<div>Hi,Christian</div>
<div>Thank you for your reply :-)</div>
<div>I checked the config file and found that in my config file fork is yes. My fault on pasting the configure in my last email.</div>
<div>So it means it seem not to be related to fork.</div>
<div>BTW,do you mean the TLS-tutorial "<a href="http://www.openser.org/docs/tls.html">http://www.openser.org/docs/tls.html</a>" ?</div>
<div>if not ,can you give me the URL?</div>
<div>THX</div>
<div>BR<br><br> </div>
<div><span class="gmail_quote">On 1/10/08, <b class="gmail_sendername">Christian Prechtl</b> <<a href="mailto:christian.prechtl@gmx.net">christian.prechtl@gmx.net</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div text="#000000" bgcolor="#ffffff">Hi,<br><br>it is recommended to enable multi-process mode in the config-file for an adequate function of OpenSER with TLS (fork=yes).<br><br>Your log shows that OpenSER is not able to open the Socket for TLS, which is, as far as I know, due to the fact that no child process could have been started for that socket.
<br><br>Btw: Last year I set up an environment with MiniSIP as well where everything worked well, referring to the descriptions in the TLS-tutorial.<br><br>Regards<br>PC<br><br>fengbin schrieb:
<blockquote type="cite">
<div><span class="e" id="q_1176369f494ebdb3_1"><br clear="all">Hi,all<br>I met a strange problem while I am testing TLS connection between minisip and openser.<br>The following is my openser.cfg (part of that)<br>
<div align="left">
<blockquote>.........<br>fork=no<br>log_stderror=yes <br><br># Uncomment this to prevent the blacklisting of temporary not available destinations<br>#disable_dns_blacklist=yes<br><br># # Uncomment this to prevent the IPv6 lookup after v4 dns lookup failures
<br>#dns_try_ipv6=no <br><br># uncomment the following lines for TLS support<br>disable_tls = 0<br>listen = tls:<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5060/" target="_blank">10.11.57.197:5060
</a><br><br><br>tls_verify_client = 1<br>tls_method = TLSv1<br>tls_certificate = "/usr/local/etc/openser//tls/user/user- cert.pem"<br>tls_private_key = "/usr/local/etc/openser//tls/user/user-privkey.pem"
<br>tls_ca_list = "/usr/local/etc/openser//tls/user/user-calist.pem"<br>tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA" <br>......<br></blockquote>When I set "tls:<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197:5061/" target="_blank">
10.11.57.197:5061</a>" the registration never succeed. But if I set it to 5060 the registration over TLS is OK.<br>I compared the log of two scenarioes and found the TLS session both are OK,but the difference is that:
<br>when the port is 5061 there is an error of forwarding. but the forwarding is because openser think it's not the destination of <br>the registration request. See bellow:<br>
<blockquote>Jan 10 16:46:56 [9199] DBG:rr:after_loose: No next URI found <br>Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if host==us: 12==12 && [<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
10.11.57.197</a>] == [<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">10.11.57.197</a>]<br>Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: <font color="#ff0000">checking if port 5061 matches port 5060
</font><br>Jan 10 16:46:56 [9199] DBG:core:check_self:<font color="#ff0000"> host != me</font><br>Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff <br>Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on entrance=0xffffffff
<br>Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff<br>Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=78<br>Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: start searching: hash=58073, isACK=0
<br>Jan 10 16:46:56 [9199] DBG:tm:matching_3261: RFC3261 transaction matching failed<br>Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no transaction found<br>Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS lookup...
<br>Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst: failed to<font color="#ff0000"> fwd t</font>o af 2, proto 1 (no corresponding listening socket)<br>Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack: failure to add branches
<br></blockquote><br><br>With comparition to that when the port is set to 5060 the trace is :<br>
<blockquote>Jan 10 17:07:59 [9410] DBG:rr:find_next_route: No next Route HF found<br>Jan 10 17:07:59 [9410] DBG:rr:after_loose: No next URI found <br>Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12 && [
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">10.11.57.197</a>] == [<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
10.11.57.197</a>]<br>Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060 matches port 5060 <br>Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12 && [<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">
10.11.57.197</a>] == [<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.11.57.197/" target="_blank">10.11.57.197</a>]<br>Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: <font color="#ff0000">checking if port 5060 matches port 5060
</font><br>Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff<br>Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=8000000<br>Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff <br>
Jan 10 17:07:59 [9410] DBG:registrar:build_contact: created Contact HF: Contact: <a><sip:888@10.11.57.192:5061;transport=TLS></a>;expires=1000<br><br></blockquote><br><br>And there is no fwd needed then.So the error didnt occur.
<br><br>Its a little bit strange that when I set the port to 5061,why did openser check the port 5060?????<br>Can anyone help me to figure it out?<br>THX<br>BR<br><br><br><br><br><br><br><br><br><br>
<blockquote><br></blockquote></div><br><br>-- <br>Fengbin </span></div><pre><hr width="90%" size="4">
_______________________________________________
Users mailing list
<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Users@lists.openser.org" target="_blank">Users@lists.openser.org</a>
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.openser.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.openser.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote><br><pre cols="72">--
Christian Prechtl
A-1100 Wien
Kundratstraße 16/3/4/62
Mobile: +43 664 5205764
<a>sip:8656261@sipgate.at</a>
<a>Callto:c.prechl</a>
<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:christian.prechtl@gmx.net" target="_blank">mailto:christian.prechtl@gmx.net</a></pre></div></blockquote></div><br><br clear="all"><br>-- <br>Fengbin