[SR-Users] TLS problems
Martin Koenig
koenig at starface.de
Fri Jan 29 17:27:36 CET 2010
Hello Klaus,
I believe I've run into the same issue here:
0(21444) DEBUG: <core> [main.c:1559]: Expect maximum 2144 open fds
14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10):
mi_fifo
14(21473) DEBUG: <core> [sr_module.c:791]: DEBUG: init_mod_child (10): tm
14(21473) DEBUG: tm [callid.c:131]: DEBUG: callid:
'6b17ba47-21473 at 127.0.0.1'
14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10):
usrloc
14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10):
registrar
14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10):
uri_db
14(21473) DEBUG: <core> [sr_module.c:791]: DEBUG: init_mod_child (10): ctl
14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): acc
14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10):
auth_db
14(21473) DEBUG: <core> [db.c:294]: connection 0x8292950 found in pool
14(21473) DEBUG: <core> [sr_module.c:807]: DEBUG: init_mod_child (10): tls
14(21473) DEBUG: <core> [local_timer.c:67]: init_local_timer: timer_list
between 0x82393e4 and 0x825b3e4
14(21473) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x8239220, 28, 1,
(nil)), fd_no=0
17(21476) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection:
192.168.10.106
17(21476) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 2087, type 3
17(21476) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes:
201:2583:2549, 1
17(21476) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x8216fe0, 32, 2,
0xb60eb860), fd_no=24
17(21476) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8216fe0, 32,
-1, 0x0) fd_no=25 called
17(21476) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events
1
17(21476) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 0
13(21472), 0xb60eb860
13(21472) DEBUG: <core> [tcp_read.c:884]: received n=4 con=0xb60eb860, fd=7
13(21472) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default>
17(21476) : <core> [pass_fd.c:283]: ERROR: receive_fd: EOF on 4
17(21476) DEBUG: <core> [tcp_main.c:3038]: DBG: handle_ser_child: dead child
13, pid 21472 (shutting down?)
17(21476) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8216fe0, 4,
-1, 0x0) fd_no=24 called
17(21476) DEBUG: <core> [tcp_main.c:2826]: DBG: handle_tcp_child: dead tcp
child 0 (pid 21472, no 13) (shutting down?)
17(21476) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x8216fe0, 25,
-1, 0x0) fd_no=23 called
0(21444) ALERT: <core> [main.c:722]: child process 21472 exited by a signal
11
0(21444) ALERT: <core> [main.c:725]: core was generated
0(21444) INFO: <core> [main.c:737]: INFO: terminating due to SIGCHLD
17(21476) INFO: <core> [main.c:788]: INFO: signal 15 received
10(21464) INFO: <core> [main.c:788]: INFO: signal 15 received
2(21449) INFO: <core> [main.c:788]: INFO: signal 15 received
1(21448) INFO: <core> [main.c:788]: INFO: signal 15 received
3(21450) INFO: <core> [main.c:788]: INFO: signal 15 received
4(21451) INFO: <core> [main.c:788]: INFO: signal 15 received
16(21475) INFO: <core> [main.c:788]: INFO: signal 15 received
15(21474) INFO: <core> [main.c:788]: INFO: signal 15 received
14(21473) INFO: <core> [main.c:788]: INFO: signal 15 received
9(21463) INFO: <core> [main.c:788]: INFO: signal 15 received
8(21461) INFO: <core> [main.c:788]: INFO: signal 15 received
7(21454) INFO: <core> [main.c:788]: INFO: signal 15 received
6(21453) INFO: <core> [main.c:788]: INFO: signal 15 received
5(21452) INFO: <core> [main.c:788]: INFO: signal 15 received
12(21471) INFO: <core> [main.c:788]: INFO: signal 15 received
11(21465) INFO: <core> [main.c:788]: INFO: signal 15 received
0(21444) DEBUG: usrloc [urecord.c:325]: Binding
'20','sip:20 at 192.168.10.107:5060;transport=tcp;line=4c0o3xlb' has expired
0(21444) DEBUG: usrloc [urecord.c:325]: Binding
'30','sip:30 at 192.168.10.108:5060;transport=tcp;line=7rz2j81s' has expired
0(21444) DEBUG: <core> [db_pool.c:102]: removing connection from the pool
0(21444) DEBUG: tm [t_funcs.c:122]: DEBUG: tm_shutdown : start
0(21444) DEBUG: tm [t_funcs.c:125]: DEBUG: tm_shutdown : emptying hash
table
0(21444) DEBUG: tm [t_funcs.c:127]: DEBUG: tm_shutdown : removing
semaphores
0(21444) DEBUG: tm [t_funcs.c:129]: DEBUG: tm_shutdown : destroying tmcb
lists
0(21444) DEBUG: tm [t_funcs.c:132]: DEBUG: tm_shutdown : done
0(21444) DEBUG: tls [tls_init.c:621]: tls module final tls destroy
0(21444) DEBUG: <core> [mem/shm_mem.c:236]: shm_mem_destroy
0(21444) DEBUG: <core> [mem/shm_mem.c:239]: destroying the shared memory
lock
0(21444) DEBUG: <core> [main.c:741]: terminating due to SIGCHLD
kamailio -V
version: kamailio 3.0.0 (i386/linux) 6d1e9f
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, DISABLE_NAGLE,
USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
@(#) $Id$
main.c compiled on 15:09:49 Jan 29 2010 with gcc 4.1.2
Kamailio is setup with the default self-signed certificates, the telephone
is snom 320 v7.3.30.
Best regards,
Martin
> -----Ursprüngliche Nachricht-----
> Von: sr-users-bounces at lists.sip-router.org [mailto:sr-users-
> bounces at lists.sip-router.org] Im Auftrag von Klaus Darilion
> Gesendet: Freitag, 22. Januar 2010 16:07
> An: Andreas Rehbein
> Cc: sr-users at lists.sip-router.org
> Betreff: Re: [SR-Users] TLS problems
>
> I managed to have SNOM 320 registering at kamailio-3.0 via TLS. But I
> do
> not have any crashes (openssl 0.9.8g-15+lenny6).
>
> Andreas, when does the crash happen exactly: during TLS handshake or
> afterwards (you can for example use "ssldump port 5061" to debug the
> TLS
> connection)?
>
> regards
> klaus
>
> Andreas Rehbein schrieb:
> > Hi Klaus,
> >
> > until now (OpenSER 1.3.x without client verification) it was not
> necessary
> > to import certs into snom.
> > To force the snom to send Messages via tls, you need to insert
> something
> > like "192.168.0.89:5061;transport=tls" in the outbound proxy field
> (but I'm
> > sure you already knew)
> >
> > regards
> > Andreas
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Klaus Darilion [mailto:klaus.mailinglists at pernau.at]
> > Gesendet: Freitag, 22. Januar 2010 13:17
> > An: Andreas Rehbein
> > Cc: sr-users at lists.sip-router.org
> > Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
> >
> >
> >
> > Andreas Rehbein schrieb:
> >> Hello Klaus,
> >>
> >> Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5
> >> OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> >
> > Hi Andreas!
> >
> > I fail to configure SNOM to accept the certificate. I imported the CA
> > cert as trusted certificates, but TLS handshake is not successful. Is
> > there something else I need to take care of?
> >
> > I'm quite sure my certificates are OK as it works with eyebeam and
> QjSimple.
> >
> > regards
> > Klaus
> >
>
> _______________________________________________
> sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-users
mailing list