[Serusers] Re: Testing SIPS with minisip and openSER

Cesc cesc.santa at gmail.com
Tue Mar 21 13:06:51 CET 2006 

On 3/21/06, Christoph Fürstaller <christoph.fuerstaller at kurtkrenn.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Cesc,
>
> I finally managed it to connect minisip to openSER.
Can you tell us what the problem was? just in case others come across
the same problem again ... tks!

>But I get new Errors
> when I try to Register or try to call another phone:
>
If you established the tls correctly ... and according to the ser
debug log it seems that it reads correctly the sip message. The
problem is when processing it ... so i tend to think that you have
either an error in your ser.cfg file or that you found a bug in ser
(maybe caused by something minisip does ... but i dont know).
I forwarded the email to ser list ... i think it is more appropriate.


> I appended the debug output from openSER
>
>
> It looks like the tls connection is beeing estables, then SER checks
> against the cfg and found an Error. That this is not SIP?
>
> Have you got any idea what that could be?
>
> Would be nice if you can help me.
>
> chris...
>
>
> Cesc wrote:
> > Hi Christoph,
> >
> > Have you added the root certificate to minisip, in the "Certificate
> > authorities" certificates preferences?
> > If so, you have noted that you can add it in different ways (file,
> > folder, chain file ... ) ... try each of them ... i think the last
> > time i tried, not all of them actually worked ... can you report back
> > if this helped, and which one worked?
> >
> > Also, what kind of auth do you have set up in ser/openser? do you
> > require client certificates? did you add it to minisip if so?
> >
> > Regards,
> >
> > Cesc
> >
> > On 3/21/06, Christoph Fürstaller <christoph.fuerstaller at kurtkrenn.com> wrote:
> >
> > Hi all,
> >
> > I've set up OpenSER with TLS support and want to test it with minisip.
> > But whenever I try to connect minisip to SER i get the following error:
> >
> > SSL: connect failed
> > 8338:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> > verify failed:s3_clnt.c:844:
> > SipMessageTransport: sendMessage: exception thrown!
> > SipMessageTransport: sendMessage: creating new socket
> > IP4Address(string): testcenter (192.168.20.156)
> >
> > SSLdump gives me that output (without client siper suites):
> >
> > 1 1  0.0008 (0.0008)  C>S SSLv2 compatible client hello
> >   Version 3.1
> >   cipher suites
> > 1 2  0.0025 (0.0016)  S>CV3.1(74)  Handshake
> >       ServerHello
> >         Version 3.1
> >         random[32]=
> >           44 1f ba f6 a9 a9 a7 c5 1a 2f 49 3b ce 05 e7 cb
> >           da d6 11 96 09 58 52 c9 84 0d 08 65 a4 68 77 b6
> >         session_id[32]=
> >           6c 14 5e 88 28 2f 34 9a 98 21 8b ad 82 6c 2d 5f
> >           12 f9 f9 35 7b e3 99 db 50 13 38 c1 2a 0a 71 22
> >         cipherSuite         Unknown value 0x35
> >         compressionMethod                   NULL
> > 1 3  0.0025 (0.0000)  S>CV3.1(476)  Handshake
> >       Certificate
> > 1 4  0.0025 (0.0000)  S>CV3.1(4)  Handshake
> >       ServerHelloDone
> > 1 5  0.0816 (0.0790)  C>SV3.1(2)  Alert
> >     level           fatal
> >     value           unknown_ca
> > 1    0.0827 (0.0011)  S>C  TCP FIN
> > 1    0.0828 (0.0000)  C>S  TCP RST
> >
> >
> > So, minisip is complaining about the ca certificate. This certificate is
> > a self created self signing cert. With this I signed the cert for SER
> > and minisip. So that should be fine? Des Minisip doesn't allow self
> > signing ca certs?
> >
> > I also tested SER with sipp via tls and this is fine. So I think openSER
> > should be working well?
> >
> > Would be great if someone can give me some help.
> >
> > Chris...
> _______________________________________________
> Minisip-users mailing list
> Minisip-users at minisip.org
> http://lists.minisip.org/mailman/listinfo/minisip-users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFEH+OcR0exH8dhr/YRAsWqAKDdCibAGatUTqOsK4TckUedpAgkcQCgpeRU
> /nWke36z3mi59gevwF+1XKQ=
> =k8N+
> -----END PGP SIGNATURE-----
>
>
> 7(11894) tcpconn_new: new tcp connection to: 192.168.20.130
>  7(11894) tcpconn_new: on port 35957, type 3
>  7(11894) tls_tcpconn_init: Entered: Creating a whole new ssl connection
>  7(11894) tls_tcpconn_init: Looking up tls domain [192.168.20.156:5061]
>  7(11894) tls_tcpconn_init: Using default tls settings
>  7(11894) tls_tcpconn_init: Setting in ACCEPT mode (server)
>  7(11894) tcpconn_add: hashes: 181, 2
>  7(11894) tcp_main_loop: new connection: 0x405b4b90 19
>  7(11894) send2child: to tcp child 0 3(11880), 0x405b4b90
>  3(11880) received n=4 con=0x405b4b90, fd=14
>  3(11880) tls_update_fd: New fd is 14
>  3(11880) tls_update_fd: New fd is 14
>  3(11880) tls_accept: TLS handshake successful
>  3(11880) tls_update_fd: New fd is 14
>  3(11880) tls_update_fd: New fd is 14
>  3(11880) _tls_read: 403 bytes read
>  3(11880) tcp_read_req: content-length= 0
>  3(11880) SIP Request:
>  3(11880)  method:  <REGISTER>
>  3(11880)  uri:     <sip:192.168.20.156>
>  3(11880)  version: <SIP/2.0>
>  3(11880) parse_headers: flags=2
>  3(11880) DEBUG:parse_to:end of header reached, state=9
>  3(11880) DEBUG: get_hdr_field: <To> [28]; uri=[sip:chris at 192.168.20.156]
>  3(11880) DEBUG: to body [<sip:chris at 192.168.20.156>
> ]
>  3(11880) get_hdr_field: cseq <CSeq>: <601> <REGISTER>
>  3(11880) Found param type 232, <branch> = <z9hG4bK1327458630>; state=16
>  3(11880) end of header reached, state=5
>  3(11880) parse_headers: Via found, flags=2
>  3(11880) parse_headers: this is the first via
>  3(11880) After parse_msg...
>  3(11880) preparing to run routing scripts...
>  3(11880) DEBUG:maxfwd:is_maxfwd_present: value = 70
>  3(11880) parse_headers: flags=200
>  3(11880) is_preloaded: Yes
>  3(11880) grep_sock_info - checking if host==us: 14==14 &&  [192.168.20.156] == [192.168.20.156]
>  3(11880) grep_sock_info - checking if port 5061 matches port 5061
>  3(11880) after_loose: Topmost route URI: 'sip:192.168.20.156:5061;transport=TLS;lr' is me
>  3(11880) parse_headers: flags=200
>  3(11880) DEBUG: get_hdr_body : content_length=0
>  3(11880) found end of header
>  3(11880) find_next_route: No next Route HF found
>  3(11880) after_loose: No next URI found
>  3(11880) grep_sock_info - checking if host==us: 14==14 &&  [192.168.20.156] == [192.168.20.156]
>  3(11880) grep_sock_info - checking if port 5061 matches port 5060
>  3(11880) check_self: host != me
>  3(11880) parse_headers: flags=ffffffffffffffff
>  3(11880) DEBUG: t_newtran: msg id=3 , global msg id=2 , T on entrance=0xffffffff
>  3(11880) parse_headers: flags=ffffffffffffffff
>  3(11880) parse_headers: flags=78
>  3(11880) t_lookup_request: start searching: hash=19221, isACK=0
>  3(11880) DEBUG: RFC3261 transaction matching failed
>  3(11880) DEBUG: t_lookup_request: no transaction found
>  3(11880) DEBUG: mk_proxy: doing DNS lookup...
>  3(11880) ERROR:tm:add_uac: can't fwd to af 2, proto 1  (no corresponding listening socket)
>  3(11880) ERROR:tm:t_forward_nonack: failure to add branches
>  3(11880) ERROR:tm:t_relay_to:  t_forward_nonack returned error
>  3(11880) parse_headers: flags=ffffffffffffffff
>  3(11880) check_via_address(192.168.20.130, 192.168.20.130, 3)
>  3(11880) WARNING:vqm_resize: resize(0) called
>  3(11880) DEBUG: cleanup_uac_timers: RETR/FR timers reset
>  3(11880) DEBUG: add_to_tail_of_timer[2]: 0x405dc5c0
>  3(11880) tcp_send: tcp connection found (0x405b4b90), acquiring fd
>  3(11880) tcp_send, c= 0x405b4b90, n=8
>  7(11894) tcp_main_loop: read response= 405b4b90, 1 from 3 (11880)
>  3(11880) tcp_send: after receive_fd: c= 0x405b4b90 n=4 fd=15
>  3(11880) tcp_send: sending...
>  3(11880) tls_update_fd: New fd is 15
>  3(11880) tls_write: Write was successful (530 bytes)
>  3(11880) tcp_send: after write: c= 0x405b4b90 n=530 fd=15
>  3(11880) tcp_send: buf=
> SIP/2.0 500 I'm terribly sorry, server error occurred (7/TM)
> From: <sip:chris at 192.168.20.156>
> To: <sip:chris at 192.168.20.156>;tag=ddf051b13744e2e8329237e95d7a9ade-7b3d
> Call-ID: 407398382 at 192.168.20.130
> CSeq: 601 REGISTER
> Via: SIP/2.0/TLS 192.168.20.130:15061;branch=z9hG4bK1327458630
> Server: OpenSer (1.0.0-tls (i386/linux))
> Content-Length: 0
> Warning: 392 192.168.20.156:5061 "Noisy feedback tells:  pid=11880 req_src_ip=192.168.20.130 req_src_port=35957 in_uri=sip:192.168.20.156 out_uri=sip:192.168.20.156 via_cnt==1"
>
>
>  3(11880) DEBUG:tm:_reply_light: reply sent out. buf=0x811a978: SIP/2.0 5..., shmem=0x405d9750: SIP/2.0 5
>  3(11880) DEBUG:tm:_reply_light: finished
>  3(11880) ERROR: generation of a stateful reply on error succeeded
>  3(11880) DEBUG:destroy_avp_list: destroying list (nil)
>  3(11880) receive_msg: cleaning up
>  2(11878) DEBUG: timer routine:2,tl=0x405dc5c0 next=(nil)
>  2(11878) DEBUG: wait_handler : removing 0x405dc578 from table
>  2(11878) DEBUG: delete transaction 0x405dc578
>  2(11878) DEBUG: wait_handler : done
>  3(11880) tcp_receive_loop: 0x405b4b90 expired (172, 173)
>  3(11880) releasing con 0x405b4b90, state 0, fd=14, id=2
>  3(11880)  extra_data 0x4042fd70
>  7(11894) tcp_main_loop: reader response= 405b4b90, 0 from 0
>  7(11894) tcp_main_loop: CONN_RELEASE  0x405b4b90 refcnt= 0
>
>
>

More information about the sr-users mailing list