<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Hi Matt,<br>
<br>
You mean the force_send_socket() you do for the initial INVITE ?
or ?<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 03.09.2015 17:19, Matt Hamilton
wrote:<br>
</div>
<blockquote
cite="mid:DM3PR1201MB11183619A8061F098C6C1ADDB3680@DM3PR1201MB1118.namprd12.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p><br>
</p>
Hi Bogdan,<br>
<br>
This issue is seems to be related to force_send_socket which
behaves differently in 1.11 vs 1.7. To make it work, I had to
explicitly specify the port and and the proto (for
force_send_socket) based on "transport=tls" statement and the
direction of the traffic.<br>
<br>
Matt<br>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
color="#000000" face="Calibri, sans-serif"><b>From:</b>
Bogdan-Andrei Iancu <a class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a><br>
<b>Sent:</b> Monday, August 31, 2015 4:19 PM<br>
<b>To:</b> OpenSIPS users mailling list; Matt Hamilton<br>
<b>Subject:</b> Re: [OpenSIPS-Users] TLS discrepancy
between 1.7.1 and 1.11.5</font>
<div> </div>
</div>
<div><tt>Hi Matt,<br>
<br>
Indeed, the SIP messages do look ok.<br>
<br>
Could you post the OpenSIPS logs (in debug 4) for
processing the NOTIFY request ?<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" title="Ctrl+Click or tap to follow the link" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 31.08.2015 20:07, Matt
Hamilton wrote:<br>
</div>
<blockquote type="cite">
<div id="divtagdefaultwrapper" style="font-size:12pt;
color:#000000; background-color:#FFFFFF;
font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi Bogdan,</p>
<p><br>
</p>
<p>Pastebin link is <a moz-do-not-send="true"
id="LPlnk865729" href="http://pastebin.com/tM7zqTKX">http://pastebin.com/tM7zqTKX</a></p>
<p><br>
</p>
<p>I included both 1.7.1 and 1.11 captures. I don't see
a difference between them other than 1.11 sending the
NOTIFY to UAC unencrypted. </p>
<p>Btw, INVITEs seems to be behaving the same way as
NOTIFY (don't have a capture for those - I assume the
issue is the same).
</p>
<p><br>
</p>
<p>Btw, TLS works fine between Opensips 1.11 and the
phone (OK messages, etc. are encrypted). </p>
<p><br>
</p>
<p>Thanks,</p>
<p>Matt<br>
</p>
<p><br>
</p>
<div id="LPBorder_GT_14410401972370.8445848218100495"
style="margin-top:20px; margin-bottom:20px;
overflow:auto; width:100%">
<table
id="LPContainer_14410401972340.5586958453477071"
style="border-top:1px solid rgb(204,204,204);
border-bottom:1px solid rgb(204,204,204); width:80%;
background-color:rgb(255,255,255); overflow:auto">
<tbody>
<tr valign="top">
<td colspan="1"
id="ImageCell_14410401972350.25229675325672773"
style="width:140px; display:table-cell;
padding:0px">
<div
id="LPImageContainer_14410401972350.22776678362093794"
style="margin-top:12px;
background-color:rgb(255,255,255);
height:auto; width:140px; display:table">
<a moz-do-not-send="true" target="_blank"
href="http://pastebin.com/tM7zqTKX"
id="LPImageAnchor_14410401972360.9279506207725204"
style="display:table-cell;
text-align:center"><img
moz-do-not-send="true"
style="display:inline-block;
margin-left:auto; margin-right:auto;
max-width:140px; max-height:140px;
height:140px; width:140px;
border-width:0px"
src="http://pastebin.com/i/fb2.jpg"
height="140" width="140"></a></div>
</td>
<td>
<div
id="LPTitle_14410401972370.6280544602592454"
style="">Opensips TLS - Pastebin.com</div>
<div
id="LPUrlContainer_14410401972370.2557659588497925"
style="margin:8px 14px 10px; height:18px;
text-overflow:ellipsis; overflow:hidden;
white-space:nowrap">
<a moz-do-not-send="true" target="_blank"
href="http://pastebin.com/tM7zqTKX"
id="LPUrlAnchor_14410401972370.691789212973732"
style="">Read more...</a></div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<div style="color:rgb(0,0,0)">
<hr tabindex="-1" style="display:inline-block;
width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt" color="#000000"
face="Calibri, sans-serif"><b>From:</b>
Bogdan-Andrei Iancu
<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:bogdan@opensips.org"><bogdan@opensips.org></a><br>
<b>Sent:</b> Monday, August 31, 2015 5:21 AM<br>
<b>To:</b> OpenSIPS users mailling list; <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:mistral9999@hotmail.com">
mistral9999@hotmail.com</a><br>
<b>Subject:</b> Re: [OpenSIPS-Users] TLS
discrepancy between 1.7.1 and 1.11.5</font>
<div> </div>
</div>
<div><tt>Hi Matt,<br>
<br>
Can you post of pastebin (or similar) the SIP
capture showing the incoming NOTIFY (via UDP) from
Asterisk and the outgoing NOTIFY (supposedly via
TLS) to UAC ?<br>
Also the SUBSCRIBE request going from OpenSIPS to
Asterisk will help alot.<br>
<br>
Regards, <br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 30.08.2015 18:22,
Matt Hamilton wrote:<br>
</div>
<blockquote type="cite">
<div id="divtagdefaultwrapper"
style="font-size:12pt; color:#000000;
background-color:#FFFFFF;
font-family:Calibri,Arial,Helvetica,sans-serif">
<p><br>
</p>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
We use Opensips (with TLS) as a dispatcher to
multiple Asterisk servers. Currently we
are in the process of upgrading from 1.7.1 to
1.11.5, and we ran into a discrepancy between
1.7.1 and 1.11.5 regarding SIP NOTIFY
messages.</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
Here is the flow (both ways):</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
UAC (TLS) -> Opensips (UDP)->
Asterisk </div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<span style="font-size:12pt">Asterisk </span><span
style="font-size:12pt"> (UDP)</span><span
style="font-size:12pt"> -> Opensips
(</span><span style="font-size:12pt">TLS</span><span
style="font-size:12pt">)-> UAC</span></div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<span style="font-size:12pt"><br>
</span></div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
In 1.7.1, all messages between Opensips and
UAC were encrypted - didn't matter if it was
originated at UAC or Asterisk.</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
In 1.11.5, the SIP NOTIFY messages coming from
Asterisk are sent to UAC unencrypted (and not
accepted by UAC). Here is the request that
Opensips receives and sends to the UAC in
plaintext:</div>
<div
style="font-family:Calibri,Arial,Helvetica,sans-serif;
margin-top:0px; margin-bottom:0px">
<br>
</div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif">Request-Line:
NOTIFY
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:sip:101@1.2.3.4:5075;transport=tls;nat=yes">
sip:101@1.2.3.4:5075;transport=tls;nat=yes</a>
SIP/2.0</font><br>
</div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif">Anything
we can do to have that leg encrypted as
well?</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif">Thanks,</font></div>
<div style="margin-top:0px; margin-bottom:0px"><font
face="Calibri, Arial, Helvetica, sans-serif">Matt</font></div>
<div><font face="Calibri, Arial, Helvetica,
sans-serif"><br>
</font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>