<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Hi Matt,<br>
<br>
Can you post of pastebin (or similar) the SIP capture showing the
incoming NOTIFY (via UDP) from Asterisk and the outgoing NOTIFY (supposedly
via TLS) to UAC ?<br>
Also the SUBSCRIBE request going from OpenSIPS to Asterisk will
help alot.<br>
<br>
Regards, <br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 30.08.2015 18:22, Matt Hamilton
wrote:<br>
</div>
<blockquote
cite="mid:DM3PR1201MB1118875E378A02A5B245F132B36C0@DM3PR1201MB1118.namprd12.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p><br>
</p>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
We use Opensips (with TLS) as a dispatcher to multiple
Asterisk servers. Currently we are in the process of
upgrading from 1.7.1 to 1.11.5, and we ran into a discrepancy
between 1.7.1 and 1.11.5 regarding SIP NOTIFY messages.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
Here is the flow (both ways):</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
UAC (TLS) -> Opensips (UDP)-> Asterisk </div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<span style="font-size: 12pt;">Asterisk </span><span
style="font-size: 12pt;"> (UDP)</span><span
style="font-size: 12pt;"> -> Opensips (</span><span
style="font-size: 12pt;">TLS</span><span style="font-size:
12pt;">)-> UAC</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<span style="font-size: 12pt;"><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
In 1.7.1, all messages between Opensips and UAC were
encrypted - didn't matter if it was originated at UAC or
Asterisk.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
In 1.11.5, the SIP NOTIFY messages coming from Asterisk are
sent to UAC unencrypted (and not accepted by UAC). Here is
the request that Opensips receives and sends to the UAC in
plaintext:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
face="Calibri, Arial, Helvetica, sans-serif">Request-Line:
NOTIFY <a class="moz-txt-link-abbreviated" href="mailto:sip:101@1.2.3.4:5075;transport=tls;nat=yes">sip:101@1.2.3.4:5075;transport=tls;nat=yes</a> SIP/2.0</font><br>
</div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
face="Calibri, Arial, Helvetica, sans-serif">Anything we can
do to have that leg encrypted as well?</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
face="Calibri, Arial, Helvetica, sans-serif">Thanks,</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
face="Calibri, Arial, Helvetica, sans-serif">Matt</font></div>
<div><font face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>