On Thu, Jul 10, 2003, Andrei Pelinescu-Onciul wrote:
I agree it
would not be able to handle outgoing connections. Still,
this should allow TLS communication between the UA and its proxy
(especially REGISTER), correct me if I'm wrong.
Yes but only for a while :-) tcp connections time out after some time. If
they are not used, they will be closed. So the tcp connection between
ser and stunnel will be closed and then if ser wants to send something
back to your UA, it will try to open a new connection to it.
You could try to increase the default timeouts (see tcpconn.h:
TCP_CON_*_TIMEOUT).
Oh yes I had not thought about TCP timeouts :(. At least the
registration could go through TLS.
BTW: what tls-enabled sip uac do you use?
I just tried connecting to my stunnel with Windows Messenger, but it
failed with almost no reason given. I will tried to see what happens
with tcpdump.
It seems Messenger does not work with openssl (I don't know if it works
with something at all). It will go through the ssl handshake and
immediately after that it will close the underlying tcp connection
without any reason or error messages. It doesn't even bother to send a
ssl close notify.
Damn it! That's indeed what Ethereal showed me. Do you know any other
TLS-enabled SIP UA ?
--
Johan