[Kamailio-Users] Problem with secure TLS call

Klaus Darilion klaus.mailinglists at pernau.at
Mon Mar 29 10:52:48 CEST 2010


Kamailio tries to open a TLS connection to the client. You should avoid 
this - Kamailio should use the existing TLS/TCP connection that was 
established by the client during registration.

klaus

Am 27.03.2010 07:07, schrieb Hemanshu Patel:
>
> With TLS it still is not working
>
> Mar 27 11:39:16 [4421] INFO:core:probe_max_receive_buffer: using a UDP receive buffer of 255 kb
> Mar 27 11:39:16 [4425] WARNING:usrloc:dbrow2info: non-local socket<tcp:172.16.16.218:5091>...ignoring
> Mar 27 11:39:18 [4431] INFO:core:tls_accept: client did not present a certificate
> Mar 27 11:39:55 [4432] INFO:core:tls_accept: client did not present a certificate
> Mar 27 11:40:01 [4431] ERROR:rr:w_record_route: Double attempt to record-route
> Mar 27 11:40:01 [4426] ERROR:core:tls_connect: SSL_ERROR_SYSCALL err=Connection reset by peer(104)
> Mar 27 11:40:01 [4426] ERROR:core:tls_connect: something wrong in SSL: 5 (ret=-1) err=Connection reset by peer(104)
> Mar 27 11:40:01 [4426] ERROR:core:tcp_send: failed to send
> Mar 27 11:40:01 [4426] ERROR:core:msg_send: tcp_send failed
> Mar 27 11:40:01 [4425] WARNING:core:run_actions: null action list (rec_level=1)
>
>
> my doubt is that if somethings wrong with SSL certificates that i created myself (i.e my own root CA, and self signed certificates), then how come registration is working like charm?
> if there is some problem with Certificates then registration should also not  work.
> am i right?
>
> ----
>
> Regards,
>
> Hemanshu Patel
> Sr. Software Engg
> SIS,Ahmedabad
> Mo:09601295238
>
>
> On Sat 27/03/10  9:50 AM , "Hemanshu Patel"<hemanshu.patel at saicare.com>  wrote:
>
>> I havent tested over TCP, let me check it
>> but hardphone, i mean hardware based phones from grandstream gvx3140
>> works
>> fine with same implementation on TLS.
>> --
>> Regards,
>> Hemanshu Patel
>> M: 09601295238
>>> Does eyebeam with SIP over TCP is working?
>>>
>>> Am 26.03.2010 13:43, schrieb Hemanshu Patel:
>>>>
>>>> i am still having this problem.
>>>> when i use two grandstream phone everything works fine,
>>>> i can make calls on TLS and users can talk to each other.
>>>>
>>>> But when i use two eyebream phone, it doesnt work, gives
>> following error
>>>>
>>>> :33 [2875] WARNING:core:init_ssl_ctx_behavior: server
>> verification NOT
>>>> activated. Weaker security.
>>>> [ panreg-tls]$
>>>> [ panreg-tls]$
>>>> [ panreg-tls]$ Mar 26 18:11:59 [2889]
>>>> ERROR:rr:w_record_route: Double attempt to record-route
>>>> Mar 26 18:12:09 [2884] ERROR:core:tcp_blocking_connect: timeout
>> 10 s
>>>> elapsed from 10 s
>>>> Mar 26 18:12:09 [2884] ERROR:core:tcpconn_connect:
>> tcp_blocking_connect
>>>> failed
>>>> Mar 26 18:12:09 [2884] ERROR:core:tcp_send: connect failed
>>>> Mar 26 18:12:09 [2884] ERROR:core:msg_send: tcp_send failed
>>>> Mar 26 18:12:10 [2883] ERROR:core:tcp_blocking_connect: timeout
>> 10 s
>>>> elapsed from 10 s
>>>> Mar 26 18:12:10 [2883] ERROR:core:tcpconn_connect:
>> tcp_blocking_connect
>>>> failed
>>>> Mar 26 18:12:10 [2883] ERROR:core:tcp_send: connect failed
>>>> Mar 26 18:12:10 [2883] ERROR:core:msg_send: tcp_send failed
>>>> Mar 26 18:12:10 [2883] WARNING:core:run_actions: null action list
>>>> (rec_level=1)
>>>> Mar 26 18:12:11 [2881] ERROR:core:tcp_blocking_connect: timeout
>> 10 s
>>>> elapsed from 10 s
>>>> Mar 26 18:12:11 [2881] ERROR:core:tcpconn_connect:
>> tcp_blocking_connect
>>>> failed
>>>> Mar 26 18:12:11 [2881] ERROR:core:tcp_send: connect failed
>>>> Mar 26 18:12:11 [2881] ERROR:core:msg_send: tcp_send failed
>>>> Mar 26 18:12:13 [2882] ERROR:core:tcp_blocking_connect: timeout
>> 10 s
>>>> elapsed from 10 s
>>>> Mar 26 18:12:13 [2882] ERROR:core:tcpconn_connect:
>> tcp_blocking_connect
>>>> failed
>>>> Mar 26 18:12:13 [2882] ERROR:core:tcp_send: connect failed
>>>> Mar 26 18:12:13 [2882] ERROR:core:msg_send: tcp_send failed
>>>> Mar 26 18:12:19 [2884] ERROR:core:tcp_blocking_connect: timeout
>> 10 s
>>>> elapsed from 10 s
>>>> Mar 26 18:12:19 [2884] ERROR:core:tcpconn_connect:
>> tcp_blocking_connect
>>>> failed
>>>> Mar 26 18:12:19 [2884] ERROR:core:tcp_send: connect failed
>>>> Mar 26 18:12:19 [2884] ERROR:core:msg_send: tcp_send failed
>>>>
>>>>
>>>>
>>>> Any idea? Same configuration works with grandstream, while they
>> cant in
>>>> softphone? and gives 477 errot code.
>>>>
>>>> my asterisk log is as below:
>>>>
>>>> 26 18:08:09] WARNING[2833]: chan_sip.c:1648 setup_crypto:
>> Hemanshu:
>>>> local_key641 jhbAJ7jFE1p/Ngn4kVxy7qTTmkJpeBiN6W98+gmM len 40
>>>>       -- Called kamailio/1003
>>>>       -- Got SIP response 477 "Send failed (477/SL)" back from
>>>> 172.16.16.218
>>>>       -- No one is available to answer at this time (1:0/0/0)
>>>>       -- Executing [_default:4] Hangup("SIP/5091-8c001430", "")
>>>> in
>>>> new stack
>>>>     == Spawn extension (hemu_default, 1003, 4) exited non-zero on
>>>> 'SIP/5091-8c001430'
>>>>          >   ::Disconnected form Oracle, trying to connect again..
>>>>          >   ::Tried a lot, not getting connected..
>>>>       -- Got SIP response 477 "Send failed (477/SL)" back from
>>>> 172.16.16.218
>>>>
>>>>
>>>> Any idea what could be the problem?
>>>>
>>>
>> _______________________________________________
>> Kamailio (OpenSER) - Users mailing list
>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
>>
>>
> ---- SIS Blade Server, Desktop&  Thin Client is now available on DGS&  D rate contract. For more detail kindly visit our website http://www.saicare.com



More information about the Users mailing list