3 Apr
2007
3 Apr
'07
1:12 a.m.
I am using SER ottendorf with TLS protocol and have
the following issues. Does anybody experience similar
problems?
SER cannot run with the following setup in the
configuration file: (I follow this link to setup key
and certificate:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
modparam("tls", "private_key", "cakey.pem")
modparam("tls", "certificate", "cacert.pem")
modparam("tls", "ca_list", "calist.pem")
modparam("tls", "cipher_list", "HIGH");
With the last line commented out:
#modparam("tls", "cipher_list", "HIGH");
SER can start, but the tls connection cannot be
established. Network trace shows SER does not responde
to ClientHello sent by client.
Thanks,
Joy
____________________________________________________________________________________
Food fight? Enjoy some healthy debate
in the Yahoo! Answers Food & Drink Q&A.
http://answers.yahoo.com/dir/?link=list&sid=396545367
3 Apr
3 Apr
11:45 a.m.
Katty Xiong wrote:
I am using SER ottendorf with TLS protocol and have
the following issues. Does anybody experience similar
problems?
SER cannot run with the following setup in the
configuration file: (I follow this link to setup key
and certificate:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
modparam("tls", "private_key", "cakey.pem")
modparam("tls", "certificate", "cacert.pem")
modparam("tls", "ca_list", "calist.pem")
modparam("tls", "cipher_list", "HIGH");
You don't need that option unless you want to restrict thee
list of ciphers that are available. openssl uses all available
ciphers by default.
With the last line commented out:
#modparam("tls", "cipher_list", "HIGH");
SER can start, but the tls connection cannot be
established. Network trace shows SER does not responde
to ClientHello sent by client.
A couple of quick questions:
- Have you configured SER to listen on tls using listen parameter?
- Are you connecting to the right port (i.e. 5061 and not 5060) ?
Jan.
7:52 p.m.
Yes. I configured SER to listen on tls using
listen parameter.
listen=tls:199.199.2.50:5061
Actually from the system I can see TCP connection for
this tls is established. But somehow the tls process
does not responde to the ClientHello message.
thanks,
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
____________________________________________________________________________________
Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
http://farechase.yahoo.com/promo-generic-14795097
Katty Xiong wrote:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
I am using SER ottendorf with TLS protocol and
have
the following issues. Does anybody experience
similar
problems?
SER cannot run with the following setup in the
configuration file: (I follow this link to setup
key
and certificate:
modparam("tls", "private_key", "cakey.pem")
modparam("tls", "certificate", "cacert.pem")
modparam("tls", "ca_list", "calist.pem")
modparam("tls", "cipher_list", "HIGH");
You don't need that option unless you want to
restrict thee
list of ciphers that are available. openssl uses
all available
ciphers by default.
With the last line commented out:
#modparam("tls", "cipher_list", "HIGH");
SER can start, but the tls connection cannot be
established. Network trace shows SER does not
responde
to ClientHello sent by client.
A couple of quick questions:
- Have you configured SER to listen on tls using
listen parameter?
- Are you connecting to the right port (i.e. 5061
and not 5060) ?
Jan.
8:33 p.m.
Is there anything in syslog?
Jan.
Katty Xiong wrote:
Yes. I configured SER to listen on tls using
listen parameter.
listen=tls:199.199.2.50:5061
Actually from the system I can see TCP connection for
this tls is established. But somehow the tls process
does not responde to the ClientHello message.
thanks,
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
____________________________________________________________________________________
Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel
bargains.
http://farechase.yahoo.com/promo-generic-14795097
Katty Xiong wrote:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
I am using SER ottendorf with TLS protocol and
have
the following issues. Does anybody experience
similar
problems?
SER cannot run with the following setup in the
configuration file: (I follow this link to setup
key
> and certificate:
>
modparam("tls", "private_key", "cakey.pem")
modparam("tls", "certificate", "cacert.pem")
modparam("tls", "ca_list", "calist.pem")
modparam("tls", "cipher_list", "HIGH");
You
don't need that option unless you want to
restrict thee
list of ciphers that are available. openssl uses
all available
ciphers by default.
With the last line commented out:
#modparam("tls", "cipher_list", "HIGH");
SER can start, but the tls connection cannot be
established. Network trace shows SER does not
responde
to ClientHello sent by client.
A couple
of quick questions:
- Have you configured SER to listen on tls using
listen parameter?
- Are you connecting to the right port (i.e. 5061
and not 5060) ?
Jan.
8:45 p.m.
Hi,
Just out of quriousity or how you write it..
How did you compile ser? and hw did you make your certificates?
did you do : make install TLS=1 ?
- Atle
* Jan Janak <jan(a)iptel.org> [070403 19:34]:
Is there anything in syslog?
Jan.
Katty Xiong wrote:
Yes. I configured SER to listen on tls using
listen parameter.
listen=tls:199.199.2.50:5061
Actually from the system I can see TCP connection for
this tls is established. But somehow the tls process
does not responde to the ClientHello message.
thanks,
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
____________________________________________________________________________________
Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel
bargains.
http://farechase.yahoo.com/promo-generic-14795097
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers Katty Xiong wrote:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
I am using SER ottendorf with TLS protocol and
have
the following issues. Does anybody experience
similar
problems?
SER cannot run with the following setup in the
configuration file: (I follow this link to setup
key
> and certificate:
>
modparam("tls", "private_key", "cakey.pem")
modparam("tls", "certificate", "cacert.pem")
modparam("tls", "ca_list", "calist.pem")
modparam("tls", "cipher_list", "HIGH");
You
don't need that option unless you want to
restrict thee
list of ciphers that are available. openssl uses
all available
ciphers by default.
With the last line commented out:
#modparam("tls", "cipher_list", "HIGH");
SER can start, but the tls connection cannot be
established. Network trace shows SER does not
responde
to ClientHello sent by client.
A couple
of quick questions:
- Have you configured SER to listen on tls using
listen parameter?
- Are you connecting to the right port (i.e. 5061
and not 5060) ?
Jan.
10:32 p.m.
I compile SER using: gmake TLS_HOOKS=1. I can see
tls.so is generated in the tls directory. I follow the
link to generate certificate:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
thanks,
Joy
--- Atle Samuelsen <clona(a)cyberhouse.no> wrote:
____________________________________________________________________________________
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
____________________________________________________________________________________
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/
Hi,
Just out of quriousity or how you write it..
How did you compile ser? and hw did you make your
certificates?
did you do : make install TLS=1 ?
- Atle
* Jan Janak <jan(a)iptel.org> [070403 19:34]:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
Is there anything in syslog?
Jan.
Katty Xiong wrote:
>
> Yes. I configured SER to listen on tls using
> listen parameter.
>
> listen=tls:199.199.2.50:5061
>
> Actually from the system I can see TCP
connection for
> this tls is established. But somehow the tls
process
> does not responde to the ClientHello
message.
>
> thanks,
> Joy
>
>
> --- Jan Janak <jan(a)iptel.org> wrote:
>
>> Katty Xiong wrote:
>>> I am using SER ottendorf with TLS protocol and
>> have
>>> the following issues. Does anybody experience
>> similar
>>> problems?
>>>
>>> SER cannot run with the following setup in the
>>> configuration file: (I follow this link to
setup
>> key
>>> and certificate:
>>>
>
>>>
modparam("tls", "private_key", "cakey.pem")
>>> modparam("tls", "certificate", "cacert.pem")
>>> modparam("tls", "ca_list", "calist.pem")
>>> modparam("tls", "cipher_list", "HIGH");
>> You don't need that option unless you want to
>> restrict thee
>> list of ciphers that are available. openssl
uses
>> all available
>> ciphers by default.
>>
>>> With the last line commented out:
>>> #modparam("tls", "cipher_list", "HIGH");
>>> SER can start, but the tls connection cannot
be
>>> established. Network trace shows SER
does not
>> responde
>>> to ClientHello sent by client.
>> A couple of quick questions:
>>
>> - Have you configured SER to listen on tls
using
>> listen parameter?
>> - Are you connecting to the right port (i.e.
5061
>> and not 5060) ?
>>
>> Jan.
>>
>
>
>
>
>
> Finding
fabulous fares is fun.
> Let Yahoo! FareChase search your favorite travel
sites to find flight and
hotel bargains.
>
http://farechase.yahoo.com/promo-generic-14795097
10:48 p.m.
No, I didn't see anything related with SER in syslog.
But after I start SER, there is something strange on
the screen:
TLS<default>:cipher_list='
It shows only a single quote. This line seems to me
that the cipher list is not set up.
I am using the SER2.0.0+cvs20070315.
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
____________________________________________________________________________________
____________________________________________________________________________________
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html
Is there anything in syslog?
Jan.
Katty Xiong wrote:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
Yes. I configured SER to listen on tls using
listen parameter.
listen=tls:199.199.2.50:5061
Actually from the system I can see TCP connection
for
this tls is established. But somehow the tls
process
does not responde to the ClientHello message.
thanks,
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
Katty Xiong wrote:
I am using SER ottendorf with TLS protocol and
have
the following issues. Does anybody experience
similar
problems?
SER cannot run with the following setup in the
configuration file: (I follow this link to setup
key
> and certificate:
> >>
modparam("tls", "private_key", "cakey.pem")
>> modparam("tls", "certificate", "cacert.pem")
>> modparam("tls", "ca_list", "calist.pem")
>> modparam("tls", "cipher_list", "HIGH");
> You don't need that option unless you want to
> restrict thee
> list of ciphers that are available. openssl
uses
> all available
> ciphers by default.
>
>> With the last line commented out:
>> #modparam("tls", "cipher_list", "HIGH");
>> SER can start, but the tls connection cannot be
>> established. Network trace shows SER does not
> responde
>> to ClientHello sent by client.
> A couple of quick questions:
>
> - Have you configured SER to listen on tls
using
> listen parameter?
> - Are you connecting to the right port (i.e.
5061
and not
5060) ?
Jan.
Finding
fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel
sites to find flight and hotel
bargains.
4 Apr
4 Apr
2:17 a.m.
After I dig a bit, it seems the problem is related
with certificate.
When I comment out the line in the configuration file,
#modparam("tls", "cipher_list", "HIGH");
fill_missing (in tls_domain.c) returns -1 since the
following condition becomes true.
193 if (!d->cipher_list &&
194 shm_asciiz_dup(&d->cipher_list,
parent->cipher_list) < 0) return -1;
195 LOG(L_INFO, "%s: cipher_list='%s'\n",
tls_domain_str(d), d->cipher_list);
So though SER starts, certificate and private key is
not loaded.
To avoid this issue, I set up the cipher_list to HIGH.
But somehow, SER complains that:
tls_domain.c:229: Unable to load certificate file
tls_domain.c:230 load_cert:error...
So I guess there is something wrong with the
certificate. What I did is as follows. Could you check
if I made mistakes in generating CA?
1. Create CA private key
#openssl genrsa -out ./private/cakey.pem 2048
2. Create self-signed certificate
#openssl req -out ./cacert.pem -x509 -new -key
./private/cakey.pem
3. Create a certificate request
#openssl req -out ser1_cert_req.pem -new -nodes
4. Sign it with the CA certificate
#openssl ca -in ser1_cert_req.pem -out ser1_cert.pem
5. Copy ser1_cert.pem and privkey.pem to ser
configuration directory
thanks,
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
____________________________________________________________________________________
____________________________________________________________________________________
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/
Is there anything in syslog?
Jan.
Katty Xiong wrote:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
Yes. I configured SER to listen on tls using
listen parameter.
listen=tls:199.199.2.50:5061
Actually from the system I can see TCP connection
for
this tls is established. But somehow the tls
process
does not responde to the ClientHello message.
thanks,
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
Katty Xiong wrote:
I am using SER ottendorf with TLS protocol and
have
the following issues. Does anybody experience
similar
problems?
SER cannot run with the following setup in the
configuration file: (I follow this link to setup
key
> and certificate:
> >>
modparam("tls", "private_key", "cakey.pem")
>> modparam("tls", "certificate", "cacert.pem")
>> modparam("tls", "ca_list", "calist.pem")
>> modparam("tls", "cipher_list", "HIGH");
> You don't need that option unless you want to
> restrict thee
> list of ciphers that are available. openssl
uses
> all available
> ciphers by default.
>
>> With the last line commented out:
>> #modparam("tls", "cipher_list", "HIGH");
>> SER can start, but the tls connection cannot be
>> established. Network trace shows SER does not
> responde
>> to ClientHello sent by client.
> A couple of quick questions:
>
> - Have you configured SER to listen on tls
using
> listen parameter?
> - Are you connecting to the right port (i.e.
5061
and not
5060) ?
Jan.
Finding
fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel
sites to find flight and hotel
bargains.
3:21 a.m.
New subject: It's working Re: [Serusers] SER with TLS
I replace the function
SSL_CTX_use_certificate_chain_file() with
SSL_CTX_use_certificate_file() in tls_domain.c, and
it's working now.
227 //if
(!SSL_CTX_use_certificate_chain_file(d->ctx[i],
d->cert_file)) {
228 if
(!SSL_CTX_use_certificate_file(d->ctx[i],
d->cert_file, SSL_FILETYPE_PEM)) {
For SSL_CTX_use_certificate_chain_file(), I tried
different CA, it didn't work.
thanks,
Joy
--- Katty Xiong <cyyxiong(a)yahoo.com> wrote:
be
____________________________________________________________________________________
http://farechase.yahoo.com/promo-generic-14795097
____________________________________________________________________________________
After I dig a bit, it seems the problem is related
with certificate.
When I comment out the line in the configuration
file,
#modparam("tls", "cipher_list", "HIGH");
fill_missing (in tls_domain.c) returns -1 since the
following condition becomes true.
193 if (!d->cipher_list &&
194 shm_asciiz_dup(&d->cipher_list,
parent->cipher_list) < 0) return -1;
195 LOG(L_INFO, "%s: cipher_list='%s'\n",
tls_domain_str(d), d->cipher_list);
So though SER starts, certificate and private key is
not loaded.
To avoid this issue, I set up the cipher_list to
HIGH.
But somehow, SER complains that:
tls_domain.c:229: Unable to load certificate file
tls_domain.c:230 load_cert:error...
So I guess there is something wrong with the
certificate. What I did is as follows. Could you
check
if I made mistakes in generating CA?
1. Create CA private key
#openssl genrsa -out ./private/cakey.pem 2048
2. Create self-signed certificate
#openssl req -out ./cacert.pem -x509 -new -key
./private/cakey.pem
3. Create a certificate request
#openssl req -out ser1_cert_req.pem -new -nodes
4. Sign it with the CA certificate
#openssl ca -in ser1_cert_req.pem -out ser1_cert.pem
5. Copy ser1_cert.pem and privkey.pem to ser
configuration directory
thanks,
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
Is there anything in syslog?
Jan.
Katty Xiong wrote:
>
> Yes. I configured SER to listen on tls using
> listen parameter.
>
> listen=tls:199.199.2.50:5061
>
> Actually from the system I can see TCP
connection
for
setup
this tls is established. But somehow the tls
process
> does not responde to the ClientHello message.
>
> thanks,
> Joy
>
>
> --- Jan Janak <jan(a)iptel.org> wrote:
>
>> Katty Xiong wrote:
>>> I am using SER ottendorf with TLS protocol and
>> have
>>> the following issues. Does anybody experience
>> similar
>>> problems?
>>>
>>> SER cannot run with the following setup in the
>>> configuration file: (I follow this link to key
> and certificate:
>
>> modparam("tls",
"private_key", "cakey.pem")
>> modparam("tls", "certificate", "cacert.pem")
>> modparam("tls", "ca_list", "calist.pem")
>> modparam("tls", "cipher_list", "HIGH");
> You don't need that option unless you want to
> restrict thee
> list of ciphers that are available. openssl
uses
>> all available
>> ciphers by default.
>>
>>> With the last line commented out:
>>> #modparam("tls", "cipher_list", "HIGH");
>>> SER can start, but the tls connection cannot >>
established. Network trace shows SER does not
> responde
>> to ClientHello sent by client.
> A couple of quick questions:
>
> - Have you configured SER to listen on tls
using
> listen parameter?
> - Are you connecting to the right port (i.e.
5061
and not
5060) ?
Jan.
Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel
sites to find flight and hotel
bargains.
> Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos'
Green Center.
http://autos.yahoo.com/green_center/
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
____________________________________________________________________________________
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097
11:21 a.m.
New subject: It's working Re: [Serusers] SER with TLS
Thanks a lot! I have to retest the code again. Could you do me a favor
and send me (privately) your configuration file?
Jan.
Katty Xiong wrote:
I replace the function
SSL_CTX_use_certificate_chain_file() with
SSL_CTX_use_certificate_file() in tls_domain.c, and
it's working now.
227 //if
(!SSL_CTX_use_certificate_chain_file(d->ctx[i],
d->cert_file)) {
228 if
(!SSL_CTX_use_certificate_file(d->ctx[i],
d->cert_file, SSL_FILETYPE_PEM)) {
For SSL_CTX_use_certificate_chain_file(), I tried
different CA, it didn't work.
thanks,
Joy
--- Katty Xiong <cyyxiong(a)yahoo.com> wrote:
be
>>>> established. Network trace shows SER does not
>>> responde
>>>> to ClientHello sent by client.
>>> A couple of quick questions:
>>>
>>> - Have you configured SER to listen on tls
> using
>>> listen parameter?
>>> - Are you connecting to the right port (i.e.
> 5061
>>> and not 5060) ?
>>>
>>> Jan.
>>>
>>
>>
>>
>>
____________________________________________________________________________________
http://farechase.yahoo.com/promo-generic-14795097
____________________________________________________________________________________
After I dig a bit, it seems the problem is
related
with certificate.
When I comment out the line in the configuration
file,
#modparam("tls", "cipher_list", "HIGH");
fill_missing (in tls_domain.c) returns -1 since the
following condition becomes true.
193 if (!d->cipher_list &&
194 shm_asciiz_dup(&d->cipher_list,
parent->cipher_list) < 0) return -1;
195 LOG(L_INFO, "%s: cipher_list='%s'\n",
tls_domain_str(d), d->cipher_list);
So though SER starts, certificate and private key is
not loaded.
To avoid this issue, I set up the cipher_list to
HIGH.
But somehow, SER complains that:
tls_domain.c:229: Unable to load certificate file
tls_domain.c:230 load_cert:error...
So I guess there is something wrong with the
certificate. What I did is as follows. Could you
check
if I made mistakes in generating CA?
1. Create CA private key
#openssl genrsa -out ./private/cakey.pem 2048
2. Create self-signed certificate
#openssl req -out ./cacert.pem -x509 -new -key
./private/cakey.pem
3. Create a certificate request
#openssl req -out ser1_cert_req.pem -new -nodes
4. Sign it with the CA certificate
#openssl ca -in ser1_cert_req.pem -out ser1_cert.pem
5. Copy ser1_cert.pem and privkey.pem to ser
configuration directory
thanks,
Joy
--- Jan Janak <jan(a)iptel.org> wrote:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README…)
Is there anything in syslog?
Jan.
Katty Xiong wrote:
> Yes. I configured SER to listen on tls using
> listen parameter.
>
> listen=tls:199.199.2.50:5061
>
> Actually from the system I can see TCP
connection
for
setup
>>> key
>>>> and certificate:
>>>> this tls is established. But somehow the tls
process
> does not responde to the ClientHello message.
>
> thanks,
> Joy
>
>
> --- Jan Janak <jan(a)iptel.org> wrote:
>
>> Katty Xiong wrote:
>>> I am using SER ottendorf with TLS protocol and
>> have
>>> the following issues. Does anybody experience
>> similar
>>> problems?
>>>
>>> SER cannot run with the following setup in the
>>> configuration file: (I follow this link to >> modparam("tls",
"private_key", "cakey.pem")
>> modparam("tls", "certificate", "cacert.pem")
>> modparam("tls", "ca_list", "calist.pem")
>> modparam("tls", "cipher_list", "HIGH");
> You don't need that option unless you want to
> restrict thee
> list of ciphers that are available. openssl
uses
>> all available
>> ciphers by default.
>>
>>> With the last line commented out:
>>> #modparam("tls", "cipher_list", "HIGH");
>>> SER can start, but the tls connection cannot Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel
sites to find flight and hotel
bargains. Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos'
Green Center.
http://autos.yahoo.com/green_center/
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
____________________________________________________________________________________
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097
6448
days inactive
6450
days old
9 comments
3 participants
participants (3)
-
Atle Samuelsen -
Jan Janak -
Katty Xiong