THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#245 - kamailio tls debug error
User who did this - Klaus Darilion (klaus3000)
----------
I found this thread about "bad record mac": https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/-X…
"Well, textbook explanation of SSL is not short, but once the connection is established, each party will have a set keys composed of a MAC key (message authentication code) and an encryption key. Within the SSL record, the payload is encrypted, and the MAC is basically a hash of the MAC Key + data + sequence + nonce + etc (I don’t remember the exact list of parameters that are authenticated by the MAC off the top of my head).
Also, at the end of the handshake, there is a final exchange of the MAC of all of the Records sent before the connection was “settled”.
If any of the items of the SSL Record change the client will be able to detect that because the MAC will not match. First place I would look is at the firewall logs, or maybe any app (such as HIDS/NIDS) that might be doing something to the packet."
So maybe there is really somebody modifying packets, or openSSL uses a wrong key for MAC checks, or maybe has some other problem during MAC checking and produces this incorrect error.
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=245#comment721
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#245 - kamailio tls debug error
User who did this - Shaobin.Feng (saxon_leo)
----------
tcpdump package,filter by src public ip and port(which could be got in error log).
==========================
step1 : client hello
step2 : server hello with certificate
step3 : client key exchange
step4 : Alert(leve:fatal description:bad record mac)
.... then server send fin close connection
---------------------------------------------------
Any suggestion,any advice would be nice!
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=245#comment720
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#245 - kamailio tls debug error
User who did this - Shaobin.Feng (saxon_leo)
----------
restart 4 servers, one of them debug error now !-----------
----------------------log------------------
Jul 23 08:53:57 vm-sipserver4 /usr/local/sbin/kamailio[16560]: INFO: TLS_TRACE: tls [tls_server.c:915]: (0x7f107ec6b758, 0x7fffca493270 (0)) start (xxx.xxx.xxx.xxx:14203 -> xx.xxx.xxx.xxx:5061*)
Jul 23 08:53:57 vm-sipserver4 /usr/local/sbin/kamailio[16560]: INFO: TLS_TRACE: tls [tls_server.c:970]: (0x7f107ec6b758, 0x7fffca493270) tcp_read_data(..., 4095, *1) => 126 bytes
Jul 23 08:53:57 vm-sipserver4 /usr/local/sbin/kamailio[16560]: INFO: TLS_TRACE: tls [tls_server.c:1030]: (0x7f107ec6b758, 0x7fffca493270) tls_accept() => -1 (err=1)
Jul 23 08:53:57 vm-sipserver4 /usr/local/sbin/kamailio[16560]: INFO: TLS_TRACE: tls [tls_server.c:1114]: (0x7f107ec6b758, 0x7fffca493270) tcpconn_send_unsafe 7 bytes
Jul 23 08:53:57 vm-sipserver4 /usr/local/sbin/kamailio[16560]: ERROR: tls [tls_server.c:1174]: TLS accept:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Jul 23 08:53:57 vm-sipserver4 /usr/local/sbin/kamailio[16560]: INFO: TLS_TRACE: tls [tls_server.c:1331]: (0x7f107ec6b758, 0x7fffca493270) end error => 0 (*flags=1)
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=245#comment719
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
Module: sip-router
Branch: master
Commit: 9a4b9061387ac88c9c0db7945b41c8a24986b7bc
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9a4b906…
Author: Dragos Dinu <dragos.dinu(a)1and1.ro>
Committer: Marius Zbihlei <marius.zbihlei(a)1and1.ro>
Date: Fri Jul 20 10:48:48 2012 +0300
modules/sipcapture: Extended sipcapture to support multiple tables
The sipcapture module can support storing the information to multiple sql tables.
Tests have shown that a major bottleneck against scalability on multi core CPU of
the capture node instance was caused by using a single MySQL Table.
The frontend (HOMER) will be soon patched to support retrieval of data from multiple
sources.
The decision to select witch table is written to, can be configured from random,
round robin or hashing via username or callid.
---
modules/sipcapture/README | 170 ++++++++++++++++-----------
modules/sipcapture/doc/sipcapture_admin.xml | 43 +++++++-
modules/sipcapture/hash_mode.c | 129 ++++++++++++++++++++
modules/sipcapture/hash_mode.h | 61 ++++++++++
modules/sipcapture/sipcapture.c | 163 +++++++++++++++++++-------
modules/sipcapture/sipcapture.h | 41 +++++++
6 files changed, 495 insertions(+), 112 deletions(-)
Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=9a4…
Hello,
Kamailio v3.2.4 is out -- this is a minor release packaged from previous
stable branch, GIT 3.2. Anyone running 3.2.x should update to it in
order to benefit of latest fixes, there is no change required to be done
in database structure or configuration file, just re-install over the
old deployment. As usual, a backup is recommended to be in the safe side.
More details about this release at:
* http://www.kamailio.org/w/2012/07/kamailio-v3-2-4-released/
New installations should start with latest stable series 3.3.x, at this
time latest Kamailio version being v3.3.0.
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.comhttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw
Module: sip-router
Branch: 3.2
Commit: 77b748b0cfe28045b031951bbe13a42e6c7e39f9
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=77b748b…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: Thu Jul 19 15:16:44 2012 +0200
ChangeLog: content updated for v3.2.4
---
ChangeLog | 231 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 231 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e03c319..e02570b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,234 @@
+===================== 2012-07-19 Version 3.2.4 Released =====================
+
+===================== Changes Since Version 3.2.3 ===========================
+
+
+commit f62b84d38bc3906e9a0fb1ad1758c8fc865e6856
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Thu Jul 19 15:14:05 2012 +0200
+
+ Makefile.defs: version set to 3.2.4
+
+commit 3a40a629e069128e26bb8f34635a3ea6cebd5ab8
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Thu Jul 19 15:08:11 2012 +0200
+
+ pkg/kamailio: set version 3.2.4 for rpm specs
+
+commit 827a01362a5ef7e42fb6746675768941a3c8b6ec
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Thu Jul 19 15:06:56 2012 +0200
+
+ pkg/kamailio: set version 3.2.4 for deb specs
+
+commit 0d3f45636a075301b0809566f00a523ddf68cf52
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Wed Jul 18 19:00:38 2012 +0200
+
+ tls: set function to return the id
+
+ - starting with v1.0.0 openssl does not use anymore getpid(), but address
+ of errno which can point to same virtual address in a multi-process
+ application
+ - for refrence http://www.openssl.org/docs/crypto/threads.html
+ - credits to Jijo on sr-dev mailing list
+ (cherry picked from commit 0615826fe602c5183fbc7be7c51de5eb5eb7223c)
+
+commit 6e0030828faccceaaa1238e2f4c83d97287a4492
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Mon Jun 25 10:36:31 2012 +0200
+
+ dispatcher(k): allow set id 0 for OPTIONS callback
+
+ - set id is provided in param pointer address, 0 being equivalent to
+ NULL
+ - reported by Avi Brender
+ (cherry picked from commit 2664cb9aa8ffd5d26ef6a0841318ccbcdefbf69b)
+
+commit 0e9f7bf5e7085121df75f3e07cd6aaff49280964
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Fri Jun 1 09:06:33 2012 +0200
+
+ core: Via parser allows generic parameters without value separated by white spaces and semicolon
+
+ - reported by Iñaki Baz Castillo, closes FS#127
+ (cherry picked from commit 362b6f134c5ab408d6bb492e2492bcfc5bab4996)
+
+commit 1bcfd20e73aa90b53639aa5f2e5485f1303c6f34
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Thu May 31 14:44:19 2012 +0200
+
+ core/select: fixed @via... without header index
+
+ - reported by Iñaki Baz Castillo, fixes FS#138
+ (cherry picked from commit 511841b7bcdc7f5cc72775942ecf6b11525aad82)
+
+commit b7787ed1ae6fdee66ec24285de3c841349406a97
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Fri Apr 20 15:35:49 2012 +0200
+
+ tm: reset T if t_continue() resumes a canceled transaction
+
+ - when the suspended transaction was already canceled, and t_continue
+ was executed before transaction was destroyed, global variable T was
+ left set, causing an extra unref by post script callback
+ (cherry picked from commit 00193f5e1f0e9e12b55c50d33eaf6f3d32e8bb92)
+
+commit 2a00c6d6439d9528c0445a8b1596a0c932623970
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Mon Jun 25 18:36:18 2012 +0200
+
+ dialog(k): proper unlock of profile for mi list command
+
+ - the profile was unlocked in a wrong place, before finishing listing
+ the its content and could cause a race in accessing it
+ - reported by Ricardo Martinez
+ (cherry picked from commit 3a2e929c63c656fe2db78e746546af05c66740ea)
+
+commit 72899d84896a32d6a1598e3a4b2db61da4283327
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Fri Jun 15 17:17:07 2012 +0200
+
+ dialog(k): proper local linking of profile before dlg is created
+
+ - reported by Nick R.
+ (cherry picked from commit 80c4f4b1d9ff31e79c999b82db35c3b9abc56e22)
+
+commit 231017d40132dd2d2e21d715d12101ed67b51d45
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Wed Jun 13 11:51:57 2012 +0200
+
+ drouting: reset the content of routing tree if root pointer is not freed
+
+ - reported by Yufei Tao
+ (cherry picked from commit c737ff95bb2e742981d81088169baa60d4605b85)
+
+commit cc952f8469dea60b9e7f0e70063046f086a2866f
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Wed Jun 13 16:33:17 2012 +0200
+
+ usrloc(k): safety check for first record in udomain slot
+
+ - reported by David Kovarik, FS#234
+ (cherry picked from commit 31f404a98b09b5a6270e860574b16c9f9112c305)
+
+commit c2702ae573385493e4ddae50568a5842af9dcfcf
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Fri Jun 1 11:34:20 2012 +0200
+
+ nathelper(k): remove maddr param in fix_nated_contact()
+
+ - if maddr exists, it makes no sense anymore if the contact uri is
+ changed by the proxy
+ - reported by Morten Isaksen
+ (cherry picked from commit c3caaa4c12f76c77381c6a0afc8688bc38b16999)
+
+commit 85b304f2bba2b0bb239ad52a071e32deba9b07c1
+Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com>
+Date: Tue Jun 12 02:01:10 2012 +0100
+
+ modules/tls: Fixed log level and diagnostic typo
+
+ - Fix by Hugh Waite @ Crocodile RCS Ltd
+ (cherry picked from commit 3d3b1daf319fe87b880671cd5de9a2a6ace6c64b)
+
+commit b9726b9fb4538c74ce898c28fdee962f2cf22853
+Author: Anca Vamanu <anca.vamanu(a)1and1.ro>
+Date: Wed Jun 6 15:49:57 2012 +0300
+
+ modules_k/registrar Fixed memory leak in reg_fetch_contacts()
+ (cherry picked from commit ac28b3b8dd34cfac290f1941a575841261c9ed97)
+
+commit 9b865030e61596b6f6b4dda2aaee0a1199f9fcec
+Author: Jon Bonilla <manwe(a)aholab.ehu.es>
+Date: Sun Jun 3 20:03:13 2012 +0200
+
+ pkg/deb Remove purple from Ubuntu 12.04 build
+
+commit ef680fefff53e692aafbbfb4adfd366b3b0d2f5a
+Author: Jon Bonilla <manwe(a)aholab.ehu.es>
+Date: Sat Jun 2 22:20:34 2012 +0200
+
+ pkg/deb Add ubuntu 12.04 debian folder
+
+commit 8446a650df06e68c4f7ca4bb6bb2b668ba3c4a30
+Author: Jon Bonilla <manwe(a)aholab.ehu.es>
+Date: Wed May 30 01:44:50 2012 +0200
+
+ pkd/deb Remove lua and Add redis to wheezy build
+ (cherry picked from commit f5a60cb91ecb701681b7ef0a29d5f1b0bb503908)
+
+commit 850afebb30470a075423d0e721b678d82261d1be
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Thu May 17 08:19:10 2012 +0200
+
+ rtpproxy: handle UPDATE in rtpproxy_manage()
+
+ - UPDATE can carry SDB body
+ - reported by Spencer Thomason
+ (cherry picked from commit 24ff0d9aa060d183fbe40b1fcb5910d60940585b)
+
+commit c554684986be936ae1d76513fdc7202b0c117db9
+Author: Juha Heinanen <jh(a)tutpro.com>
+Date: Wed May 9 07:42:14 2012 +0300
+
+ modules_k/auth_radius: fixed typo in README
+
+ - Fixed authorization return code for authorization failed. It should
+ be 2 instead of 3. Reported by Ricardo Martinez.
+ (cherry picked from commit 7665aefc966409588cca8e2a70d8a03e4d7a6fa1)
+
+commit d22d83bfca84f4e50169859eafb23f6b89a91350
+Author: Anca Vamanu <anca.vamanu(a)1and1.ro>
+Date: Fri May 4 11:45:05 2012 +0300
+
+ modules_k/dialog Fixed 2 macros for dialog state with same value
+
+commit 176f35cc78167267524724b432abad74c7218a35
+Author: Anca Vamanu <anca.vamanu(a)1and1.ro>
+Date: Wed Apr 25 15:06:52 2012 +0300
+
+ modules_k/presence Safety check for malformed Subscribe
+
+ Subscribe with header 'Contact: *' caused crash in presence.
+
+commit 11ca33836fdd33d7c3d36c4f1acc6c6782edfb5d
+Author: Marius Zbihlei <marius.zbihlei(a)1and1.ro>
+Date: Wed Apr 25 14:54:31 2012 +0300
+
+ modules/sipcapture: Fixed crash in case contact was "*"
+
+commit 349969b5a91744eebd7c269cb747d2332245df6e
+Author: Henning Westerholt <hw(a)kamailio.org>
+Date: Mon Apr 23 18:21:46 2012 +0200
+
+ userblacklist(k): fix some doc errors, pointed out from Daniel Vukicevic, daniel at vukicevic dot com
+ (cherry picked from commit 7fc5aa2c050379063212c4bb5f06697e8a97c665)
+
+commit 91b6dd8d1fbf649e6fe3075f59ae92892fb6cb1f
+Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com>
+Date: Fri Apr 20 14:15:36 2012 +0100
+
+ modules/db_postgres: Fixed copy-and-paste error in module documentation
+ (cherry picked from commit c5a51e4236498cfe3ca31c8aae96d3b422a9da23)
+
+commit da0eff88c7467365e9f7300960baee5aac36f27a
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Fri Apr 20 09:42:39 2012 +0200
+
+ presence_xml: updates to docs to refer to embedded xcap server
+ (cherry picked from commit 171f560f768b43e140c24b6cc4823a92f13b2f05)
+
+commit 5fefe8457bd9e7b5a35aa0fc3816290ca0964576
+Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
+Date: Fri Apr 20 09:28:44 2012 +0200
+
+ xcap_client: set table version to 4
+
+ - reported by Gnaneshwar Gatla
+ (cherry picked from commit ab36b2b10e2f99ab584ec916bccc2a40c4fa394f)
+
+
===================== 2012-04-19 Version 3.2.3 Released =====================
===================== Changes Since Version 3.2.2 ===========================
