<div>Dear,Klaus,</div>
<div> </div>
<div>There is an error of " <xlog> not found" while I put that phrase <br><br> </div>
<div><span class="gmail_quote">On 1/11/08, <b class="gmail_sendername">Klaus Darilion</b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@pernau.at
</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hi Fengbin!<br><br>Cc'ed to the openser list ...<br><br>fengbin schrieb:<br>> Hi,Klaus,<br>><br>
> How to use NULL cipher? Only setting in Openser is ok? I mean do I need<br>> to set NULL cipher at client site?<br><br>Usually the NULL cipher is not enabled (for security reasons). You have<br>to enable it on both sides, the server and the client. But if you use
<br>the following approach you do not need it.<br><br>> And where to put xlog("L_ERR","message buffer: $mb"); anywhere in<br>> openser.cfg ?<br><br>Put it just in the beginning of the route block.
<br><br>regards<br>klaus<br><br>> THX<br>> BR<br>><br>><br>> On 1/11/08, *Klaus Darilion* <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:klaus.mailinglists@pernau.at" target="_blank">
klaus.mailinglists@pernau.at</a><br>> <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:klaus.mailinglists@pernau.at" target="_blank"> klaus.mailinglists@pernau.at</a>>> wrote:<br>
><br>> The capture file is not helpful, as it is encrypted. You could use NULL<br>> cipher to have plaintext inside the TLS connection to inspect the<br>> incoming SIP message, or add xlog("L_ERR","message buffer: $mb"); to see
<br>> the whole incoming SIP request.<br>><br>> regards<br>> klaus<br>><br>> fengbin schrieb: <br>> > Hi,Klaus<br>> > Thank you for your reply.<br>> > The enclosed is the config file ,the pcap between client and
<br>> server and<br>> > the log on the openser 's console. <br>> > Could you please take a look at them for me?<br>> ><br>> > THX<br>> > BR<br>> >
<br>> ><br>> > On 1/10/08, *Klaus Darilion* <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:klaus.mailinglists@pernau.at" target="_blank"> klaus.mailinglists@pernau.at</a><br>
> <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@pernau.at</a>><br>> > <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:klaus.mailinglists@pernau.at" target="_blank">
klaus.mailinglists@pernau.at </a><br>> <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@pernau.at</a>> >> wrote:
<br>> ><br>> > Can you show us the REGISTER request? (both, port 5060 and <br>> port 5061).<br>> ><br>> > Further show use your openser config<br>> ><br>
> > regards<br>> > klaus<br>> ><br>> > fengbin schrieb: <br>> > ><br>> > > Hi,all<br>> > > I met a strange problem while I am testing TLS connection
<br>> between<br>> > > minisip and openser.<br>> > > The following is my openser.cfg (part of that)<br>> > ><br>> > > .........<br>> > > fork=no
<br>> > > log_stderror=yes <br>> > ><br>> > > # Uncomment this to prevent the blacklisting of<br>> temporary not<br>> > > available destinations
<br>> > > #disable_dns_blacklist=yes <br>> > ><br>> > > # # Uncomment this to prevent the IPv6 lookup after v4<br>> dns lookup<br>> > > failures
<br>> > > #dns_try_ipv6=no <br>> > ><br>> > > # uncomment the following lines for TLS support<br>> > > disable_tls = 0<br>> > > listen = tls:
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5060/" target="_blank">10.11.57.197:5060</a><br>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5060/" target="_blank">
http://10.11.57.197:5060</a>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5060/" target="_blank">http://10.11.57.197:5060</a>><br>> > <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5060/" target="_blank">
http://10.11.57.197:5060</a>><br>> > ><br>> > ><br>> > > tls_verify_client = 1<br>> > > tls_method = TLSv1<br>> > > tls_certificate = "/usr/local/etc/openser//tls/user/user-
<br>> > cert.pem"<br>> > > tls_private_key =<br>> > "/usr/local/etc/openser//tls/user/user- privkey.pem"<br>> > > tls_ca_list = "/usr/local/etc/openser//tls/user/user-
<br>> calist.pem"<br>> > > tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"<br>> > > ......<br>> > ><br>> > > When I set "tls:
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5061/" target="_blank">10.11.57.197:5061</a><br>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5061/" target="_blank">
http://10.11.57.197:5061</a>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5061/" target="_blank">http://10.11.57.197:5061</a>> <<br>> > <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5061/" target="_blank">
http://10.11.57.197:5061</a>>" the<br>> > > registration never succeed. But if I set it to 5060 the<br>> registration<br>> > > over TLS is OK. <br>> > > I compared the log of two scenarioes and found the TLS
<br>> session<br>> > both are<br>> > > OK,but the difference is that:<br>> > > when the port is 5061 there is an error of forwarding. but the <br>> > > forwarding is because openser think it's not the
<br>> destination of<br>> > > the registration request. See bellow:<br>> > ><br>> > > Jan 10 16:46:56 [9199] DBG:rr:after_loose: No next URI <br>> found
<br>> > > Jan 10 16:46:56 [9199] DBG:core:grep_sock_info:<br>> checking if<br>> > > host==us: 12==12 && [ <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
10.11.57.197 </a><br>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>><br>> > <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a> < <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>>>] ==<br>> > > [<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">10.11.57.197</a> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>><br>> < <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>>]<br>> > > Jan 10 16:46:56 [9199] DBG:core:grep_sock_info:<br>> checking if port <br>> > > 5061 matches port 5060<br>> > > Jan 10 16:46:56 [9199] DBG:core:check_self: host != me
<br>> > > Jan 10 16:46:56 [9199] DBG:core:parse_headers: <br>> > flags=ffffffffffffffff<br>> > > Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on<br>> > entrance=0xffffffff
<br>> > > Jan 10 16:46:56 [9199] DBG:core:parse_headers: <br>> > flags=ffffffffffffffff<br>> > > Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=78<br>> > > Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: start
<br>> searching:<br>> > > hash=58073, isACK=0<br>> > > Jan 10 16:46:56 [9199] DBG:tm:matching_3261: RFC3261<br>> transaction<br>> > > matching failed
<br>> > > Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no<br>> > transaction found<br>> > > Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS<br>> lookup...
<br>> > > Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst: failed<br>> to fwd<br>> > to af<br>> > > 2, proto 1 (no corresponding listening socket)<br>> > > Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack:
<br>> failure to add<br>> > > branches<br>> > ><br>> > ><br>> > ><br>> > > With comparition to that when the port is set to 5060 the
<br>> trace is :<br>> > ><br>> > > Jan 10 17:07:59 [9410] DBG:rr:find_next_route: No next<br>> Route<br>> > HF found<br>> > > Jan 10 17:07:59 [9410] DBG:rr:after_loose: No next URI
<br>> found<br>> > > Jan 10 17:07:59 [9410] DBG:core:grep_sock_info:<br>> checking if<br>> > > host==us: 12==12 && [ <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
10.11.57.197 </a><br>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>><br>> > <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a>>] == <br>> > > [
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">10.11.57.197</a> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>><br>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a>> < <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>>]<br>> > > Jan 10 17:07:59 [9410] DBG:core:grep_sock_info:<br>> checking if port<br>> > > 5060 matches port 5060 <br>> > > Jan 10 17:07:59 [9410] DBG:core:grep_sock_info:
<br>> checking if<br>> > > host==us: 12==12 && [<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">10.11.57.197</a><br>> <
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>><br>> > <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a>>] ==<br>> > > [
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">10.11.57.197</a> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197</a>> <<br>> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">http://10.11.57.197</a>> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
http://10.11.57.197 </a>>]<br>> > > Jan 10 17:07:59 [9410] DBG:core:grep_sock_info:<br>> checking if port<br>> > > 5060 matches port 5060<br>> > > Jan 10 17:07:59 [9410] DBG:core:parse_headers:
<br>> > flags=ffffffffffffffff<br>> > > Jan 10 17:07:59 [9410] DBG:core:parse_headers:<br>> flags=8000000<br>> > > Jan 10 17:07:59 [9410] DBG:core:parse_headers:
<br>> > flags=ffffffffffffffff<br>> > > Jan 10 17:07:59 [9410] DBG:registrar:build_contact:<br>> created<br>> > Contact<br>> > > HF: Contact:
<br>> > <sip:888@10.11.57.192:5061;transport=TLS>;expires=1000<br>> > ><br>> > ><br>> > ><br>> > > And there is no fwd needed
then.So the error didnt occur.<br>> > ><br>> > > Its a little bit strange that when I set the port to<br>> 5061,why did<br>> > > openser check the port 5060?????
<br>> > > Can anyone help me to figure it out?<br>> > > THX<br>> > > BR<br>> > ><br>> > ><br>> > ><br>> > >
<br>> > ><br>> > ><br>> > ><br>> > ><br>> > ><br>> > ><br>> > ><br>> > >
<br>> > > --<br>> > > Fengbin<br>> > ><br>> > ><br>> > ><br>> ><br>> ------------------------------------------------------------------------
<br>> > ><br>> > > _______________________________________________<br>> > > Users mailing list<br>> > > <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Users@lists.openser.org" target="_blank">
Users@lists.openser.org</a> <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Users@lists.openser.org" target="_blank">Users@lists.openser.org</a>><br>> <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Users@lists.openser.org" target="_blank">
Users@lists.openser.org</a> <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Users@lists.openser.org" target="_blank"> Users@lists.openser.org</a>>><br>> > > <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.openser.org/cgi-bin/mailman/listinfo/users" target="_blank">
http://lists.openser.org/cgi-bin/mailman/listinfo/users</a><br>> ><br>> > <br>> ><br>> ><br>> > --<br>> > Fengbin<br>> ><br>><br>><br>>
<br>><br>> --<br>> Fengbin<br></blockquote></div><br><br clear="all"><br>-- <br>Fengbin