponding listening socket)<br>Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack: failure to add branches
<br></blockquote><br><br>With comparition to that when the port is set to 5060 the trace is :<br><blockquote>Jan 10 17:07:59 [9410] DBG:rr:find_next_route: No next Route HF found<br>Jan 10 17:07:59 [9410] DBG:rr:after_loose: No next URI found
<br>Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12 && [<a href="http://10.11.57.197">10.11.57.197</a>] == [<a href="http://10.11.57.197">10.11.57.197</a>]<br>Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060 matches port 5060
<br>Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12 && [<a href="http://10.11.57.197">10.11.57.197</a>] == [<a href="http://10.11.57.197">10.11.57.197</a>]<br>Jan 10 17:07:59 [9410] DBG:core:grep_sock_info:
<font color="#ff0000">checking if port 5060 matches port 5060</font><br>Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff<br>Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=8000000<br>Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff
<br>Jan 10 17:07:59 [9410] DBG:registrar:build_contact: created Contact HF: Contact: <sip:888@10.11.57.192:5061;transport=TLS>;expires=1000<br><br></blockquote><br><br>And there is no fwd needed then.So the error didnt occur.
<br><br>Its a little bit strange that when I set the port to 5061,why did openser check the port 5060?????<br>Can anyone help me to figure it out?<br>THX<br>BR<br> <br><br><br><br><br><br><br><br><br><blockquote><br></blockquote>
</div><br><br>-- <br>Fengbin