Hi,Klaus Thank you for your reply. The enclosed is the config file ,the pcap between client and server and the log on the openser 's console. Could you please take a look at them for me?
THX BR
On 1/10/08, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Can you show us the REGISTER request? (both, port 5060 and port 5061).
Further show use your openser config
regards klaus
fengbin schrieb:
Hi,all I met a strange problem while I am testing TLS connection between minisip and openser. The following is my openser.cfg (part of that)
......... fork=no log_stderror=yes # Uncomment this to prevent the blacklisting of temporary not available destinations #disable_dns_blacklist=yes # # Uncomment this to prevent the IPv6 lookup after v4 dns lookup failures #dns_try_ipv6=no # uncomment the following lines for TLS support disable_tls = 0 listen = tls:10.11.57.197:5060 <http://10.11.57.197:5060> tls_verify_client = 1 tls_method = TLSv1 tls_certificate = "/usr/local/etc/openser//tls/user/user- cert.pem" tls_private_key = "/usr/local/etc/openser//tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/openser//tls/user/user-calist.pem" tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA" ......When I set "tls:10.11.57.197:5061 http://10.11.57.197:5061" the registration never succeed. But if I set it to 5060 the registration over TLS is OK. I compared the log of two scenarioes and found the TLS session both are OK,but the difference is that: when the port is 5061 there is an error of forwarding. but the forwarding is because openser think it's not the destination of the registration request. See bellow:
Jan 10 16:46:56 [9199] DBG:rr:after_loose: No next URI found Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if host==us: 12==12 && [10.11.57.197 <http://10.11.57.197>] == [10.11.57.197 <http://10.11.57.197>] Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if port 5061 matches port 5060 Jan 10 16:46:56 [9199] DBG:core:check_self: host != me Jan 10 16:46:56 [9199] DBG:core:parse_headers:flags=ffffffffffffffff
Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on entrance=0xffffffff Jan 10 16:46:56 [9199] DBG:core:parse_headers:flags=ffffffffffffffff
Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=78 Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: start searching: hash=58073, isACK=0 Jan 10 16:46:56 [9199] DBG:tm:matching_3261: RFC3261 transaction matching failed Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no transaction found Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS lookup... Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst: failed to fwd to af 2, proto 1 (no corresponding listening socket) Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack: failure to add branchesWith comparition to that when the port is set to 5060 the trace is :
Jan 10 17:07:59 [9410] DBG:rr:find_next_route: No next Route HFfound
Jan 10 17:07:59 [9410] DBG:rr:after_loose: No next URI found Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12 && [10.11.57.197 <http://10.11.57.197>] == [10.11.57.197 <http://10.11.57.197>] Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060 matches port 5060 Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12 && [10.11.57.197 <http://10.11.57.197>] == [10.11.57.197 <http://10.11.57.197>] Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060 matches port 5060 Jan 10 17:07:59 [9410] DBG:core:parse_headers:flags=ffffffffffffffff
Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=8000000 Jan 10 17:07:59 [9410] DBG:core:parse_headers:flags=ffffffffffffffff
Jan 10 17:07:59 [9410] DBG:registrar:build_contact: created Contact HF: Contact: <sip:888@10.11.57.192:5061;transport=TLS>;expires=1000And there is no fwd needed then.So the error didnt occur.
Its a little bit strange that when I set the port to 5061,why did openser check the port 5060????? Can anyone help me to figure it out? THX BR
-- Fengbin
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users