<div dir="ltr"><div><div><div><div>Hi Răzvan!<br><br></div>Thanks for your response. Yes, I can decode with wireshark. If you want I can send you a pcap (with succesfull and failed calls) and the private key (obviusly in a private mail)<br><br></div>The only "strange" thing I can see in wireshark is that OpenSips sends to the UAC a TLS Close Notify just after segment of a reasembled PDU, like this: Alert (Level: Warning, Description: Close Notify) but this reasembly works well in another call.<br><br><br></div>Thank you very much for your help,<br><br></div>Carlos Oliva<br><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><b style="font-size:13px"><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><br>
<span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><br><span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"><img src="https://lh6.googleusercontent.com/WN6hk84ri7BRmKal1fKNiC-AMmPYSDb0PtICYSJrzUa8tBua0VLuBXzjNCsxZYm2STOwRHUUnQmBKAirtvexlLg_AHY40gGbdEYQGf9oPE3yuTka_QfxoMajnQ" height="28px;" width="200px;"></span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap">_________________________________________________</span></p><br><span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt">
<span style="font-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Carlos Oliva</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap">Departamento de Sistemas<b></b></span></p>
<br><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap">C/ Pujades, 77-79, 8a Planta 9B | 08005 Barcelona</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><a href="http://www.numintec.com/" style="text-decoration:none" target="_blank"><span style="font-family:Verdana;font-weight:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">www.numintec.com</span></a><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"> | </span><span style="font-family:Verdana;color:rgb(17,85,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:carlos.oliva@numintec.com" target="_blank">carlos.oliva@numintec.com</a></span><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-family:Verdana;font-weight:normal;vertical-align:baseline;white-space:pre-wrap">|</span><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"> T: </span><span style="font-family:Verdana;color:rgb(17,85,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap">902 02 02 97</span><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"> </span></p>
<br><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap">_________________________________________________</span><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span></p>
<br><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><a href="http://www.youtube.com/user/numintec" style="text-decoration:none" target="_blank"><span style="font-size:11px;font-family:Verdana;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Talking Numintec: Dialogando con empresarios de éxito</span></a></p>
<br><a href="http://www.youtube.com/user/numintec" style="text-decoration:none" target="_blank"><span style="font-size:11px;font-family:Verdana;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap"></span></a><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt">
<a href="http://www.numintec.com/category/caso-de-exito/" style="text-decoration:none" target="_blank"><span style="font-size:11px;font-family:Verdana;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Las soluciones en la nube de Numintec - Casos de éxito</span></a></p>
<br><a href="http://www.numintec.com/category/caso-de-exito/" style="text-decoration:none" target="_blank"><span style="font-size:11px;font-family:Verdana;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap"></span></a><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt">
<a href="http://www.numintec.com/demo/" style="text-decoration:none" target="_blank"><span style="font-size:11px;font-family:Verdana;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Solicita una demo</span></a></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);font-weight:normal;vertical-align:baseline;white-space:pre-wrap">_________________________________________________</span><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span></p>
<br><span style="font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);vertical-align:baseline;white-space:pre-wrap">Medio Ambiente: </span><span style="font-size:11px;font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap">Antes de imprimir este mensaje, asegúrese de que es necesario. </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt;margin-left:30pt"><span style="font-size:11px;font-family:Verdana;color:rgb(0,204,204);vertical-align:baseline;white-space:pre-wrap">Nota Legal:</span><span style="font-size:11px;font-family:Verdana;color:rgb(102,102,102);font-weight:normal;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:11px;font-family:Verdana;color:rgb(102,102,102);font-weight:normal;font-style:italic;vertical-align:baseline;white-space:pre-wrap">La información contenida en la presente transmisión es confidencial y su
uso únicamente está permitido a su(s) destinatario(s). Le informamos que
los datos personales que facilite/ha facilitado pasarán/han pasado a
formar parte de un fichero responsabilidad de NUMINTEC COMUNICACIONES
S.L.. y que tiene por finalidad gestionar las relaciones. Tiene la
posibilidad de ejercitar los derechos de acceso, rectificación,
cancelación y oposición respecto a sus datos ante la empresa, en el
e-mail</span><span style="font-size:11px;font-family:Arial;color:rgb(102,102,102);font-weight:normal;font-style:italic;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:11px;font-family:Arial;color:rgb(17,85,204);font-weight:normal;font-style:italic;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:comunicacion@numintec.com" target="_blank">comunicacion@numintec.com</a></span><span style="font-size:11px;font-family:Arial;color:rgb(102,102,102);font-weight:normal;font-style:italic;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:11px;font-family:Verdana;color:rgb(102,102,102);font-weight:normal;font-style:italic;vertical-align:baseline;white-space:pre-wrap"> o bien en el domicilio sito en C/ Pujades, 77-79 8ª Planta 9-B</span><span style="font-size:11px;font-family:Arial;color:rgb(102,102,102);font-weight:normal;font-style:italic;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:11px;font-family:Verdana;color:rgb(102,102,102);font-weight:normal;font-style:italic;vertical-align:baseline;white-space:pre-wrap">08005 de Barcelona.</span></p></b></div></div>
<br><div class="gmail_quote">2015-10-14 20:27 GMT+02:00 Răzvan Crainea <span dir="ltr"><<a href="mailto:razvan@opensips.org" target="_blank">razvan@opensips.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, Carlos!<br>
<br>
Each TLS connection has its own buffer, protected by a locking mechanisms, so I don't see how data might get corrupted. Have you tried taking a wireshark capture to see if Wireshark manages to parse and validate the TLS sessions?<br>
<br>
Best regards,<br>
<br>
Răzvan Crainea<br>
OpenSIPS Core Developer<br>
<a href="http://www.opensips-solutions.com" rel="noreferrer" target="_blank">http://www.opensips-solutions.com</a><br>
<br>
On 10/14/2015 02:55 PM, Carlos Oliva wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
After some tests I was able to reproduce the issue with<br>
tls_verify_client = 0 and tls_require_client_certificate = 0 The error<br>
now is:<br>
"ERROR:core:tls_print_errstack: TLS errstack: error:14094418:SSL<br>
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca"<br>
<br>
Always is reproducible after some tests with a bit of load in the proxy.<br>
I was not able to reproduce with only two registered AORs. Maybe (only a<br>
supposition) the ssl buffer can be modified by other process while<br>
reading and the data is corrupted?<br>
<br>
In case it can help, here a new paste with debug=6<br>
<a href="http://pastebin.com/vCmitj0m" rel="noreferrer" target="_blank">http://pastebin.com/vCmitj0m</a><br>
<br>
—<br>
Reply to this email directly or view it on GitHub<br>
<<a href="https://github.com/OpenSIPS/opensips/issues/670#issuecomment-148027341" rel="noreferrer" target="_blank">https://github.com/OpenSIPS/opensips/issues/670#issuecomment-148027341</a>>.<br>
<br>
<br>
<br>
_______________________________________________<br>
Devel mailing list<br>
<a href="mailto:Devel@lists.opensips.org" target="_blank">Devel@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/devel</a><br>
<br>
</blockquote>
<br>
_______________________________________________<br>
Devel mailing list<br>
<a href="mailto:Devel@lists.opensips.org" target="_blank">Devel@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/devel</a><br>
</blockquote></div><br></div></div>