[SR-Users] 2 TLS issues/questions: per-client config & IPv6 client
Anthony Messina
amessina at messinet.com
Wed Feb 25 02:30:00 CET 2015
On Tuesday, February 24, 2015 12:32:38 PM Daniel-Constantin Mierla wrote:
> Hello,
>
> can you try again with the latest master -- it should have fixed the
> part with ipv6.
Using [client:[2607:5300:60:1f93::0]:0] in tls.cfg, it looks like the IPv6
part works. Thank you.
>
> The other issue with matching client profile was changed to ignore port
> if it is 0 in the tls.cfg definition -- can you try to see if works?
This part doesn't seem to work. I still need need to have the ca_list in
[client:default] contain the remote server's certificate or else I get:
Using either [client:204.74.213.5:0] or [client:[2607:5300:60:1f93::0]:0] in
tls.cfg:
ERROR: tls [tls_server.c:1230]: tls_read_f(): TLS write:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ERROR: <core> [tcp_read.c:1296]: tcp_read_req(): ERROR: tcp_read_req: error
reading
> Cheers,
> Daniel
>
> On 24/02/15 04:09, Anthony Messina wrote:
> > On Monday, February 23, 2015 11:26:27 AM Daniel-Constantin Mierla wrote:
> >> Hello,
> >>
> >> can you try with latest master? After just quick view of sources, I
> >> spotted
> >> some issue identifying ipv6 address and pushed a small patch for it, but
> >> no
> >> time to test it for now.
> >>
> >> Cheers,
> >> Daniel
> >
> > <snip>
> >
> >> 2. When attempting to configure TLS settings for connecting to a specific
> >> IPv6 client, I cannot figure out the syntax needed to specify the IPv6
> >> client. What is the proper syntax?
> >>
> >> With [client:[2607:5300:60:1f93::0]:5061], I get:
> >> ERROR: tls [tls_config.c:71]: parse_ipv6(): tls.cfg:57:9: Invalid IPv6
> >> address
> >
> > Unfortunately, with master at b9e5b91 and
> > [client:[2607:5300:60:1f93::0]:5061] in tls.cfg:
> >
> > kamailio[32495]: ERROR: tls [tls_config.c:71]: parse_ipv6():
> > tls.cfg:57:9:
> > Invalid IPv6 address
> > kamailio[32495]: ERROR: <core> [sr_module.c:945]: init_mod(): Error while
> > initializing module tls (/usr/lib64/kamailio/modules/tls.so)
> > kamailio[32495]: : tls [tls_locking.c:103]: locking_f(): BUG: tls:
> > locking_f (callback): invalid lock number: 12 (range 0 - 0), called
> > from ssl_lib.c:345
--
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150224/a4e2a5c1/attachment.sig>
More information about the sr-users
mailing list