[OpenSIPS-Users] OCS Opensisp certificate issues using TLS
gianluca moretti
gianluca.moretti at hotmail.it
Tue Jan 20 14:19:16 CET 2009
Bogdan, the error is ok, how can i solve the problem.
The update to this issue is if the client send the his certificate to the server and this cause the problem.
Ciao
Best regards> Date: Tue, 20 Jan 2009 15:04:48 +0200> From: bogdan at voice-system.ro> To: gianluca.moretti at hotmail.it> CC: users at lists.opensips.org; devel at lists.opensips.org> Subject: Re: [OpenSIPS-Users] OCS Opensisp certificate issues using TLS> > Hi Gianluca,> > You get this:> > Jan 17 16:06:12 [30304] ERROR:core:_tls_read: something wrong in SSL: 5> > 5 is SSL_ERROR_SYSCALL . See:> http://openssl.org/docs/ssl/SSL_get_error.html> > Regards,> Bogdan> > gianluca moretti wrote:> > We try to integrate OCS 2007 and opensisps using TLS> > > > SCENARIO:> > > > [wesip] Sending register to OCS> > Seas ------------------------------------> EDGE --> OCS > > [Opensips]> > > >> > Issue: Opensisps cannot connect to EDGE server and in details > > opensisps send always a the certificate to the client> > any idea to avoid to opensisps to send the always certificate.> > EDGE: CertVerifyCertificateChainPolicy retuned a failure in > > CERT_CHAIN_POLICY_STATUS> > OPENSIPS:> > Jan 17 16:06:12 [30303] DBG:core:tls_dump_cert_info: tls_connect: > > local (client) certificate issuer: /CN=Your_NAME/ST=Your_ST> > ATE/C=CO/emailAddress=YOUR_EMAIL/O=YOUR_ORG_NAME> > Jan 17 16:06:12 [30303] DBG:core:tls_write: write was successful (791 > > bytes)> > Jan 17 16:06:12 [30303] DBG:core:tcp_send: after write: c= 0xb612fcf8 > > n=791 fd=23> > Jan 17 16:06:12 [30303] DBG:core:tcp_send: buf=> > REGISTER sip:hmcint.local:5060;transport=tcp SIP/2.0> > Via: SIP/2.0/TLS 192.168.5.59:5061;branch=z9hG4bKd863.89657825.0;i=2> > Via: SIP/2.0/TCP 192.168.5.59;branch=z9hG4bKd863.79657825.0> > To: sip:max.ambrogi at hmcint.local;transport=tcp> > From: > > sip:max.ambrogi at hmcint.local;transport=tcp;tag=BB479256370FF64C226AA6220F2364DD> > CSeq: 1 REGISTER> > Call-ID: 24D8315A8EBB948A4DD4F1A3518E4029 at 192.168.5.59 > > <mailto:24D8315A8EBB948A4DD4F1A3518E4029 at 192.168.5.59>> > Content-Length: 0> > Max-Forwards: 70> > Contact: > > <sip:192.168.5.59:5060;transport=tcp;AppId=.sip2msipGW>;methods="INVITE, > > MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY> > , ACK, > > REFER";proxy=replace;+sip.instance="<urn:uuid:787C69C1-2A21-441f-B792-A908ABFF5010>"> > Supported: gruu-10,adhoclist,msrtc-event-categories,ms-forking> > ms-keep-alive: UAC;hop-hop=yes> > Event: registration> > X-WeSIP-SPIRAL: true> > > > Jan 17 16:06:12 [30303] DBG:tm:set_timer: relative timeout is 30> > Jan 17 16:06:12 [30303] DBG:tm:insert_timer_unsafe: [0]: 0xb610d020 (300)> > Jan 17 16:06:12 [30303] DBG:tm:t_relay_to: new transaction fwd'ed> > Jan 17 16:06:12 [30303] DBG:tm:t_unref: UNREF_UNSAFE: after is 0> > Jan 17 16:06:12 [30303] DBG:core:destroy_avp_list: destroying list (nil)> > Jan 17 16:06:12 [30303] DBG:core:receive_msg: cleaning up> > Jan 17 16:06:12 [30304] DBG:core:tls_update_fd: New fd is 23> > Jan 17 16:06:12 [30304] ERROR:core:_tls_read: something wrong in SSL: 5> > Jan 17 16:06:12 [30304] ERROR:core:tcp_read_req: failed to read> > Jan 17 16:06:12 [30304] DBG:core:io_watch_del: io_watch_del > > (0x8164160, 23, -1, 0x10) fd_no=2 called> > Jan 17 16:06:12 [30304] DBG:core:release_tcpconn: releasing con > > 0xb612fcf8, state -2, fd=23, id=9> > Jan 17 16:06:12 [30304] DBG:core:release_tcpconn: extra_data 0xb613fe10> > Jan 17 16:06:12 [30311] DBG:core:handle_tcp_child: reader response= > > b612fcf8, -2 from 1> > Jan 17 16:06:12 [30311] DBG:core:tcpconn_destroy: destroying > > connection 0xb612fcf8, flags 0002> > Jan 17 16:06:12 [30311] DBG:core:tls_close: closing SSL connection> > > > > > The opensips.cfg is configured as following:> > disable_tls = no> > listen = tls:##OPENSIPSIP##:5061> > tls_verify_server = 0> > tls_verify_client = 0> > tls_require_client_certificate = 0> > tls_method = TLSv1> > tls_ca_list = "/product/opensips//etc/opensips/tls/dario/dario-calist.pem"> > tls_certificate = "/product/opensips//etc/opensips/tls/user/user-cert.pem"> > tls_private_key = > > "/product/opensips//etc/opensips/tls/user/user-privkey.pem"> > tls_ciphers_list="RC4-MD5"> > > > route{> > > > if(is_present_hf("X-WeSIP-SPIRAL")){> > log("\nSPIRAL!!!\n");> > t_relay("tls:EDGEIP:5061");> > exit;}> > (on WESIP SPIRAL is equal TRUE)> > > > OPENSIPSIP is the CLIENT e EDGEIP is the SERVER> > > > > > Using Open SSL the connection is OK> > openssl s_client -connect EDGEIP:5061 -ssl2 -CAfile > > /product/opensips_dev/etc/opensips/tls/user/user-calist.pem -cipher > > RC4-MD5> > > > New, TLSv1/SSLv3, Cipher is RC4-MD5> > Server public key is 1024 bit> > SSL-Session:> > Protocol : TLSv1> > Cipher : RC4-MD5> > Session-ID: > > E708000007E4CC591AA8982939C17298FBEDF72E749C010EFFC39FBEB2D143A6> > Session-ID-ctx:> > Master-Key: > > 5835CA1877799D4B507AA31DB8DEA5F11D27DD077FE43F52DC9606ABF296AF6043402938E384FFF7B1485DC77D4D13D7> > Key-Arg : None> > Krb5 Principal: None> > Start Time: 1232205185> > Timeout : 7200 (sec)> > Verify return code: 0 (ok)> > > > Regards> > > >> >> > ------------------------------------------------------------------------> > Scoprilo insieme ai nuovi servizi Windows Live! Messenger 9: oltre le > > parole. <http://download.live.com/messenger/?mkt=it-it>> > ------------------------------------------------------------------------> >> > _______________________________________________> > Users mailing list> > Users at lists.opensips.org> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users> > >
_________________________________________________________________
Vai oltre le parole, scarica Messenger 2009!
http://download.live.com/?mkt=it-it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090120/92ba76b8/attachment-0001.htm
More information about the Users
mailing list