[SR-Users] 2 TLS issues/questions: per-client config & IPv6 client

Anthony Messina amessina at messinet.com
Wed Feb 25 02:30:00 CET 2015


On Tuesday, February 24, 2015 12:32:38 PM Daniel-Constantin Mierla wrote:
> Hello,
> 
> can you try again with the latest master -- it should have fixed the
> part with ipv6.

Using [client:[2607:5300:60:1f93::0]:0] in tls.cfg, it looks like the IPv6 
part works.  Thank you.

> 
> The other issue with matching client profile was changed to ignore port
> if it is 0 in the tls.cfg definition -- can you try to see if works?

This part doesn't seem to work.  I still need need to have the ca_list in 
[client:default] contain the remote server's certificate or else I get:

Using either [client:204.74.213.5:0] or [client:[2607:5300:60:1f93::0]:0] in 
tls.cfg:


ERROR: tls [tls_server.c:1230]: tls_read_f(): TLS write:error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ERROR: <core> [tcp_read.c:1296]: tcp_read_req(): ERROR: tcp_read_req: error 
reading


> Cheers,
> Daniel
> 
> On 24/02/15 04:09, Anthony Messina wrote:
> > On Monday, February 23, 2015 11:26:27 AM Daniel-Constantin Mierla wrote:
> >> Hello,
> >> 
> >> can you try with latest master? After just quick view of sources, I
> >> spotted
> >> some issue identifying ipv6 address and pushed a small patch for it, but
> >> no
> >> time to test it for now.
> >> 
> >> Cheers,
> >> Daniel
> > 
> > <snip>
> > 
> >> 2. When attempting to configure TLS settings for connecting to a specific
> >> IPv6 client, I cannot figure out the syntax needed to specify the IPv6
> >> client. What is the proper syntax?
> >> 
> >> With [client:[2607:5300:60:1f93::0]:5061], I get:
> >> ERROR: tls [tls_config.c:71]: parse_ipv6(): tls.cfg:57:9: Invalid IPv6
> >> address
> > 
> > Unfortunately, with master at b9e5b91 and
> > [client:[2607:5300:60:1f93::0]:5061] in  tls.cfg:
> > 
> > kamailio[32495]: ERROR: tls [tls_config.c:71]: parse_ipv6():
> > tls.cfg:57:9: 
> > Invalid IPv6 address
> > kamailio[32495]: ERROR: <core> [sr_module.c:945]: init_mod(): Error while 
> > initializing module tls (/usr/lib64/kamailio/modules/tls.so)
> > kamailio[32495]: : tls [tls_locking.c:103]: locking_f(): BUG: tls:
> > locking_f  (callback): invalid lock number:  12 (range 0 - 0), called
> > from ssl_lib.c:345

-- 
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150224/a4e2a5c1/attachment.sig>


More information about the sr-users mailing list