11 Jan
2008
11 Jan
'08
11:29 a.m.
you have to load the xlog module
fengbin schrieb:
Dear,Klaus,
There is an error of " <xlog> not found" while I put that phrase
On 1/11/08, *Klaus Darilion* <klaus.mailinglists(a)pernau.at
<mailto:klaus.mailinglists@pernau.at>> wrote:
Hi Fengbin!
Cc'ed to the openser list ...
fengbin schrieb:
forwarding. but
the
next
URI
host !=
me
<http://10.11.57.197/>
flags=8000000
created
> Contact
> > HF: Contact:
> <sip:888@10.11.57.192:5061;transport=TLS>;expires=1000
> >
> >
> >
> > And there is no fwd needed then.So the error didnt occur.
------------------------------------------------------------------------
Hi,Klaus,
How to use NULL cipher? Only setting in Openser is ok? I mean do
I need
to set NULL cipher at client site?
Usually the NULL cipher is not enabled (for security reasons). You have
to enable it on both sides, the server and the client. But if you use
the following approach you do not need it.
And where to put
xlog("L_ERR","message buffer: $mb"); anywhere in
openser.cfg ?
Put it just in the beginning of the route block.
regards
klaus
THX
BR
On 1/11/08, *Klaus Darilion* < klaus.mailinglists(a)pernau.at
<mailto:klaus.mailinglists@pernau.at>
<mailto: klaus.mailinglists(a)pernau.at
<mailto:klaus.mailinglists@pernau.at>>> wrote:
The capture file is not helpful, as it is encrypted. You
could use NULL
cipher to have plaintext inside the TLS
connection to inspect the
incoming SIP message, or add xlog("L_ERR","message buffer:
$mb"); to see
the whole incoming SIP request.
regards
klaus
fengbin schrieb:
klaus.mailinglists(a)pernau.at
<mailto:klaus.mailinglists@pernau.at>
Hi,Klaus
Thank you for your reply.
The enclosed is the config file ,the pcap between client and
server and
> the log on the openser 's console.
> Could you please take a look at them for me?
>
> THX
> BR
>
>
> On 1/10/08, *Klaus Darilion* < <mailto:klaus.mailinglists@pernau.at
<mailto:klaus.mailinglists@pernau.at>>
> <mailto:
klaus.mailinglists(a)pernau.at
<mailto:klaus.mailinglists@pernau.at>
<mailto:klaus.mailinglists@pernau.at
<mailto:klaus.mailinglists@pernau.at>> >> wrote:
>
> Can you show us the REGISTER request? (both, port 5060
and
port 5061).
>
> Further show use your openser config
>
> regards
> klaus
>
> fengbin schrieb:
> >
> > Hi,all
> > I met a strange problem while I am testing TLS
connection
between
after
v4
> minisip and openser.
> The following is my openser.cfg (part of that)
>
> .........
> fork=no
> log_stderror=yes
>
> # Uncomment this to prevent the blacklisting of
temporary not
> > available destinations
> > #disable_dns_blacklist=yes
> >
> > # # Uncomment this to prevent the IPv6 lookup dns lookup
> > failures
> > #dns_try_ipv6=no
> >
> > # uncomment the following lines for TLS support
> > disable_tls = 0
> > listen = tls: 10.11.57.197:5060
<http://10.11.57.197:5060/>
< http://10.11.57.197:5060
<http://10.11.57.197:5060/>>
<http://10.11.57.197:5060
<http://10.11.57.197:5060/>>
> < http://10.11.57.197:5060
<http://10.11.57.197:5060/>>
> > >
> > >
> > > tls_verify_client = 1
> > > tls_method = TLSv1
> > > tls_certificate =
"/usr/local/etc/openser//tls/user/user-
> cert.pem"
> > tls_private_key =
> "/usr/local/etc/openser//tls/user/user- privkey.pem"
> > tls_ca_list =
"/usr/local/etc/openser//tls/user/user-
calist.pem"
> >
tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
> > ......
> >
> > When I set "tls: 10.11.57.197:5061
<http://10.11.57.197:5061/>
< http://10.11.57.197:5061
<http://10.11.57.197:5061/>>
<http://10.11.57.197:5061
<http://10.11.57.197:5061/>> <
http://10.11.57.197:5061 <http://10.11.57.197:5061/>>" the
> registration never succeed. But if I set it to 5060 the
registration
> over TLS is OK.
> I compared the log of two scenarioes and found the TLS
session
> both are
> > OK,but the difference is that:
> > when the port is 5061 there is an error of >
forwarding is because openser think it's not the
destination of
> > the registration request. See bellow:
> >
> > Jan 10 16:46:56 [9199] DBG:rr:after_loose: No found
<http://10.11.57.197/>
> Jan 10 16:46:56 [9199]
DBG:core:grep_sock_info:
checking if
> > host==us: 12==12 && [ 10.11.57.197 <http://10.11.57.197
<http://10.11.57.197/>> <
http://10.11.57.197
<http://10.11.57.197/>>
> <http://10.11.57.197
<http://10.11.57.197/> <
http://10.11.57.197
<http://10.11.57.197/>>>] ==
> > [10.11.57.197
<http://10.11.57.197/> <
http://10.11.57.197
<http://10.11.57.197/>>
< http://10.11.57.197
<http://10.11.57.197/>> <
http://10.11.57.197
<http://10.11.57.197/>>]
>
Jan 10 16:46:56 [9199] DBG:core:grep_sock_info:
checking if port
> > 5061 matches port 5060
> > Jan 10 16:46:56 [9199] DBG:core:check_self: > > Jan 10 16:46:56 [9199]
DBG:core:parse_headers:
> flags=ffffffffffffffff
> > Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on
> entrance=0xffffffff
> > Jan 10 16:46:56 [9199] DBG:core:parse_headers:
> flags=ffffffffffffffff
> > Jan 10 16:46:56 [9199] DBG:core:parse_headers:
flags=78
> > Jan 10 16:46:56 [9199]
DBG:tm:t_lookup_request:
start
searching:
> > hash=58073, isACK=0
> > Jan 10 16:46:56 [9199] DBG:tm:matching_3261:
RFC3261
transaction
lookup...
> > Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst:
failed
matching failed
Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no
transaction found
> Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS to fwd
5060 the
to af
> 2, proto 1 (no corresponding listening socket)
> Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack:
failure to
add
> > branches
> >
> >
> >
> > With comparition to that when the port is set to trace is :
> >
> > Jan 10 17:07:59 [9410] DBG:rr:find_next_route:
No
next
Route
> HF found
> > Jan 10 17:07:59 [9410] DBG:rr:after_loose: No
next
URI
found
<http://10.11.57.197/>
> Jan 10 17:07:59 [9410]
DBG:core:grep_sock_info:
checking if
> > host==us: 12==12 && [ 10.11.57.197 <http://10.11.57.197
<http://10.11.57.197/>> <
http://10.11.57.197
<http://10.11.57.197/>>
> <http://10.11.57.197
<http://10.11.57.197/>>] ==
> > [ 10.11.57.197 <http://10.11.57.197/> <
http://10.11.57.197 <http://10.11.57.197/>>
<http://10.11.57.197
<http://10.11.57.197/>> <
http://10.11.57.197
<http://10.11.57.197/>>]
>
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info:
checking if port
> > 5060 matches port 5060
> Jan 10 17:07:59 [9410]
DBG:core:grep_sock_info:
checking if
> > host==us: 12==12 && [10.11.57.197 < http://10.11.57.197
<http://10.11.57.197/>> <
http://10.11.57.197
<http://10.11.57.197/>>
> <http://10.11.57.197
<http://10.11.57.197/>>] ==
> > [ 10.11.57.197 <http://10.11.57.197/> <
http://10.11.57.197 <http://10.11.57.197/>> <
http://10.11.57.197
<http://10.11.57.197/>> <
http://10.11.57.197
<http://10.11.57.197/>>]
>
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info:
checking if port
5060
matches port 5060
Jan 10 17:07:59 [9410] DBG:core:parse_headers:
flags=ffffffffffffffff
> Jan 10 17:07:59 [9410] DBG:core:parse_headers: Jan
10 17:07:59 [9410] DBG:core:parse_headers:
flags=ffffffffffffffff
> Jan 10 17:07:59 [9410] DBG:registrar:build_contact:
>
> Its a little bit strange that when I set the port to
5061,why did
openser
check the port 5060?????
Can anyone help me to figure it out?
THX
BR
--
Fengbin
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)lists.openser.org
<mailto:Users@lists.openser.org> <mailto:Users@lists.openser.org
<mailto:Users@lists.openser.org>>
<mailto: Users(a)lists.openser.org
<mailto:Users@lists.openser.org> <mailto: Users(a)lists.openser.org
<mailto:Users@lists.openser.org>>>
--
Fengbin
--
Fengbin