[OpenSER-Users] TLS problem.
fengbin
arithdon at gmail.com
Thu Jan 10 10:10:03 CET 2008
Hi,all
I met a strange problem while I am testing TLS connection between minisip
and openser.
The following is my openser.cfg (part of that)
.........
fork=no
log_stderror=yes
# Uncomment this to prevent the blacklisting of temporary not available
destinations
#disable_dns_blacklist=yes
# # Uncomment this to prevent the IPv6 lookup after v4 dns lookup failures
#dns_try_ipv6=no
# uncomment the following lines for TLS support
disable_tls = 0
listen = tls:10.11.57.197:5060
tls_verify_client = 1
tls_method = TLSv1
tls_certificate = "/usr/local/etc/openser//tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/openser//tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/openser//tls/user/user-calist.pem"
tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA"
......
When I set "tls:10.11.57.197:5061" the registration never succeed. But if I
set it to 5060 the registration over TLS is OK.
I compared the log of two scenarioes and found the TLS session both are
OK,but the difference is that:
when the port is 5061 there is an error of forwarding. but the forwarding is
because openser think it's not the destination of
the registration request. See bellow:
Jan 10 16:46:56 [9199] DBG:rr:after_loose: No next URI found
Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if host==us: 12==12
&& [10.11.57.197] == [10.11.57.197]
Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if port 5061
matches port 5060
Jan 10 16:46:56 [9199] DBG:core:check_self: host != me
Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff
Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on entrance=0xffffffff
Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff
Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=78
Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: start searching: hash=58073,
isACK=0
Jan 10 16:46:56 [9199] DBG:tm:matching_3261: RFC3261 transaction matching
failed
Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no transaction found
Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS lookup...
Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst: failed to fwd to af 2, proto
1 (no corresponding listening socket)
Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack: failure to add branches
With comparition to that when the port is set to 5060 the trace is :
Jan 10 17:07:59 [9410] DBG:rr:find_next_route: No next Route HF found
Jan 10 17:07:59 [9410] DBG:rr:after_loose: No next URI found
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12
&& [10.11.57.197] == [10.11.57.197]
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060
matches port 5060
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12
&& [10.11.57.197] == [10.11.57.197]
Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060
matches port 5060
Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff
Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=8000000
Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff
Jan 10 17:07:59 [9410] DBG:registrar:build_contact: created Contact HF:
Contact: <sip:888 at 10.11.57.192:5061;transport=TLS>;expires=1000
And there is no fwd needed then.So the error didnt occur.
Its a little bit strange that when I set the port to 5061,why did openser
check the port 5060?????
Can anyone help me to figure it out?
THX
BR
--
Fengbin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080110/aefab5ef/attachment.htm
More information about the Users
mailing list