[OpenSIPS-Users] Trying to get TLS working with OpenSips 1.5

Anil Pannikode anilpannikode at hotmail.com
Fri Apr 24 15:33:41 CEST 2009 

Sorry typo error.

 

I have changed the protocol on both end to 'TLSv1'

 

Anil

 


 
> From: anilpannikode at hotmail.com
> To: bogdan at voice-system.ro
> Date: Fri, 24 Apr 2009 09:31:59 -0400
> CC: users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] Trying to get TLS working with OpenSips 1.5
> 
> Hi Bogdan,
> 
> I have changed the protocol on both end to ''. Now I am getting a 'Wrong
> version number'
> 
> Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> DBG:core:io_watch_add: io_watch_add(0x826ab20, 19, 2, 0xb3efcf50), fd_no=1 
> Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> DBG:core:tls_update_fd: New fd is 19 
> Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> ERROR:core:tls_accept: some error in SSL: 
> Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> ERROR:core:tls_print_errstack: error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number 
> Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> DBG:core:io_watch_del: io_watch_del (0x826ab20, 19, -1, 0x10) fd_no=2 called
> 
> Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> DBG:core:release_tcpconn: releasing con 0xb3efcf50, state -2, fd=19, id=3 
> Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> DBG:core:release_tcpconn: extra_data 0xb3f0d068
> 
> Remote end is a Dialogic VoipGateway, I was wondering if there is another
> simple client I can use for testing TLS ? Once I get that working, I can dig
> more into my current setup.
> 
> Regards
> 
> Anil
> 
> 
> 
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] 
> Sent: Friday, April 24, 2009 8:10 AM
> To: Anil Pannikode
> Cc: users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] Trying to get TLS working with OpenSips 1.5
> 
> Hi Anil,
> 
> Are you sure the connecting party is also using TLS ? maybe it is using 
> pure TCP instead of TLC - use tcpdump to see what is going one.
> 
> Regards,
> Bogdan
> 
> Anil Pannikode wrote:
> > THanks for the tip. I did not cut and paste the private key properly. 
> > It is now loading how ever the connection is failing with the 
> > following error
> >
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tls_find_server_domain: virtual TLS server domain not found, 
> > Using default TLS server domain settings
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tls_tcpconn_init: found socket based TLS server domain 
> > [0.0.0.0:0]
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tcpconn_add: hashes: 594, 1
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:handle_new_connect: new connection: 0xb3ebdf50 24 flags: 0002
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:send2child: to tcp child 0 0(16980), 0xb3ebdf50
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> > DBG:core:handle_io: received n=4 con=0xb3ebdf50, fd=19
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> > DBG:core:io_watch_add: io_watch_add(0x826ab20, 19, 2, 0xb3ebdf50), 
> > fd_no=1
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> > DBG:core:tls_update_fd: New fd is 19
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> > ERROR:core:tls_accept: some error in SSL:
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> > ERROR:core:tls_print_errstack: error:140760FC:SSL 
> > routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> > DBG:core:io_watch_del: io_watch_del (0x826ab20, 19, -1, 0x10) fd_no=2 
> > called
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> > DBG:core:release_tcpconn: releasing con 0xb3ebdf50, state -2, fd=19, id=1
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> > DBG:core:release_tcpconn: extra_data 0xb3ece068
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:handle_tcp_child: reader response= b3ebdf50, -2 from 0
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tcpconn_destroy: destroying connection 0xb3ebdf50, flags 0002
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tls_close: closing SSL connection
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tls_update_fd: New fd is 24
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tls_shutdown: shutdown successful
> > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> > DBG:core:tls_tcpconn_clean: entered
> >
> >
> > Regards
> >
> > Anil
> >
> >
> >
> > > Date: Thu, 23 Apr 2009 23:24:44 +0300
> > > From: bogdan at voice-system.ro
> > > To: anilpannikode at hotmail.com
> > > CC: users at lists.opensips.org
> > > Subject: Re: [OpenSIPS-Users] Trying to get TLS working with 
> > OpenSips 1.5
> > >
> > > Hi Anil,
> > >
> > > Typical error cases:
> > > - the private key file does not exist or you do not have permission
> > > to read that file
> > > - the private key file is not in PEM (base64 encoded) format.
> > > - if the private key file is encrypted, the password is not correct
> > > or no password was provided
> > > - if you loaded a certificate file before issuing this function, the
> > > public key in that certificate does not match the corresponding private
> > > key in the private key file.
> > >
> > > Regards,
> > > Bogdan
> > >
> > > Anil M Pannikode (hotmail) wrote:
> > > >
> > > > I am getting the following error in the log files
> > > >
> > > >
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_certificate:
> > > > entered
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_certificate:
> > > > '//etc/opensips/tls/user/certonly.pem' successfuly loaded
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: Entered
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: CA
> > > > '//etc/opensips/tls/user/user-calist.pem' successfuly loaded
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_private_key:
> > > > entered
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key:
> > > > unable to load private key file
> > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (2 left) (check
> > > > password case)
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key:
> > > > unable to load private key file
> > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (1 left) (check
> > > > password case)
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key:
> > > > unable to load private key file
> > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (0 left) (check
> > > > password case)
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key:
> > > > unable to load private key file 
> > '//etc/opensips/tls/user/privatekey.pem'
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: CRITICAL:core:main: could 
> > not
> > > > initialize tls, exiting...
> > > >
> > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:dispatcher:destroy:
> > > > destroying module ...
> > > >
> > > >
> > > >
> > > > Anybody know what the issues or where to set the password ?
> > > >
> > > >
> > > >
> > > > Anil
> > > >
> > > >
> > > >
> > > > 
> > ------------------------------------------------------------------------
> > > >
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at lists.opensips.org
> > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > > >
> > >
> >
> > ------------------------------------------------------------------------
> > Create a cool, new character for your Windows LiveT Messenger. Check 
> > it out <http://go.microsoft.com/?linkid=9656621>
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_________________________________________________________________
Reinvent how you stay in touch with the new Windows Live Messenger.
http://go.microsoft.com/?linkid=9650731
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090424/081add4a/attachment-0001.htm

More information about the Users mailing list