On Aug 20, 2010 at 10:18, Couprie Geoffroy <geoffroy.couprie(a)atosorigin.com> wrote:
Hello,
I am testing TLS communication with Kamailio 3.0.2, and I encounter a strange problem. My
setup is like this:
Client <-UDP-> Proxy server <- TLS with client certificate authentication
-> Authentication server
192.168.24.1 192.168.24.128
192.168.24.129
The two servers are instance of Kamailio 3.0.2
When the client sends a REGISTER, the proxy retransmits the message to the authentication
server, which sends back a 401 Unauthorized. But it seems the proxy closes the TLS
connexion right after forwarding the REGISTER, and doesn't receive the 401 message.
The TLS handshake is OK, and the client certificate is required (I didn't add the
verification part yet). The REGISTER message goes through TLS, and is received by the
authentication server. Then, the proxy sends a TLS alert (Close-notify), and after that
message, the authentication server sends back the 401, and the proxy ignores that
message.
Could it be caused by a timeout? Is there a way to keep the TLS connection opened?
It looks like a bug.
Could you try the attached patch and report back if it fixes the
problem?
Here are the relevant files (I don't like to send mails of more than 100 lines):
authentication server configuration:
http://pastebin.com/QBmnNc4e
authentication server log:
http://pastebin.com/uYdHDG5G
proxy server configuration:
http://pastebin.com/8WPPJBtM
proxy server log:
http://pastebin.com/JTwJSKtk
I am just testing TLS, so I have tried to remove most of the irrelevant parts.
Thanks,
Andrei