Hello Klaus,
thank you very much! I really appreciate your help!
I followed your instructions and I hope that the attached file includes the necessary informations.
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 10:50 An: Andreas Rehbein Betreff: Re: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hi Klaus!
Yes, the crash happens everytime (and immediately) when I push the "Register"-Button in snoms web-gui.
I attached the backtrace-file, but until now I did not rebuild kamailio
with
-DDBG_QM_MALLOC. Please let me know if it's necessary.
the log only shows the last function call. Please start gdb again and at the gdb prompt generate a backtrace by entering bt, e.g:
(gdb) bt
regards klaus
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 09:35 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: [SR-Users] TLS problems
Hi Andreas!
Maybe this is the same bug I reported yesterday. Unfortunately I can not reproduce the crash anymore.
Does the crash happen everytime?
Kamailio produced a core dump:
0(6257) ALERT: <core> [main.c:725]: core was generated
So please send a the backtrace: # gdb kamailio /path/to/corefile
bt
Location of the core file is usually / or /tmp or the kamailio's working directory. Use # cat /proc/sys/kernel/core_pattern to find the exact location of the core dump.
Further, it might be useful to enable memory debugging:
- in Makefile.defs use -DDBG_QM_MALLOC instead of -DF_MALLOC and
rebuild/reinstall kamailio
- set higher loglevels in kamailio.cfg memlog=3 memdbg=3 debug=3 modparam("tls", "tls_log", 3)
Note: this excessive logging makes kamailio start/stop real slow and logfile will increase rapidly (might fill up your hard disk)
regards klaus
Andreas Rehbein schrieb:
Hi,
Ive installed Kamailio 3.0 on RHEL5 and activated the mysql backend and tls support. Everything works fine with Soft User Agent Phoner lite. My Problem is: If I try to register a snom 370 Kamailio crashes immediatly. What is wrong? Any suggestions?
Debug:
17(6290) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection: 192.168.0.222
17(6290) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 1430, type
3
17(6290) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes: 978:1690:1400, 1
17(6290) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x8222fe0, 31, 2, 0xb613a2b8), fd_no=24
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 31, -1, 0x0) fd_no=25 called
17(6290) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1
17(6290) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 0 13(6283), 0xb613a2b8
13(6283) DEBUG: <core> [tcp_read.c:884]: received n=4 con=0xb613a2b8,
fd=8
13(6283) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default>
17(6290) DEBUG: <core> [tcp_main.c:2826]: DBG: handle_tcp_child: dead tcp child 0 (pid 6283, no 13) (shutting down?)
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 24, -1, 0x0) fd_no=24 called
17(6290) : <core> [pass_fd.c:283]: ERROR: receive_fd: EOF on 4
17(6290) DEBUG: <core> [tcp_main.c:3038]: DBG: handle_ser_child: dead child 13, pid 6283 (shutting down?)
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 4, -1, 0x0) fd_no=23 called
0(6257) ALERT: <core> [main.c:722]: child process 6283 exited by a signal 11
0(6257) ALERT: <core> [main.c:725]: core was generated
0(6257) INFO: <core> [main.c:737]: INFO: terminating due to SIGCHLD
17(6290) INFO: <core> [main.c:788]: INFO: signal 15 received
15(6286) INFO: <core> [main.c:788]: INFO: signal 15 received
16(6289) INFO: <core> [main.c:788]: INFO: signal 15 received
12(6281) INFO: <core> [main.c:788]: INFO: signal 15 received
14(6285) INFO: <core> [main.c:788]: INFO: signal 15 received
10(6278) INFO: <core> [main.c:788]: INFO: signal 15 received
6(6269) INFO: <core> [main.c:788]: INFO: signal 15 received
2(6261) INFO: <core> [main.c:788]: INFO: signal 15 received
11(6280) INFO: <core> [main.c:788]: INFO: signal 15 received
1(6260) INFO: <core> [main.c:788]: INFO: signal 15 received
9(6276) INFO: <core> [main.c:788]: INFO: signal 15 received
8(6272) INFO: <core> [main.c:788]: INFO: signal 15 received
3(6262) INFO: <core> [main.c:788]: INFO: signal 15 received
7(6270) INFO: <core> [main.c:788]: INFO: signal 15 received
5(6267) INFO: <core> [main.c:788]: INFO: signal 15 received
4(6265) INFO: <core> [main.c:788]: INFO: signal 15 received
0(6257) DEBUG: tm [t_funcs.c:122]: DEBUG: tm_shutdown : start
0(6257) DEBUG: tm [t_funcs.c:125]: DEBUG: tm_shutdown : emptying hash
table
0(6257) DEBUG: tm [t_funcs.c:127]: DEBUG: tm_shutdown : removing
semaphores
0(6257) DEBUG: tm [t_funcs.c:129]: DEBUG: tm_shutdown : destroying tmcb lists
0(6257) DEBUG: tm [t_funcs.c:132]: DEBUG: tm_shutdown : done
0(6257) DEBUG: tls [tls_init.c:621]: tls module final tls destroy
0(6257) DEBUG: <core> [mem/shm_mem.c:236]: shm_mem_destroy
0(6257) DEBUG: <core> [mem/shm_mem.c:239]: destroying the shared memory lock
0(6257) DEBUG: <core> [main.c:741]: terminating due to SIGCHLD
tia
sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
This is a different crash than the one I had.
which Linux version and which openssl version do you use?
regards klaus
Andreas Rehbein schrieb:
Hello Klaus,
thank you very much! I really appreciate your help!
I followed your instructions and I hope that the attached file includes the necessary informations.
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 10:50 An: Andreas Rehbein Betreff: Re: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hi Klaus!
Yes, the crash happens everytime (and immediately) when I push the "Register"-Button in snoms web-gui.
I attached the backtrace-file, but until now I did not rebuild kamailio
with
-DDBG_QM_MALLOC. Please let me know if it's necessary.
the log only shows the last function call. Please start gdb again and at the gdb prompt generate a backtrace by entering bt, e.g:
(gdb) bt
regards klaus
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 09:35 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: [SR-Users] TLS problems
Hi Andreas!
Maybe this is the same bug I reported yesterday. Unfortunately I can not reproduce the crash anymore.
Does the crash happen everytime?
Kamailio produced a core dump:
0(6257) ALERT: <core> [main.c:725]: core was generated
So please send a the backtrace: # gdb kamailio /path/to/corefile
bt
Location of the core file is usually / or /tmp or the kamailio's working directory. Use # cat /proc/sys/kernel/core_pattern to find the exact location of the core dump.
Further, it might be useful to enable memory debugging:
- in Makefile.defs use -DDBG_QM_MALLOC instead of -DF_MALLOC and
rebuild/reinstall kamailio
- set higher loglevels in kamailio.cfg memlog=3 memdbg=3 debug=3 modparam("tls", "tls_log", 3)
Note: this excessive logging makes kamailio start/stop real slow and logfile will increase rapidly (might fill up your hard disk)
regards klaus
Andreas Rehbein schrieb:
Hi,
I’ve installed Kamailio 3.0 on RHEL5 and activated the mysql backend and tls support. Everything works fine with Soft User Agent „Phoner lite“. My Problem is: If I try to register a „snom 370“ Kamailio crashes immediatly. What is wrong? Any suggestions?
Debug:
17(6290) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection: 192.168.0.222
17(6290) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 1430, type
3
17(6290) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes: 978:1690:1400, 1
17(6290) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x8222fe0, 31, 2, 0xb613a2b8), fd_no=24
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 31, -1, 0x0) fd_no=25 called
17(6290) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1
17(6290) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 0 13(6283), 0xb613a2b8
13(6283) DEBUG: <core> [tcp_read.c:884]: received n=4 con=0xb613a2b8,
fd=8
13(6283) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default>
17(6290) DEBUG: <core> [tcp_main.c:2826]: DBG: handle_tcp_child: dead tcp child 0 (pid 6283, no 13) (shutting down?)
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 24, -1, 0x0) fd_no=24 called
17(6290) : <core> [pass_fd.c:283]: ERROR: receive_fd: EOF on 4
17(6290) DEBUG: <core> [tcp_main.c:3038]: DBG: handle_ser_child: dead child 13, pid 6283 (shutting down?)
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 4, -1, 0x0) fd_no=23 called
0(6257) ALERT: <core> [main.c:722]: child process 6283 exited by a signal 11
0(6257) ALERT: <core> [main.c:725]: core was generated
0(6257) INFO: <core> [main.c:737]: INFO: terminating due to SIGCHLD
17(6290) INFO: <core> [main.c:788]: INFO: signal 15 received
15(6286) INFO: <core> [main.c:788]: INFO: signal 15 received
16(6289) INFO: <core> [main.c:788]: INFO: signal 15 received
12(6281) INFO: <core> [main.c:788]: INFO: signal 15 received
14(6285) INFO: <core> [main.c:788]: INFO: signal 15 received
10(6278) INFO: <core> [main.c:788]: INFO: signal 15 received
6(6269) INFO: <core> [main.c:788]: INFO: signal 15 received
2(6261) INFO: <core> [main.c:788]: INFO: signal 15 received
11(6280) INFO: <core> [main.c:788]: INFO: signal 15 received
1(6260) INFO: <core> [main.c:788]: INFO: signal 15 received
9(6276) INFO: <core> [main.c:788]: INFO: signal 15 received
8(6272) INFO: <core> [main.c:788]: INFO: signal 15 received
3(6262) INFO: <core> [main.c:788]: INFO: signal 15 received
7(6270) INFO: <core> [main.c:788]: INFO: signal 15 received
5(6267) INFO: <core> [main.c:788]: INFO: signal 15 received
4(6265) INFO: <core> [main.c:788]: INFO: signal 15 received
0(6257) DEBUG: tm [t_funcs.c:122]: DEBUG: tm_shutdown : start
0(6257) DEBUG: tm [t_funcs.c:125]: DEBUG: tm_shutdown : emptying hash
table
0(6257) DEBUG: tm [t_funcs.c:127]: DEBUG: tm_shutdown : removing
semaphores
0(6257) DEBUG: tm [t_funcs.c:129]: DEBUG: tm_shutdown : destroying tmcb lists
0(6257) DEBUG: tm [t_funcs.c:132]: DEBUG: tm_shutdown : done
0(6257) DEBUG: tls [tls_init.c:621]: tls module final tls destroy
0(6257) DEBUG: <core> [mem/shm_mem.c:236]: shm_mem_destroy
0(6257) DEBUG: <core> [mem/shm_mem.c:239]: destroying the shared memory lock
0(6257) DEBUG: <core> [main.c:741]: terminating due to SIGCHLD
tia
sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 11:29 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: [SR-Users] TLS problems
This is a different crash than the one I had.
which Linux version and which openssl version do you use?
regards klaus
Andreas Rehbein schrieb:
Hello Klaus,
thank you very much! I really appreciate your help!
I followed your instructions and I hope that the attached file includes
the
necessary informations.
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 10:50 An: Andreas Rehbein Betreff: Re: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hi Klaus!
Yes, the crash happens everytime (and immediately) when I push the "Register"-Button in snoms web-gui.
I attached the backtrace-file, but until now I did not rebuild kamailio
with
-DDBG_QM_MALLOC. Please let me know if it's necessary.
the log only shows the last function call. Please start gdb again and at the gdb prompt generate a backtrace by entering bt, e.g:
(gdb) bt
regards klaus
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 09:35 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: [SR-Users] TLS problems
Hi Andreas!
Maybe this is the same bug I reported yesterday. Unfortunately I can not reproduce the crash anymore.
Does the crash happen everytime?
Kamailio produced a core dump:
0(6257) ALERT: <core> [main.c:725]: core was generated
So please send a the backtrace: # gdb kamailio /path/to/corefile
bt
Location of the core file is usually / or /tmp or the kamailio's working directory. Use # cat /proc/sys/kernel/core_pattern to find the exact location of the core dump.
Further, it might be useful to enable memory debugging:
- in Makefile.defs use -DDBG_QM_MALLOC instead of -DF_MALLOC and
rebuild/reinstall kamailio
- set higher loglevels in kamailio.cfg memlog=3 memdbg=3 debug=3 modparam("tls", "tls_log", 3)
Note: this excessive logging makes kamailio start/stop real slow and logfile will increase rapidly (might fill up your hard disk)
regards klaus
Andreas Rehbein schrieb:
Hi,
Ive installed Kamailio 3.0 on RHEL5 and activated the mysql backend and
tls support. Everything works fine with Soft User Agent Phoner lite. My Problem is: If I try to register a snom 370 Kamailio crashes immediatly. What is wrong? Any suggestions?
Debug:
17(6290) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection:
192.168.0.222
17(6290) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 1430,
type
3
17(6290) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes: 978:1690:1400, 1
17(6290) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x8222fe0, 31,
2, 0xb613a2b8), fd_no=24
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 31, -1, 0x0) fd_no=25 called
17(6290) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1
17(6290) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 0 13(6283), 0xb613a2b8
13(6283) DEBUG: <core> [tcp_read.c:884]: received n=4 con=0xb613a2b8,
fd=8
13(6283) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default>
17(6290) DEBUG: <core> [tcp_main.c:2826]: DBG: handle_tcp_child: dead tcp child 0 (pid 6283, no 13) (shutting down?)
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 24, -1, 0x0) fd_no=24 called
17(6290) : <core> [pass_fd.c:283]: ERROR: receive_fd: EOF on 4
17(6290) DEBUG: <core> [tcp_main.c:3038]: DBG: handle_ser_child: dead child 13, pid 6283 (shutting down?)
17(6290) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8222fe0, 4,
-1, 0x0) fd_no=23 called
0(6257) ALERT: <core> [main.c:722]: child process 6283 exited by a signal 11
0(6257) ALERT: <core> [main.c:725]: core was generated
0(6257) INFO: <core> [main.c:737]: INFO: terminating due to SIGCHLD
17(6290) INFO: <core> [main.c:788]: INFO: signal 15 received
15(6286) INFO: <core> [main.c:788]: INFO: signal 15 received
16(6289) INFO: <core> [main.c:788]: INFO: signal 15 received
12(6281) INFO: <core> [main.c:788]: INFO: signal 15 received
14(6285) INFO: <core> [main.c:788]: INFO: signal 15 received
10(6278) INFO: <core> [main.c:788]: INFO: signal 15 received
6(6269) INFO: <core> [main.c:788]: INFO: signal 15 received
2(6261) INFO: <core> [main.c:788]: INFO: signal 15 received
11(6280) INFO: <core> [main.c:788]: INFO: signal 15 received
1(6260) INFO: <core> [main.c:788]: INFO: signal 15 received
9(6276) INFO: <core> [main.c:788]: INFO: signal 15 received
8(6272) INFO: <core> [main.c:788]: INFO: signal 15 received
3(6262) INFO: <core> [main.c:788]: INFO: signal 15 received
7(6270) INFO: <core> [main.c:788]: INFO: signal 15 received
5(6267) INFO: <core> [main.c:788]: INFO: signal 15 received
4(6265) INFO: <core> [main.c:788]: INFO: signal 15 received
0(6257) DEBUG: tm [t_funcs.c:122]: DEBUG: tm_shutdown : start
0(6257) DEBUG: tm [t_funcs.c:125]: DEBUG: tm_shutdown : emptying hash
table
0(6257) DEBUG: tm [t_funcs.c:127]: DEBUG: tm_shutdown : removing
semaphores
0(6257) DEBUG: tm [t_funcs.c:129]: DEBUG: tm_shutdown : destroying tmcb
lists
0(6257) DEBUG: tm [t_funcs.c:132]: DEBUG: tm_shutdown : done
0(6257) DEBUG: tls [tls_init.c:621]: tls module final tls destroy
0(6257) DEBUG: <core> [mem/shm_mem.c:236]: shm_mem_destroy
0(6257) DEBUG: <core> [mem/shm_mem.c:239]: destroying the shared memory
lock
0(6257) DEBUG: <core> [main.c:741]: terminating due to SIGCHLD
tia
sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA cert as trusted certificates, but TLS handshake is not successful. Is there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and QjSimple.
regards Klaus
Hi Klaus,
until now (OpenSER 1.3.x without client verification) it was not necessary to import certs into snom. To force the snom to send Messages via tls, you need to insert something like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but I'm sure you already knew)
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 13:17 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA cert as trusted certificates, but TLS handshake is not successful. Is there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and QjSimple.
regards Klaus
I managed to have SNOM 320 registering at kamailio-3.0 via TLS. But I do not have any crashes (openssl 0.9.8g-15+lenny6).
Andreas, when does the crash happen exactly: during TLS handshake or afterwards (you can for example use "ssldump port 5061" to debug the TLS connection)?
regards klaus
Andreas Rehbein schrieb:
Hi Klaus,
until now (OpenSER 1.3.x without client verification) it was not necessary to import certs into snom. To force the snom to send Messages via tls, you need to insert something like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but I'm sure you already knew)
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 13:17 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA cert as trusted certificates, but TLS handshake is not successful. Is there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and QjSimple.
regards Klaus
Hi Klaus,
this are the ssldump results:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< New TCP connection #1: 192.168.0.222(1619) <-> 192.168.0.89(5061) 1 1 0.2578 (0.2578) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.4212 (0.1633) S>C TCP FIN 1 0.4225 (0.0013) C>S TCP FIN
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Seems like snom doesn't offer compression methods...
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 16:07 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: AW: [SR-Users] TLS problems
I managed to have SNOM 320 registering at kamailio-3.0 via TLS. But I do not have any crashes (openssl 0.9.8g-15+lenny6).
Andreas, when does the crash happen exactly: during TLS handshake or afterwards (you can for example use "ssldump port 5061" to debug the TLS connection)?
regards klaus
Andreas Rehbein schrieb:
Hi Klaus,
until now (OpenSER 1.3.x without client verification) it was not necessary to import certs into snom. To force the snom to send Messages via tls, you need to insert something like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but
I'm
sure you already knew)
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 13:17 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA cert as trusted certificates, but TLS handshake is not successful. Is there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and
QjSimple.
regards Klaus
Is this proxy->phone or phone->proxy?
klaus
Andreas Rehbein schrieb:
Hi Klaus,
this are the ssldump results:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< New TCP connection #1: 192.168.0.222(1619) <-> 192.168.0.89(5061) 1 1 0.2578 (0.2578) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.4212 (0.1633) S>C TCP FIN 1 0.4225 (0.0013) C>S TCP FIN
Seems like snom doesn't offer compression methods...
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 16:07 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: AW: [SR-Users] TLS problems
I managed to have SNOM 320 registering at kamailio-3.0 via TLS. But I do not have any crashes (openssl 0.9.8g-15+lenny6).
Andreas, when does the crash happen exactly: during TLS handshake or afterwards (you can for example use "ssldump port 5061" to debug the TLS connection)?
regards klaus
Andreas Rehbein schrieb:
Hi Klaus,
until now (OpenSER 1.3.x without client verification) it was not necessary to import certs into snom. To force the snom to send Messages via tls, you need to insert something like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but
I'm
sure you already knew)
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 13:17 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA cert as trusted certificates, but TLS handshake is not successful. Is there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and
QjSimple.
regards Klaus
Hi,
this is the phone->proxy case (traced on Proxy 192.168.0.89).
I also traced the successful case (Phoner Lite Register - phone->proxy):
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< New TCP connection #1: 192.168.0.176(1723) <-> 192.168.0.89(5061) 1 1 0.5784 (0.5784) C>S Handshake ClientHello Version 3.1 cipher suites Unknown value 0x39 Unknown value 0x38 Unknown value 0x35 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0x33 Unknown value 0x32 Unknown value 0x2f TLS_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 compression methods NULL 1 2 0.5811 (0.0027) S>C Handshake ServerHello Version 3.1 session_id[0]=
cipherSuite Unknown value 0x35 compressionMethod NULL 1 3 0.5811 (0.0000) S>C Handshake Certificate 1 4 0.5811 (0.0000) S>C Handshake ServerHelloDone 1 5 0.5830 (0.0019) C>S Handshake ClientKeyExchange 1 6 0.5830 (0.0000) C>S ChangeCipherSpec 1 7 0.5830 (0.0000) C>S Handshake 1 8 0.5870 (0.0040) S>C ChangeCipherSpec 1 9 0.5870 (0.0000) S>C Handshake 1 10 0.5908 (0.0037) C>S application_data 1 11 0.6204 (0.0296) S>C application_data 1 12 0.6241 (0.0037) C>S application_data 1 13 0.6848 (0.0606) S>C application_data 1 14 0.6884 (0.0035) C>S application_data 1 15 0.6890 (0.0006) S>C application_data 1 16 0.6934 (0.0043) C>S application_data 1 17 0.6947 (0.0013) S>C application_data
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Montag, 25. Januar 2010 09:59 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: AW: AW: [SR-Users] TLS problems
Is this proxy->phone or phone->proxy?
klaus
Andreas Rehbein schrieb:
Hi Klaus,
this are the ssldump results:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< New TCP connection #1: 192.168.0.222(1619) <-> 192.168.0.89(5061) 1 1 0.2578 (0.2578) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.4212 (0.1633) S>C TCP FIN 1 0.4225 (0.0013) C>S TCP FIN
Seems like snom doesn't offer compression methods...
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 16:07 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: AW: [SR-Users] TLS problems
I managed to have SNOM 320 registering at kamailio-3.0 via TLS. But I do not have any crashes (openssl 0.9.8g-15+lenny6).
Andreas, when does the crash happen exactly: during TLS handshake or afterwards (you can for example use "ssldump port 5061" to debug the TLS connection)?
regards klaus
Andreas Rehbein schrieb:
Hi Klaus,
until now (OpenSER 1.3.x without client verification) it was not
necessary
to import certs into snom. To force the snom to send Messages via tls, you need to insert something like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but
I'm
sure you already knew)
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 13:17 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA cert as trusted certificates, but TLS handshake is not successful. Is there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and
QjSimple.
regards Klaus
Hello Klaus,
I believe I've run into the same issue here:
0(21444) DEBUG: <core> [main.c:1559]: Expect maximum 2144 open fds 14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): mi_fifo 14(21473) DEBUG: <core> [sr_module.c:791]: DEBUG: init_mod_child (10): tm 14(21473) DEBUG: tm [callid.c:131]: DEBUG: callid: '6b17ba47-21473@127.0.0.1' 14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): usrloc 14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): registrar 14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): uri_db 14(21473) DEBUG: <core> [sr_module.c:791]: DEBUG: init_mod_child (10): ctl 14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): acc 14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): auth_db 14(21473) DEBUG: <core> [db.c:294]: connection 0x8292950 found in pool 14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): tls 14(21473) DEBUG: <core> [local_timer.c:67]: init_local_timer: timer_list between 0x82393e4 and 0x825b3e4 14(21473) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x8239220, 28, 1, (nil)), fd_no=0 17(21476) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection: 192.168.10.106 17(21476) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 2087, type 3 17(21476) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes: 201:2583:2549, 1 17(21476) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x8216fe0, 32, 2, 0xb60eb860), fd_no=24 17(21476) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8216fe0, 32, -1, 0x0) fd_no=25 called 17(21476) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1 17(21476) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 0 13(21472), 0xb60eb860 13(21472) DEBUG: <core> [tcp_read.c:884]: received n=4 con=0xb60eb860, fd=7 13(21472) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default> 17(21476) : <core> [pass_fd.c:283]: ERROR: receive_fd: EOF on 4 17(21476) DEBUG: <core> [tcp_main.c:3038]: DBG: handle_ser_child: dead child 13, pid 21472 (shutting down?) 17(21476) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8216fe0, 4, -1, 0x0) fd_no=24 called 17(21476) DEBUG: <core> [tcp_main.c:2826]: DBG: handle_tcp_child: dead tcp child 0 (pid 21472, no 13) (shutting down?) 17(21476) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8216fe0, 25, -1, 0x0) fd_no=23 called 0(21444) ALERT: <core> [main.c:722]: child process 21472 exited by a signal 11 0(21444) ALERT: <core> [main.c:725]: core was generated 0(21444) INFO: <core> [main.c:737]: INFO: terminating due to SIGCHLD 17(21476) INFO: <core> [main.c:788]: INFO: signal 15 received 10(21464) INFO: <core> [main.c:788]: INFO: signal 15 received 2(21449) INFO: <core> [main.c:788]: INFO: signal 15 received 1(21448) INFO: <core> [main.c:788]: INFO: signal 15 received 3(21450) INFO: <core> [main.c:788]: INFO: signal 15 received 4(21451) INFO: <core> [main.c:788]: INFO: signal 15 received 16(21475) INFO: <core> [main.c:788]: INFO: signal 15 received 15(21474) INFO: <core> [main.c:788]: INFO: signal 15 received 14(21473) INFO: <core> [main.c:788]: INFO: signal 15 received 9(21463) INFO: <core> [main.c:788]: INFO: signal 15 received 8(21461) INFO: <core> [main.c:788]: INFO: signal 15 received 7(21454) INFO: <core> [main.c:788]: INFO: signal 15 received 6(21453) INFO: <core> [main.c:788]: INFO: signal 15 received 5(21452) INFO: <core> [main.c:788]: INFO: signal 15 received 12(21471) INFO: <core> [main.c:788]: INFO: signal 15 received 11(21465) INFO: <core> [main.c:788]: INFO: signal 15 received 0(21444) DEBUG: usrloc [urecord.c:325]: Binding '20','sip:20@192.168.10.107:5060;transport=tcp;line=4c0o3xlb' has expired 0(21444) DEBUG: usrloc [urecord.c:325]: Binding '30','sip:30@192.168.10.108:5060;transport=tcp;line=7rz2j81s' has expired 0(21444) DEBUG: <core> [db_pool.c:102]: removing connection from the pool 0(21444) DEBUG: tm [t_funcs.c:122]: DEBUG: tm_shutdown : start 0(21444) DEBUG: tm [t_funcs.c:125]: DEBUG: tm_shutdown : emptying hash table 0(21444) DEBUG: tm [t_funcs.c:127]: DEBUG: tm_shutdown : removing semaphores 0(21444) DEBUG: tm [t_funcs.c:129]: DEBUG: tm_shutdown : destroying tmcb lists 0(21444) DEBUG: tm [t_funcs.c:132]: DEBUG: tm_shutdown : done 0(21444) DEBUG: tls [tls_init.c:621]: tls module final tls destroy 0(21444) DEBUG: <core> [mem/shm_mem.c:236]: shm_mem_destroy 0(21444) DEBUG: <core> [mem/shm_mem.c:239]: destroying the shared memory lock 0(21444) DEBUG: <core> [main.c:741]: terminating due to SIGCHLD
kamailio -V version: kamailio 3.0.0 (i386/linux) 6d1e9f flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. @(#) $Id$ main.c compiled on 15:09:49 Jan 29 2010 with gcc 4.1.2
Kamailio is setup with the default self-signed certificates, the telephone is snom 320 v7.3.30.
Best regards, Martin
-----Ursprüngliche Nachricht----- Von: sr-users-bounces@lists.sip-router.org [mailto:sr-users- bounces@lists.sip-router.org] Im Auftrag von Klaus Darilion Gesendet: Freitag, 22. Januar 2010 16:07 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: [SR-Users] TLS problems
I managed to have SNOM 320 registering at kamailio-3.0 via TLS. But I do not have any crashes (openssl 0.9.8g-15+lenny6).
Andreas, when does the crash happen exactly: during TLS handshake or afterwards (you can for example use "ssldump port 5061" to debug the TLS connection)?
regards klaus
Andreas Rehbein schrieb:
Hi Klaus,
until now (OpenSER 1.3.x without client verification) it was not
necessary
to import certs into snom. To force the snom to send Messages via tls, you need to insert
something
like "192.168.0.89:5061;transport=tls" in the outbound proxy field
(but I'm
sure you already knew)
regards Andreas
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 22. Januar 2010 13:17 An: Andreas Rehbein Cc: sr-users@lists.sip-router.org Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA cert as trusted certificates, but TLS handshake is not successful. Is there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and
QjSimple.
regards Klaus
sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Andreas Rehbein -
Klaus Darilion -
Martin Koenig