[OpenSIPS-Users] Trying to get TLS working with OpenSips 1.5
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Fri Apr 24 16:16:21 CEST 2009
See: http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html#AEN211
By default opensips expect V2 or V3, but you can force V1 if you want.
Regards,
Bogdan
Anil Pannikode wrote:
> Sorry typo error.
>
> I have changed the protocol on both end to 'TLSv1'
>
> Anil
>
>
>
> > From: anilpannikode at hotmail.com
> > To: bogdan at voice-system.ro
> > Date: Fri, 24 Apr 2009 09:31:59 -0400
> > CC: users at lists.opensips.org
> > Subject: Re: [OpenSIPS-Users] Trying to get TLS working with
> OpenSips 1.5
> >
> > Hi Bogdan,
> >
> > I have changed the protocol on both end to ''. Now I am getting a 'Wrong
> > version number'
> >
> > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> > DBG:core:io_watch_add: io_watch_add(0x826ab20, 19, 2, 0xb3efcf50),
> fd_no=1
> > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> > DBG:core:tls_update_fd: New fd is 19
> > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> > ERROR:core:tls_accept: some error in SSL:
> > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> > ERROR:core:tls_print_errstack: error:1408F10B:SSL
> > routines:SSL3_GET_RECORD:wrong version number
> > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> > DBG:core:io_watch_del: io_watch_del (0x826ab20, 19, -1, 0x10)
> fd_no=2 called
> >
> > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> > DBG:core:release_tcpconn: releasing con 0xb3efcf50, state -2, fd=19,
> id=3
> > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]:
> > DBG:core:release_tcpconn: extra_data 0xb3f0d068
> >
> > Remote end is a Dialogic VoipGateway, I was wondering if there is
> another
> > simple client I can use for testing TLS ? Once I get that working, I
> can dig
> > more into my current setup.
> >
> > Regards
> >
> > Anil
> >
> >
> >
> > -----Original Message-----
> > From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
> > Sent: Friday, April 24, 2009 8:10 AM
> > To: Anil Pannikode
> > Cc: users at lists.opensips.org
> > Subject: Re: [OpenSIPS-Users] Trying to get TLS working with
> OpenSips 1.5
> >
> > Hi Anil,
> >
> > Are you sure the connecting party is also using TLS ? maybe it is using
> > pure TCP instead of TLC - use tcpdump to see what is going one.
> >
> > Regards,
> > Bogdan
> >
> > Anil Pannikode wrote:
> > > THanks for the tip. I did not cut and paste the private key properly.
> > > It is now loading how ever the connection is failing with the
> > > following error
> > >
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tls_find_server_domain: virtual TLS server domain not found,
> > > Using default TLS server domain settings
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tls_tcpconn_init: found socket based TLS server domain
> > > [0.0.0.0:0]
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tcpconn_add: hashes: 594, 1
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:handle_new_connect: new connection: 0xb3ebdf50 24 flags: 0002
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:send2child: to tcp child 0 0(16980), 0xb3ebdf50
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]:
> > > DBG:core:handle_io: received n=4 con=0xb3ebdf50, fd=19
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]:
> > > DBG:core:io_watch_add: io_watch_add(0x826ab20, 19, 2, 0xb3ebdf50),
> > > fd_no=1
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]:
> > > DBG:core:tls_update_fd: New fd is 19
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]:
> > > ERROR:core:tls_accept: some error in SSL:
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]:
> > > ERROR:core:tls_print_errstack: error:140760FC:SSL
> > > routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]:
> > > DBG:core:io_watch_del: io_watch_del (0x826ab20, 19, -1, 0x10) fd_no=2
> > > called
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]:
> > > DBG:core:release_tcpconn: releasing con 0xb3ebdf50, state -2,
> fd=19, id=1
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]:
> > > DBG:core:release_tcpconn: extra_data 0xb3ece068
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:handle_tcp_child: reader response= b3ebdf50, -2 from 0
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tcpconn_destroy: destroying connection 0xb3ebdf50, flags 0002
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tls_close: closing SSL connection
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tls_update_fd: New fd is 24
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tls_shutdown: shutdown successful
> > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]:
> > > DBG:core:tls_tcpconn_clean: entered
> > >
> > >
> > > Regards
> > >
> > > Anil
> > >
> > >
> > >
> > > > Date: Thu, 23 Apr 2009 23:24:44 +0300
> > > > From: bogdan at voice-system.ro
> > > > To: anilpannikode at hotmail.com
> > > > CC: users at lists.opensips.org
> > > > Subject: Re: [OpenSIPS-Users] Trying to get TLS working with
> > > OpenSips 1.5
> > > >
> > > > Hi Anil,
> > > >
> > > > Typical error cases:
> > > > - the private key file does not exist or you do not have permission
> > > > to read that file
> > > > - the private key file is not in PEM (base64 encoded) format.
> > > > - if the private key file is encrypted, the password is not correct
> > > > or no password was provided
> > > > - if you loaded a certificate file before issuing this function, the
> > > > public key in that certificate does not match the corresponding
> private
> > > > key in the private key file.
> > > >
> > > > Regards,
> > > > Bogdan
> > > >
> > > > Anil M Pannikode (hotmail) wrote:
> > > > >
> > > > > I am getting the following error in the log files
> > > > >
> > > > >
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips:
> DBG:core:load_certificate:
> > > > > entered
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips:
> DBG:core:load_certificate:
> > > > > '//etc/opensips/tls/user/certonly.pem' successfuly loaded
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: Entered
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: CA
> > > > > '//etc/opensips/tls/user/user-calist.pem' successfuly loaded
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips:
> DBG:core:load_private_key:
> > > > > entered
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips:
> ERROR:core:load_private_key:
> > > > > unable to load private key file
> > > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (2 left) (check
> > > > > password case)
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips:
> ERROR:core:load_private_key:
> > > > > unable to load private key file
> > > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (1 left) (check
> > > > > password case)
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips:
> ERROR:core:load_private_key:
> > > > > unable to load private key file
> > > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (0 left) (check
> > > > > password case)
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips:
> ERROR:core:load_private_key:
> > > > > unable to load private key file
> > > '//etc/opensips/tls/user/privatekey.pem'
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: CRITICAL:core:main:
> could
> > > not
> > > > > initialize tls, exiting...
> > > > >
> > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:dispatcher:destroy:
> > > > > destroying module ...
> > > > >
> > > > >
> > > > >
> > > > > Anybody know what the issues or where to set the password ?
> > > > >
> > > > >
> > > > >
> > > > > Anil
> > > > >
> > > > >
> > > > >
> > > > >
> > >
> ------------------------------------------------------------------------
> > > > >
> > > > > _______________________________________________
> > > > > Users mailing list
> > > > > Users at lists.opensips.org
> > > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > > > >
> > > >
> > >
> > >
> ------------------------------------------------------------------------
> > > Create a cool, new character for your Windows LiveT Messenger. Check
> > > it out <http://go.microsoft.com/?linkid=9656621>
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> ------------------------------------------------------------------------
> Windows Live Messenger makes it easier to stay in touch - learn how!
> <http://go.microsoft.com/?linkid=9650731>
More information about the Users
mailing list