<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>
</head>
<body class='hmmessage'>
Bogdan, the error is ok, how can i solve the problem.<BR>
The update to this issue is if the client send the his certificate to the server and this cause the problem.<BR>
&nbsp;<BR>
Ciao&nbsp;<BR>
&nbsp;<BR>
Best regards<BR><BR>&gt; Date: Tue, 20 Jan 2009 15:04:48 +0200<BR>&gt; From: bogdan@voice-system.ro<BR>&gt; To: gianluca.moretti@hotmail.it<BR>&gt; CC: users@lists.opensips.org; devel@lists.opensips.org<BR>&gt; Subject: Re: [OpenSIPS-Users] OCS Opensisp certificate issues using TLS<BR>&gt; <BR>&gt; Hi Gianluca,<BR>&gt; <BR>&gt; You get this:<BR>&gt; <BR>&gt; Jan 17 16:06:12 [30304] ERROR:core:_tls_read: something wrong in SSL: 5<BR>&gt; <BR>&gt; 5 is SSL_ERROR_SYSCALL . See:<BR>&gt; http://openssl.org/docs/ssl/SSL_get_error.html<BR>&gt; <BR>&gt; Regards,<BR>&gt; Bogdan<BR>&gt; <BR>&gt; gianluca moretti wrote:<BR>&gt; &gt; We try to integrate OCS 2007 and opensisps using TLS<BR>&gt; &gt; <BR>&gt; &gt; SCENARIO:<BR>&gt; &gt; <BR>&gt; &gt; [wesip] Sending register to OCS<BR>&gt; &gt; Seas ------------------------------------&gt; EDGE --&gt; OCS <BR>&gt; &gt; [Opensips]<BR>&gt; &gt; <BR>&gt; &gt;<BR>&gt; &gt; Issue: Opensisps cannot connect to EDGE server and in details <BR>&gt; &gt; opensisps send always a the certificate to the client<BR>&gt; &gt; any idea to avoid to opensisps to send the always certificate.<BR>&gt; &gt; EDGE: CertVerifyCertificateChainPolicy retuned a failure in <BR>&gt; &gt; CERT_CHAIN_POLICY_STATUS<BR>&gt; &gt; OPENSIPS:<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:core:tls_dump_cert_info: tls_connect: <BR>&gt; &gt; local (client) certificate issuer: /CN=Your_NAME/ST=Your_ST<BR>&gt; &gt; ATE/C=CO/emailAddress=YOUR_EMAIL/O=YOUR_ORG_NAME<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:core:tls_write: write was successful (791 <BR>&gt; &gt; bytes)<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:core:tcp_send: after write: c= 0xb612fcf8 <BR>&gt; &gt; n=791 fd=23<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:core:tcp_send: buf=<BR>&gt; &gt; REGISTER sip:hmcint.local:5060;transport=tcp SIP/2.0<BR>&gt; &gt; Via: SIP/2.0/TLS 192.168.5.59:5061;branch=z9hG4bKd863.89657825.0;i=2<BR>&gt; &gt; Via: SIP/2.0/TCP 192.168.5.59;branch=z9hG4bKd863.79657825.0<BR>&gt; &gt; To: sip:max.ambrogi@hmcint.local;transport=tcp<BR>&gt; &gt; From: <BR>&gt; &gt; sip:max.ambrogi@hmcint.local;transport=tcp;tag=BB479256370FF64C226AA6220F2364DD<BR>&gt; &gt; CSeq: 1 REGISTER<BR>&gt; &gt; Call-ID: 24D8315A8EBB948A4DD4F1A3518E4029@192.168.5.59 <BR>&gt; &gt; &lt;mailto:24D8315A8EBB948A4DD4F1A3518E4029@192.168.5.59&gt;<BR>&gt; &gt; Content-Length: 0<BR>&gt; &gt; Max-Forwards: 70<BR>&gt; &gt; Contact: <BR>&gt; &gt; &lt;sip:192.168.5.59:5060;transport=tcp;AppId=.sip2msipGW&gt;;methods="INVITE, <BR>&gt; &gt; MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY<BR>&gt; &gt; , ACK, <BR>&gt; &gt; REFER";proxy=replace;+sip.instance="&lt;urn:uuid:787C69C1-2A21-441f-B792-A908ABFF5010&gt;"<BR>&gt; &gt; Supported: gruu-10,adhoclist,msrtc-event-categories,ms-forking<BR>&gt; &gt; ms-keep-alive: UAC;hop-hop=yes<BR>&gt; &gt; Event: registration<BR>&gt; &gt; X-WeSIP-SPIRAL: true<BR>&gt; &gt; <BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:tm:set_timer: relative timeout is 30<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:tm:insert_timer_unsafe: [0]: 0xb610d020 (300)<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:tm:t_relay_to: new transaction fwd'ed<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:tm:t_unref: UNREF_UNSAFE: after is 0<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:core:destroy_avp_list: destroying list (nil)<BR>&gt; &gt; Jan 17 16:06:12 [30303] DBG:core:receive_msg: cleaning up<BR>&gt; &gt; Jan 17 16:06:12 [30304] DBG:core:tls_update_fd: New fd is 23<BR>&gt; &gt; Jan 17 16:06:12 [30304] ERROR:core:_tls_read: something wrong in SSL: 5<BR>&gt; &gt; Jan 17 16:06:12 [30304] ERROR:core:tcp_read_req: failed to read<BR>&gt; &gt; Jan 17 16:06:12 [30304] DBG:core:io_watch_del: io_watch_del <BR>&gt; &gt; (0x8164160, 23, -1, 0x10) fd_no=2 called<BR>&gt; &gt; Jan 17 16:06:12 [30304] DBG:core:release_tcpconn: releasing con <BR>&gt; &gt; 0xb612fcf8, state -2, fd=23, id=9<BR>&gt; &gt; Jan 17 16:06:12 [30304] DBG:core:release_tcpconn: extra_data 0xb613fe10<BR>&gt; &gt; Jan 17 16:06:12 [30311] DBG:core:handle_tcp_child: reader response= <BR>&gt; &gt; b612fcf8, -2 from 1<BR>&gt; &gt; Jan 17 16:06:12 [30311] DBG:core:tcpconn_destroy: destroying <BR>&gt; &gt; connection 0xb612fcf8, flags 0002<BR>&gt; &gt; Jan 17 16:06:12 [30311] DBG:core:tls_close: closing SSL connection<BR>&gt; &gt; <BR>&gt; &gt; <BR>&gt; &gt; The opensips.cfg is configured as following:<BR>&gt; &gt; disable_tls = no<BR>&gt; &gt; listen = tls:##OPENSIPSIP##:5061<BR>&gt; &gt; tls_verify_server = 0<BR>&gt; &gt; tls_verify_client = 0<BR>&gt; &gt; tls_require_client_certificate = 0<BR>&gt; &gt; tls_method = TLSv1<BR>&gt; &gt; tls_ca_list = "/product/opensips//etc/opensips/tls/dario/dario-calist.pem"<BR>&gt; &gt; tls_certificate = "/product/opensips//etc/opensips/tls/user/user-cert.pem"<BR>&gt; &gt; tls_private_key = <BR>&gt; &gt; "/product/opensips//etc/opensips/tls/user/user-privkey.pem"<BR>&gt; &gt; tls_ciphers_list="RC4-MD5"<BR>&gt; &gt; <BR>&gt; &gt; route{<BR>&gt; &gt; <BR>&gt; &gt; if(is_present_hf("X-WeSIP-SPIRAL")){<BR>&gt; &gt; log("\nSPIRAL!!!\n");<BR>&gt; &gt; t_relay("tls:EDGEIP:5061");<BR>&gt; &gt; exit;}<BR>&gt; &gt; (on WESIP SPIRAL is equal TRUE)<BR>&gt; &gt; <BR>&gt; &gt; OPENSIPSIP is the CLIENT e EDGEIP is the SERVER<BR>&gt; &gt; <BR>&gt; &gt; <BR>&gt; &gt; Using Open SSL the connection is OK<BR>&gt; &gt; openssl s_client -connect EDGEIP:5061 -ssl2 -CAfile <BR>&gt; &gt; /product/opensips_dev/etc/opensips/tls/user/user-calist.pem -cipher <BR>&gt; &gt; RC4-MD5<BR>&gt; &gt; <BR>&gt; &gt; New, TLSv1/SSLv3, Cipher is RC4-MD5<BR>&gt; &gt; Server public key is 1024 bit<BR>&gt; &gt; SSL-Session:<BR>&gt; &gt; Protocol : TLSv1<BR>&gt; &gt; Cipher : RC4-MD5<BR>&gt; &gt; Session-ID: <BR>&gt; &gt; E708000007E4CC591AA8982939C17298FBEDF72E749C010EFFC39FBEB2D143A6<BR>&gt; &gt; Session-ID-ctx:<BR>&gt; &gt; Master-Key: <BR>&gt; &gt; 5835CA1877799D4B507AA31DB8DEA5F11D27DD077FE43F52DC9606ABF296AF6043402938E384FFF7B1485DC77D4D13D7<BR>&gt; &gt; Key-Arg : None<BR>&gt; &gt; Krb5 Principal: None<BR>&gt; &gt; Start Time: 1232205185<BR>&gt; &gt; Timeout : 7200 (sec)<BR>&gt; &gt; Verify return code: 0 (ok)<BR>&gt; &gt; <BR>&gt; &gt; Regards<BR>&gt; &gt; <BR>&gt; &gt;<BR>&gt; &gt;<BR>&gt; &gt; ------------------------------------------------------------------------<BR>&gt; &gt; Scoprilo insieme ai nuovi servizi Windows Live! Messenger 9: oltre le <BR>&gt; &gt; parole. &lt;http://download.live.com/messenger/?mkt=it-it&gt;<BR>&gt; &gt; ------------------------------------------------------------------------<BR>&gt; &gt;<BR>&gt; &gt; _______________________________________________<BR>&gt; &gt; Users mailing list<BR>&gt; &gt; Users@lists.opensips.org<BR>&gt; &gt; http://lists.opensips.org/cgi-bin/mailman/listinfo/users<BR>&gt; &gt; <BR>&gt; <BR><BR><br /><hr />Scopri le novitą! <a href='http://www.messenger.it/hotmail.aspx' target='_new'>Pił veloce, pił tua, pił Hotmail.</a></body>
</html>