<div>Hi,Klaus</div>
<div>Thank you for your reply.</div>
<div>The enclosed is the config file ,the pcap between client and server and the log on the openser 's console.</div>
<div>Could you please take a look at them for me?</div>
<div> </div>
<div>THX</div>
<div>BR<br><br> </div>
<div><span class="gmail_quote">On 1/10/08, <b class="gmail_sendername">Klaus Darilion</b> <<a href="mailto:klaus.mailinglists@pernau.at">klaus.mailinglists@pernau.at</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Can you show us the REGISTER request? (both, port 5060 and port 5061).<br><br>Further show use your openser config
<br><br>regards<br>klaus<br><br>fengbin schrieb:<br>><br>> Hi,all<br>> I met a strange problem while I am testing TLS connection between<br>> minisip and openser.<br>> The following is my openser.cfg (part of that)
<br>><br>> .........<br>> fork=no<br>> log_stderror=yes<br>><br>> # Uncomment this to prevent the blacklisting of temporary not<br>> available destinations<br>> #disable_dns_blacklist=yes
<br>><br>> # # Uncomment this to prevent the IPv6 lookup after v4 dns lookup<br>> failures<br>> #dns_try_ipv6=no<br>><br>> # uncomment the following lines for TLS support<br>> disable_tls = 0
<br>> listen = tls:<a href="http://10.11.57.197:5060">10.11.57.197:5060</a> <<a href="http://10.11.57.197:5060">http://10.11.57.197:5060</a>><br>><br>><br>> tls_verify_client = 1<br>> tls_method = TLSv1
<br>> tls_certificate = "/usr/local/etc/openser//tls/user/user- cert.pem"<br>> tls_private_key = "/usr/local/etc/openser//tls/user/user-privkey.pem"<br>> tls_ca_list = "/usr/local/etc/openser//tls/user/user-
calist.pem"<br>> tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"<br>> ......<br>><br>> When I set "tls:<a href="http://10.11.57.197:5061">10.11.57.197:5061</a> <<a href="http://10.11.57.197:5061">
http://10.11.57.197:5061</a>>" the<br>> registration never succeed. But if I set it to 5060 the registration<br>> over TLS is OK.<br>> I compared the log of two scenarioes and found the TLS session both are
<br>> OK,but the difference is that:<br>> when the port is 5061 there is an error of forwarding. but the<br>> forwarding is because openser think it's not the destination of<br>> the registration request. See bellow:
<br>><br>> Jan 10 16:46:56 [9199] DBG:rr:after_loose: No next URI found<br>> Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if<br>> host==us: 12==12 && [<a href="http://10.11.57.197">
10.11.57.197</a> <<a href="http://10.11.57.197">http://10.11.57.197</a>>] ==<br>> [<a href="http://10.11.57.197">10.11.57.197</a> <<a href="http://10.11.57.197">http://10.11.57.197</a>>]<br>> Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if port
<br>> 5061 matches port 5060<br>> Jan 10 16:46:56 [9199] DBG:core:check_self: host != me<br>> Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff<br>> Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on entrance=0xffffffff
<br>> Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff<br>> Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=78<br>> Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: start searching:
<br>> hash=58073, isACK=0<br>> Jan 10 16:46:56 [9199] DBG:tm:matching_3261: RFC3261 transaction<br>> matching failed<br>> Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no transaction found<br>
> Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS lookup...<br>> Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst: failed to fwd to af<br>> 2, proto 1 (no corresponding listening socket)<br>> Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack: failure to add
<br>> branches<br>><br>><br>><br>> With comparition to that when the port is set to 5060 the trace is :<br>><br>> Jan 10 17:07:59 [9410] DBG:rr:find_next_route: No next Route HF found<br>> Jan 10 17:07:59 [9410] DBG:rr:after_loose: No next URI found
<br>> Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if<br>> host==us: 12==12 && [<a href="http://10.11.57.197">10.11.57.197</a> <<a href="http://10.11.57.197">http://10.11.57.197</a>>] ==
<br>> [<a href="http://10.11.57.197">10.11.57.197</a> <<a href="http://10.11.57.197">http://10.11.57.197</a>>]<br>> Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port<br>> 5060 matches port 5060
<br>> Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if<br>> host==us: 12==12 && [<a href="http://10.11.57.197">10.11.57.197</a> <<a href="http://10.11.57.197">http://10.11.57.197</a>>] ==
<br>> [<a href="http://10.11.57.197">10.11.57.197</a> <<a href="http://10.11.57.197">http://10.11.57.197</a>>]<br>> Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port<br>> 5060 matches port 5060
<br>> Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff<br>> Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=8000000<br>> Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff
<br>> Jan 10 17:07:59 [9410] DBG:registrar:build_contact: created Contact<br>> HF: Contact: <sip:888@10.11.57.192:5061;transport=TLS>;expires=1000<br>><br>><br>><br>> And there is no fwd needed
then.So the error didnt occur.<br>><br>> Its a little bit strange that when I set the port to 5061,why did<br>> openser check the port 5060?????<br>> Can anyone help me to figure it out?<br>> THX<br>> BR
<br>><br>><br>><br>><br>><br>><br>><br>><br>><br>><br>><br>><br>> --<br>> Fengbin<br>><br>><br>> ------------------------------------------------------------------------<br>
><br>> _______________________________________________<br>> Users mailing list<br>> <a href="mailto:Users@lists.openser.org">Users@lists.openser.org</a><br>> <a href="http://lists.openser.org/cgi-bin/mailman/listinfo/users">
http://lists.openser.org/cgi-bin/mailman/listinfo/users</a><br></blockquote></div><br><br clear="all"><br>-- <br>Fengbin