[Serusers] tls, xlog and select framework syntax

Klaus Darilion klaus.mailinglists at pernau.at
Thu Feb 23 11:58:25 CET 2006 

Hi Michal!

I've update my CVS copy and now xlog with @tls works. But I've found a 
new problem:

This works fine:
xlog("L_ERR","@tls      = %@tls      (String description of the TLS 
layer)\n");

This causes a bug when starting ser:
xlog("L_ERR","@tls.peer = %@tls.peer (Peer certificate subject common 
name)\n");

I've attached the relevant log output when parsing these two xlog 
statements. I do not know if this is a bug in xlog or tls module.

regards
klaus



Michal Matyska wrote:
> Hi again,
> 
> I've done TLS setup and it seems everything is working for me. I used
> this ser.cfg file:
> route{
> 	log("L_E","@tls=%@tls \n");
> 	if (dst_port==5060) {
>         forward_tls(127.0.0.1,5061);
> 	} else {
>         sl_send_reply("404","Not found");
> 	}
> }
> 
> sent one message to the UDP port and got this as output:
>  2(5862) ERROR: tls_select.c:68: Transport protocol is not TLS (bug in  config)
>  2(5862) INFO: tls_select.c:226: TLS connection not found in select_desc 
>  2(5862) @tls=
> 11(5871) tls_accept: new connection from 127.0.0.1:52820 using TLSv1/SSLv3 AES256-SHA 256
> 11(5871) tls_accept: local socket: 127.0.0.1:5061
> 11(5871) tls_accept: client did not present a certificate
>  2(5862) tls_connect: new connection to 127.0.0.1:5061 using TLSv1/SSLv3 AES256-SHA 256
>  2(5862) tls_connect: sending socket: 127.0.0.1:5061
>  2(5862) tls_connect: server certificate subject:/C=CT/ST=SipUserland/O=SipSerUser/OU=HumanBeing/CN=Alice/emailAddress=alice at sipuser.org
>  2(5862) tls_connect: server certificate issuer:/CN=SER.Certs.Inc/ST=SipLand/C=NL/emailAddress=cesc at sipland.sl/O=CA.ffeine Inc./OU=Certification Services
>  2(5862) WARNING: tls_connect: server certificate verification failed!!!
>  2(5862) verification failure: unable to get local issuer certificate
> 11(5871) @tls=AES256-SHA              SSLv3 Kx=RSA      Au=RSA     Enc=AES(256)  Mac=SHA1
> 
> Try to update your sources from CVS, cross your fingers and run it again.
> In case of troubles increase the debug level and post output.
> 
> Michal
> 
> On Wed, Feb 22, 2006 at 09:48:27PM +0100, Michal Matyska wrote:
>> Hi,
>>
>> yes it should work that way. Do you use the latest CVS version? I'll
>> reply myself, yes you do, you'd get "ERROR: wrong format" in case if
>> not.
>>
>> As I don't have TLS set up, could you please try to use other tls
>> selects (tls.my.name etc.) in the xlog vs. avp and send me output of
>> that?
>>
>> Michal
>>
>> On Wed, Feb 22, 2006 at 07:33:08PM +0100, Klaus Darilion wrote:
>>> Hi!
>>>
>>> I want to log some TLS parameters. I've tried:
>>>   xlog("L_ERR","@tls = %@tls (String description of the TLS layer)\n");
>>>
>>> but all I get is:
>>>   ser[20222]: @tls = <null>tls (String description of the TLS layer)
>>>
>>> using avps it works:
>>>   %avp1=@tls;
>>>   print_sattr("avp1");
>>>   xlog("L_ERR","avp1 = %$avp1\n");
>>>
>>>
>>> What is the correct syntax for using the select framework?
>>>
>>> thanks
>>> klaus
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xlog-parser.txt
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060223/2c42a6d5/attachment.txt>

More information about the sr-users mailing list