[Serusers] tls, xlog and select framework syntax
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Feb 23 11:58:25 CET 2006
Hi Michal!
I've update my CVS copy and now xlog with @tls works. But I've found a
new problem:
This works fine:
xlog("L_ERR","@tls = %@tls (String description of the TLS
layer)\n");
This causes a bug when starting ser:
xlog("L_ERR","@tls.peer = %@tls.peer (Peer certificate subject common
name)\n");
I've attached the relevant log output when parsing these two xlog
statements. I do not know if this is a bug in xlog or tls module.
regards
klaus
Michal Matyska wrote:
> Hi again,
>
> I've done TLS setup and it seems everything is working for me. I used
> this ser.cfg file:
> route{
> log("L_E","@tls=%@tls \n");
> if (dst_port==5060) {
> forward_tls(127.0.0.1,5061);
> } else {
> sl_send_reply("404","Not found");
> }
> }
>
> sent one message to the UDP port and got this as output:
> 2(5862) ERROR: tls_select.c:68: Transport protocol is not TLS (bug in config)
> 2(5862) INFO: tls_select.c:226: TLS connection not found in select_desc
> 2(5862) @tls=
> 11(5871) tls_accept: new connection from 127.0.0.1:52820 using TLSv1/SSLv3 AES256-SHA 256
> 11(5871) tls_accept: local socket: 127.0.0.1:5061
> 11(5871) tls_accept: client did not present a certificate
> 2(5862) tls_connect: new connection to 127.0.0.1:5061 using TLSv1/SSLv3 AES256-SHA 256
> 2(5862) tls_connect: sending socket: 127.0.0.1:5061
> 2(5862) tls_connect: server certificate subject:/C=CT/ST=SipUserland/O=SipSerUser/OU=HumanBeing/CN=Alice/emailAddress=alice at sipuser.org
> 2(5862) tls_connect: server certificate issuer:/CN=SER.Certs.Inc/ST=SipLand/C=NL/emailAddress=cesc at sipland.sl/O=CA.ffeine Inc./OU=Certification Services
> 2(5862) WARNING: tls_connect: server certificate verification failed!!!
> 2(5862) verification failure: unable to get local issuer certificate
> 11(5871) @tls=AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
>
> Try to update your sources from CVS, cross your fingers and run it again.
> In case of troubles increase the debug level and post output.
>
> Michal
>
> On Wed, Feb 22, 2006 at 09:48:27PM +0100, Michal Matyska wrote:
>> Hi,
>>
>> yes it should work that way. Do you use the latest CVS version? I'll
>> reply myself, yes you do, you'd get "ERROR: wrong format" in case if
>> not.
>>
>> As I don't have TLS set up, could you please try to use other tls
>> selects (tls.my.name etc.) in the xlog vs. avp and send me output of
>> that?
>>
>> Michal
>>
>> On Wed, Feb 22, 2006 at 07:33:08PM +0100, Klaus Darilion wrote:
>>> Hi!
>>>
>>> I want to log some TLS parameters. I've tried:
>>> xlog("L_ERR","@tls = %@tls (String description of the TLS layer)\n");
>>>
>>> but all I get is:
>>> ser[20222]: @tls = <null>tls (String description of the TLS layer)
>>>
>>> using avps it works:
>>> %avp1=@tls;
>>> print_sattr("avp1");
>>> xlog("L_ERR","avp1 = %$avp1\n");
>>>
>>>
>>> What is the correct syntax for using the select framework?
>>>
>>> thanks
>>> klaus
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xlog-parser.txt
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060223/2c42a6d5/attachment.txt>
More information about the sr-users
mailing list