[SR-Users] Setting up TLS between proxy and authentication server

Andrei Pelinescu-Onciul andrei at iptel.org
Fri Aug 20 12:35:25 CEST 2010


On Aug 20, 2010 at 12:32, Andrei Pelinescu-Onciul <andrei at iptel.org> wrote:
> On Aug 20, 2010 at 10:18, Couprie Geoffroy <geoffroy.couprie at atosorigin.com> wrote:
> > Hello,
> > 
> > I am testing TLS communication with Kamailio 3.0.2, and I encounter a strange problem. My setup is like this:
> > 
> > Client      <-UDP->  Proxy server <- TLS with client certificate authentication -> Authentication server
> > 192.168.24.1            192.168.24.128                                                                                           192.168.24.129
> > 
> > The two servers are instance of Kamailio 3.0.2
> > 
> > When the client sends a REGISTER, the proxy retransmits the message to the authentication server, which sends back a 401 Unauthorized. But it seems the proxy closes the TLS connexion right after forwarding the REGISTER, and doesn't receive the 401 message. The TLS handshake is OK, and the client certificate is required (I didn't add the verification part yet). The REGISTER message goes through TLS, and is received by the authentication server. Then, the proxy sends a TLS alert (Close-notify), and after that message, the authentication server sends back the 401, and the proxy ignores that message.
> > 
> > Could it be caused by a timeout? Is there a way to keep the TLS connection opened?
> 
> It looks like a bug.
> Could you try the attached patch and report back if it fixes the
> problem?

Sorry, forgot to actually attach it. Here it is.

Andrei


More information about the sr-users mailing list