[OpenSIPS-Users] Opensips fails to ESTABLISH TLS for non-slandered Secure SIP port

Ravitez Ravi ravitez.dondeti at gmail.com
Mon Nov 23 22:54:30 CET 2015


*Hello All,*
            OpenSIPS fails to establish TLS connection with far end which
is listening to non-standard secure SIP port (i.e., far end listening on
port other than 5061).

*Setup details:*
TLS client: OpenSIPS 1.11.5 running on RHEL 6.5
TLS client listen port: 5061
TLS client IP: 10.204.182.27
TLS server: Blink VOIP soft phone running on Windows 7 desktop
TLS server listen port: 5062
TLS server IP: 10.204.45.62

*Scenario:*
OpenSIPS is TLS client & Blink VOIP soft phone is TLS server.
OpenSIPS tries to initiate a TLS session & successfully establishes a TCP
connection:
• OpenSIPS/Client[49384] -> Blink/Server[5062] - TCP [SYN]
• Blink/Server[5062] -> OpenSIPS/Client[49384] – TCP [SYN, ACK]
• OpenSIPS/Client[49384] -> Blink/Server[5062] – TCP [ACK]
• OpenSIPS/Client[49384] -> Blink/Server[5062] – TCP [PSH, ACK]

*Expected to see OpenSIPS sending ‘Client Hello’ to Blink, however, I see
nothing here after. *
The OpenSIPS logs show the following:
INFO:core:probe_max_sock_buff: using snd buffer of 244 kb
INFO:core:init_sock_keepalive: -- TCP keepalive enabled on socket
DBG:core:print_ip: tcpconn_new: new tcp connection to: 10.204.45.62
DBG:core:tcpconn_new: on port 5062, type 3
DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
DBG:core:tls_tcpconn_init: name based TLS client domains are disabled
DBG:core:tls_tcpconn_init: no TLS client doman AVP set, looking for socket
based TLS client domain
DBG:core:tls_find_client_domain: virtual TLS client domain not found, Using
default TLS client domain settings
DBG:core:tls_tcpconn_init: found socket based TLS client domain [0.0.0.0:0]
DBG:core:tls_tcpconn_init: Setting in CONNECT mode (client)
DBG:core:tcp_send: sending...
DBG:core:tls_update_fd: New fd is 6
DBG:core:handle_ser_child: read response= 7f18813378a8, 2, fd 31 from 2
(8886)
DBG:core:tcpconn_add: hashes: 972, 1
DBG:core:io_watch_add: io_watch_add op on 31 (0x80ff80, 31, 2,
0x7f18813378a8,1), fd_no=25
*ERROR:core:tls_connect: SSL_ERROR_SYSCALL err=Success(0)*
*ERROR:core:tls_connect: New TLS connection to 10.204.45.62:5062
<http://10.204.45.62:5062> failed*
*ERROR:core:tls_connect: TLS error: 5 (ret=0) err=Success(0)         *
*DBG:core:handle_tcpconn_ev: data available on 0x7f18813378a8 31*
*DBG:core:tcp_send: after write: c= 0x7f18813378a8 n=-1 fd=6*
*DBG:core:io_watch_del: io_watch_del op on index -1 31 (0x80ff80, 31, -1,
0x0,0x1) fd_no=26 called*
*DBG:core:tcp_send: buf=*
*ERROR:core:tcp_send: failed to send*
*DBG:core:send2child: to tcp child 0 0(8892), 0x7f18813378a8 rw 1*
*ERROR:core:msg_send: tcp_send failed*
*DBG:core:handle_ser_child: read response= 7f18813378a8, -2, fd -1 from 2
(8886)*
*DBG:core:destroy_avp_list: destroying list (nil)*
*DBG:core:receive_msg: cleaning up*
DBG:core:tcpconn_destroy: delaying (0x7f18813378a8, flags 0002) ref = 1 ...
DBG:core:handle_io: We have received conn 0x7f18813378a8 with rw 1
DBG:core:io_watch_add: io_watch_add op on 18 (0x8100e0, 18, 2,
0x7f18813378a8,1), fd_no=1
DBG:core:io_watch_del: io_watch_del op on index -1 18 (0x8100e0, 18, -1,
0x10,0x1) fd_no=2 called
DBG:core:release_tcpconn:  releasing con 0x7f18813378a8, state -2, fd=18,
id=1
DBG:core:release_tcpconn:  extra_data 0x7f1881337a28
DBG:core:handle_tcp_child: reader response= 7f18813378a8, -2 from 0
DBG:core:tcpconn_destroy: destroying connection 0x7f18813378a8, flags 0002
DBG:core:tls_close: closing TLS connection



Please provide your comments..


Thanks&Regards,
Ravitez.D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20151123/a313b34d/attachment.htm>


More information about the Users mailing list