<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Hi Matt,<br>
<br>
Indeed, the SIP messages do look ok.<br>
<br>
Could you post the OpenSIPS logs (in debug 4) for processing the
NOTIFY request ?<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 31.08.2015 20:07, Matt Hamilton
wrote:<br>
</div>
<blockquote
cite="mid:DM3PR1201MB1118F878E092A9DB056934F4B36B0@DM3PR1201MB1118.namprd12.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi Bogdan,</p>
<p><br>
</p>
<p>Pastebin link is <a moz-do-not-send="true" id="LPlnk865729"
href="http://pastebin.com/tM7zqTKX">http://pastebin.com/tM7zqTKX</a></p>
<p><br>
</p>
<p>I included both 1.7.1 and 1.11 captures. I don't see a
difference between them other than 1.11 sending the NOTIFY to
UAC unencrypted. </p>
<p>Btw, INVITEs seems to be behaving the same way as NOTIFY
(don't have a capture for those - I assume the issue is the
same).
</p>
<p><br>
</p>
<p>Btw, TLS works fine between Opensips 1.11 and the phone (OK
messages, etc. are encrypted). </p>
<p><br>
</p>
<p>Thanks,</p>
<p>Matt<br>
</p>
<p><br>
</p>
<div style="margin-top: 20px; margin-bottom: 20px; overflow:
auto; width: 100%;"
id="LPBorder_GT_14410401972370.8445848218100495">
<table style="border-top: 1px solid rgb(204, 204, 204);
border-bottom: 1px solid rgb(204, 204, 204); width: 80%;
background-color: rgb(255, 255, 255); position: relative;
overflow: auto;"
id="LPContainer_14410401972340.5586958453477071">
<tbody>
<tr valign="top">
<td colspan="1" style="width: 140px; position: relative;
display: table-cell; padding: 0px;"
id="ImageCell_14410401972350.25229675325672773">
<div style="margin-top: 12px; background-color:
rgb(255, 255, 255); height: auto; width: 140px;
position: relative; display: table;"
id="LPImageContainer_14410401972350.22776678362093794">
<a moz-do-not-send="true" target="_blank"
href="http://pastebin.com/tM7zqTKX"
style="display: table-cell; text-align: center;"
id="LPImageAnchor_14410401972360.9279506207725204"><img
moz-do-not-send="true" aria-label="Preview image
with link selected. Double-tap to open the
link." style="display: inline-block;
margin-left: auto; margin-right: auto;
max-width: 140px; max-height: 140px; height:
140px; width: 140px; border-width: 0px;"
src="http://pastebin.com/i/fb2.jpg" height="140"
width="140"></a></div>
</td>
<td>
<div style="top: 0px; margin-top: 8px; font-size:
21px; font-family:
"wf_segoe-ui_semilight","Segoe UI
Semilight","Segoe WP
Semilight","Segoe UI","Segoe
WP",Tahoma,Arial,sans-serif; color: rgb(51, 51,
51); margin-left: 14px; margin-right: 14px;"
id="LPTitle_14410401972370.6280544602592454">
Opensips TLS - Pastebin.com</div>
<div style="margin: 8px 14px 10px; height: 18px;
text-overflow: ellipsis; overflow: hidden;
white-space: nowrap;"
id="LPUrlContainer_14410401972370.2557659588497925">
<a moz-do-not-send="true" target="_blank"
href="http://pastebin.com/tM7zqTKX"
style="font-size: 11px; font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; text-decoration:
none;"
id="LPUrlAnchor_14410401972370.691789212973732">Read
more...</a></div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<div style="color: rgb(0, 0, 0);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
color="#000000" face="Calibri, sans-serif"><b>From:</b>
Bogdan-Andrei Iancu <a class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a><br>
<b>Sent:</b> Monday, August 31, 2015 5:21 AM<br>
<b>To:</b> OpenSIPS users mailling list;
<a class="moz-txt-link-abbreviated" href="mailto:mistral9999@hotmail.com">mistral9999@hotmail.com</a><br>
<b>Subject:</b> Re: [OpenSIPS-Users] TLS discrepancy
between 1.7.1 and 1.11.5</font>
<div> </div>
</div>
<div><tt>Hi Matt,<br>
<br>
Can you post of pastebin (or similar) the SIP capture
showing the incoming NOTIFY (via UDP) from Asterisk and
the outgoing NOTIFY (supposedly via TLS) to UAC ?<br>
Also the SUBSCRIBE request going from OpenSIPS to Asterisk
will help alot.<br>
<br>
Regards, <br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 30.08.2015 18:22, Matt
Hamilton wrote:<br>
</div>
<blockquote type="cite">
<div id="divtagdefaultwrapper" style="font-size:12pt;
color:#000000; background-color:#FFFFFF;
font-family:Calibri,Arial,Helvetica,sans-serif">
<p><br>
</p>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
We use Opensips (with TLS) as a dispatcher to multiple
Asterisk servers. Currently we are in the process of
upgrading from 1.7.1 to 1.11.5, and we ran into a
discrepancy between 1.7.1 and 1.11.5 regarding SIP
NOTIFY messages.</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
Here is the flow (both ways):</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
UAC (TLS) -> Opensips (UDP)->
Asterisk </div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<span style="font-size:12pt">Asterisk </span><span
style="font-size:12pt"> (UDP)</span><span
style="font-size:12pt"> -> Opensips (</span><span
style="font-size:12pt">TLS</span><span
style="font-size:12pt">)-> UAC</span></div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<span style="font-size:12pt"><br>
</span></div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
In 1.7.1, all messages between Opensips and UAC were
encrypted - didn't matter if it was originated at UAC
or Asterisk.</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
In 1.11.5, the SIP NOTIFY messages coming from
Asterisk are sent to UAC unencrypted (and not accepted
by UAC). Here is the request that Opensips receives
and sends to the UAC in plaintext:</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif">Request-Line:
NOTIFY
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:sip:101@1.2.3.4:5075;transport=tls;nat=yes">
sip:101@1.2.3.4:5075;transport=tls;nat=yes</a>
SIP/2.0</font><br>
</div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif">Anything
we can do to have that leg encrypted as well?</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif">Thanks,</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif">Matt</font></div>
<div><font face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>