Hey, I got some trouble with tls support for opensips, I'm using two blink softphones, and i can't get them to communicate. <br>The communication between the client and the server is established, but when i make calls, i got the a not found error: <br>
<br>here's my configuration's file : <br><br>-------------------------------------------------------------------------------------------------------------------<br><br><br>debug=6<br>log_stderror=no<br>log_facility=LOG_LOCAL0<br>
<br>children=4<br><br>fork=yes<br>check_via=no<br>dns=no<br>rev_dns=no<br><br>disable_tls = no<br>listen = tls:<a href="http://157.159.50.158:5061">157.159.50.158:5061</a><br>listen = tcp:<a href="http://157.159.50.158:5062">157.159.50.158:5062</a><br>
listen = udp:<a href="http://157.159.50.158:5060">157.159.50.158:5060</a><br>alias = 157.159.50.158<br>tls_verify_server = 0<br>tls_verify_client = 0<br>tls_require_client_certificate = 0<br>tls_method = TLSv1<br>tls_certificate = "//etc/opensips/tls/user/user-cert.pem"<br>
tls_private_key = "//etc/opensips/tls/user/user-privkey.pem"<br>tls_ca_list = "//etc/opensips/tls/user/user-calist.pem"<br><br><br>####### Modules Section ########<br><br>#set module path<br>mpath="//lib/opensips/modules/"<br>
<br>/* uncomment next line for MySQL DB support */<br>#loadmodule "db_mysql.so"<br>loadmodule "signaling.so"<br>loadmodule "sl.so"<br>loadmodule "tm.so"<br>loadmodule "rr.so"<br>
loadmodule "maxfwd.so"<br>loadmodule "usrloc.so"<br>loadmodule "registrar.so"<br>loadmodule "textops.so"<br>loadmodule "mi_fifo.so"<br>loadmodule "uri.so"<br>loadmodule "acc.so"<br>
<br><br># ----------------- setting module-specific parameters ---------------<br><br><br># ----- mi_fifo params -----<br>modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")<br><br><br># ----- rr params -----<br>
# add value to ;lr param to cope with most of the UAs<br>modparam("rr", "enable_full_lr", 1)<br># do not append from tag to the RR (no need for this script)<br>modparam("rr", "append_fromtag", 0)<br>
<br># ----- uri params -----<br>modparam("uri", "use_uri_table", 0)<br><br><br># ----- acc params -----<br>/* what sepcial events should be accounted ? */<br>modparam("acc", "early_media", 1)<br>
modparam("acc", "report_ack", 1)<br>modparam("acc", "report_cancels", 1)<br>/* by default ww do not adjust the direct of the sequential requests.<br> if you enable this parameter, be sure the enable "append_fromtag"<br>
in "rr" module */<br>modparam("acc", "detect_direction", 0)<br>/* account triggers (flags) */<br>modparam("acc", "failed_transaction_flag", 3)<br>modparam("acc", "log_flag", 1)<br>
modparam("acc", "log_missed_flag", 2)<br>/* uncomment the following lines to enable DB accounting also */<br>modparam("acc", "db_flag", 1)<br>modparam("acc", "db_missed_flag", 2)<br>
<br><br>####### Routing Logic ########<br><br><br># main request routing logic<br><br>route{<br><br> if (!mf_process_maxfwd_header("10")) {<br> sl_send_reply("483","Too Many Hops");<br>
exit;<br> }<br><br> if (has_totag()) {<br> # sequential request withing a dialog should<br> # take the path determined by record-routing<br> if (loose_route()) {<br> if (is_method("BYE")) {<br>
setflag(1); # do accounting ...<br> setflag(3); # ... even if the transaction fails<br> } else if (is_method("INVITE")) {<br> # even if in most of the cases is useless, do RR for<br>
# re-INVITEs alos, as some buggy clients do change route set<br> # during the dialog.<br> record_route();<br> }<br> # route it out to whatever destination was set by loose_route()<br>
# in $du (destination URI).<br> route(1);<br> } else {<br> if ( is_method("ACK") ) {<br> if ( t_check_trans() ) {<br> # non loose-route, but stateful ACK; must be an ACK after <br>
# a 487 or e.g. 404 from upstream server<br> t_relay();<br> exit;<br> } else {<br> # ACK without matching transaction -><br> # ignore and discard<br>
exit;<br> }<br> }<br> sl_send_reply("404","Not here");<br> }<br> exit;<br> }<br><br> #initial requests<br><br> # CANCEL processing<br>
if (is_method("CANCEL"))<br> {<br> if (t_check_trans())<br> t_relay();<br> exit;<br> }<br><br> t_check_trans();<br><br><br> # preloaded route checking<br> if (loose_route()) {<br>
xlog("L_ERR",<br> "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");<br> if (!is_method("ACK"))<br> sl_send_reply("403","Preload Route denied");<br>
exit;<br> }<br><br> # record routing<br> if (!is_method("REGISTER|MESSAGE"))<br> record_route();<br><br> # account only INVITEs<br> if (is_method("INVITE")) {<br> setflag(1); # do accounting<br>
}<br> if (!uri==myself)<br> {<br> append_hf("P-hint: outbound\r\n"); <br> route(1);<br> }<br><br><br> if (is_method("PUBLISH"))<br> {<br> sl_send_reply("503", "Service Unavailable");<br>
exit;<br> }<br> <br><br> if (is_method("REGISTER"))<br> {<br><br> if (!save("location"))<br> sl_reply_error();<br><br> exit;<br> }<br><br> if ($rU==NULL) {<br>
# request with no Username in RURI<br> sl_send_reply("484","Address Incomplete");<br> exit;<br> }<br><br> # apply DB based aliases (uncomment to enable)<br> ##alias_db_lookup("dbaliases");<br>
<br> # do lookup with method filtering<br> if (!lookup("location","m")) {<br> switch ($retcode) {<br> case -1:<br> case -3:<br> t_newtran();<br> t_reply("404", "Not Found");<br>
exit;<br> case -2:<br> sl_send_reply("405", "Method Not Allowed");<br> exit;<br> }<br> }<br><br> # when routing via usrloc, log the missed calls also<br>
setflag(2);<br><br> route(1);<br>}<br><br><br>route[1] {<br> # for INVITEs enable some additional helper routes<br> if (is_method("INVITE")) {<br> t_on_branch("2");<br> t_on_reply("2");<br>
t_on_failure("1");<br> }<br><br> if (!t_relay()) {<br> sl_reply_error();<br> };<br> exit;<br>}<br><br><br><br>branch_route[2] {<br> xlog("new branch at $ru\n");<br>}<br><br>
<br>onreply_route[2] {<br> xlog("incoming reply\n");<br>}<br><br><br>failure_route[1] {<br> if (t_was_cancelled()) {<br> exit;<br> }<br><br>}<br><br>-------------------------------------------------------------------------------------------------------------<br>
<br>I gave to the client, the certificate :<br><br>//etc/opensips/tls/user/user-cert.pem<br>