<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Hi Damien,<br>
<br>
IMHO, in most of the cases, the subscription is generated by the
party interested to receive the notifications, so the contact in
SUBSCRIBE will match the source address of the SUBSCRIBE requests.
<br>
To be honest, I never came across a kind of third-party
subscription scenario. <br>
<br>
Anyhow, your comment is fully correct, I do thank you for the
reminder on looking into the connection reusage cases. <br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 31.08.2015 12:29, Damien Sandras
wrote:<br>
</div>
<blockquote cite="mid:1441013353.13981.2.camel@seconix.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div>Hi Bogdan,</div>
<div><br>
</div>
<div>I'm not sure about that (see our previous discussions about
connection reuse).</div>
<div><br>
</div>
<div>It will only reuse the active SUBSCRIBE TCP connection if the
Contact header of the SUBSCRIBE indicates the same IP/port than
the one used to create the outbound SUBSCRIBE TCP connection.
That is rarely the case.</div>
<div><br>
</div>
<div>Or am I missing something ?</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Le lundi 31 août 2015 à 12:17 +0300, Bogdan-Andrei Iancu a
écrit :</div>
<blockquote type="cite"> <tt>Hi Bogdan,<br>
<br>
If the conn with B is still alive (the one created by
SUBSCRIBE requests), it should be reused when OpenSIPS has to
send the NOTIFY. Have you enabled the tcp aliases ?<br>
<br>
If still a problem, can you make a log (with debug 6) when the
NOTIFY is to be send + a listing from list_tcp_conns ?<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 28.08.2015 20:53, Bogdan Chifor
wrote:<br>
</div>
<blockquote
cite="mid:CAGP9oUXuN_HtuJnyr6H1s2=RK=+z_63Un7dLPFBFV2z2pJY+Zw@mail.gmail.com"
type="cite">
<div dir="ltr">Hello,
<div><br>
</div>
<div style="">I have a question regarding the following
scenario:</div>
<div style=""><br>
</div>
<div style="">1. I have two devices connected to the server
via two-way TLS(TCP).</div>
<div style=""> 1.1 Device A is behind a NAT</div>
<div style=""> 1.2 Device B is directly connected to the
server</div>
<div style=""><br>
</div>
<div style="">2. Device B subscribes to the presence of
device A.</div>
<div style=""><br>
</div>
<div style="">3. Device A gets offline and the server
generates a NOTIFY message to be sent to device B.</div>
<div style=""><br>
</div>
<div style="">4. The server does not find an existing tcp
connection (from the logs), even though the socket is
visible if the "opensipsctl fifo list_tcp_conns" or
"netstat" commands are used.</div>
<div style=""><br>
</div>
<div style="">5. Because the server does not find an
existing connection it initiates one (TLS). After that the
proto tls module logs the following error:
"NOTICE:proto_tls:verify_callback: verify
error:num=26:unsupported certificate purpose".</div>
<div style=""><br>
</div>
<div style="">6. This error is normal because device B does
not have a certificate with server authentication extended
key usage, it has only the client authentication extended
key usage (as normal). </div>
<div style=""><br>
</div>
<div style="">What is the reason behind the start of the new
connection and how should I handle this issue?</div>
<div style=""><br>
</div>
<div style="">This is my proto_tls config:</div>
<div style=""><br>
</div>
<div style="">
<div><b>modparam("proto_tls", "verify_cert", "1")</b></div>
<div><b>modparam("proto_tls", "require_cert", "1")</b></div>
<div><b>modparam("proto_tls", "tls_method", "TLSv1")</b></div>
<div><b>modparam("proto_tls", "certificate", "...")</b></div>
<div><b>modparam("proto_tls", "private_key", "...")</b></div>
<div><b>modparam("proto_tls", "ca_list", "...")</b><br>
</div>
<div><b>modparam("proto_tls", "ca_dir", "...")</b></div>
<div><br>
</div>
</div>
<div style=""><br>
</div>
<div style="">Any help is appreciated.</div>
<div style=""><br>
</div>
<div style="">Best regards,</div>
<div style=""><br>
</div>
<div style="">Bogdan.</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a moz-do-not-send="true" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<div class="-x-evo-signature-wrapper"><span>-- <br>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="GENERATOR" content="GtkHTML/4.8.5">
<font color="#000000">Damien SANDRAS</font><br>
<br>
<b><font color="#f57925">Ekiga Project</font></b> <br>
<font color="#808080"><a moz-do-not-send="true"
href="http://www.ekiga.org">http://www.ekiga.org</a></font>
</span></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>