Hello,

 

  Everything works fine if I run Proxy without TLS disabled.

  I tried both TCP/UDP, it works fine.

 

  For TLS, Registration went fine however Proxy responds “513 Message too big” .

  I don’t see any wrong headers in the message.

 

  The length is almost same for TCP and TLS invite message, the only change is sip and sips.

 

 Any C file I need to modify?

 

 

Openser.conf

#

# $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $

#

# simple quick-start config script

#

 

# ----------- global configuration parameters ------------------------

 

debug=9            # debug level (cmd line: -dddddddddd)

#fork=yes

#log_stderror=no    # (cmd line: -E)

 

/* Uncomment these lines to enter debugging mode

fork=no

log_stderror=yes

*/

 

check_via=yes   # (cmd. line: -v)

dns=no          # (cmd. line: -r)

rev_dns=no      # (cmd. lineset sip register_timeout: -R)

port=5061

children=4

fifo="/tmp/openser_fifo"

 

 

#

# uncomment the following lines for TLS support

disable_tls = 0

listen = tls:158.218.105.138:5061

tls_verify = on

tls_require_certificate = on

tls_method = TLSv1

 

tls_certificate = "/home/mreddy/tools/cert.pem"

tls_private_key = "/home/mreddy/tools/priv.pem"

tls_ca_list = "/home/mreddy/tools/root_cert_fluffyCA.pem"

 

# ------------------ module loading ----------------------------------

 

# Uncomment this if you want to use SQL database

#loadmodule "/usr/local/lib/openser/modules/mysql.so"

 

loadmodule "/usr/local/lib/openser/modules/sl.so"

loadmodule "/usr/local/lib/openser/modules/tm.so"

loadmodule "/usr/local/lib/openser/modules/rr.so"

loadmodule "/usr/local/lib/openser/modules/maxfwd.so"

loadmodule "/usr/local/lib/openser/modules/usrloc.so"

loadmodule "/usr/local/lib/openser/modules/registrar.so"

loadmodule "/usr/local/lib/openser/modules/textops.so"

 

# Uncomment this if you want digest authentication

# mysql.so must be loaded !

#loadmodule "/usr/local/lib/openser/modules/auth.so"

#loadmodule "/usr/local/lib/openser/modules/auth_db.so"

 

# ----------------- setting module-specific parameters ---------------

 

# -- usrloc params --

 

#modparam("usrloc", "db_mode",   2)

 

 

# Uncomment this if you want to use SQL database

# for persistent storage and comment the previous line

#modparam("usrloc", "db_mode", 2)

#modparam("usrloc|auth_db", "db_url",  "dbtext:///tmp/openserdb")

 

# -- auth params --

# Uncomment if you are using auth module

#

#modparam("auth_db", "calculate_ha1", yes)

 

# If you set "calculate_ha1" parameter to yes (which true in this config),

# uncomment also the following parameter)

#modparam("auth_db", "password_column", "password")

 

# -- rr params --

# add value to ;lr param to make some broken UAs happy

modparam("rr", "enable_full_lr", 1)

 

# -------------------------  request routing logic -------------------

 

# main routing logic

 

route{

 

            # initial sanity checks -- messages with

            # max_forwards==0, or excessively long requests

            if (!mf_process_maxfwd_header("10")) {

                        sl_send_reply("483","Too Many Hops");

                        exit;

            };

#if 1

            if (msg:len >=  4096 ) {

                        sl_send_reply("513", "Message too big");

                        exit;

            };

#endif

            # we record-route all messages -- to make sure that

            # subsequent messages will go through our proxy; that's

            # particularly good if upstream and downstream entities

            # use different transport protocol

            if (!method=="REGISTER")

                        record_route();

 

            # subsequent messages withing a dialog should take the

            # path determined by record-routing

            if (loose_route()) {

                        # mark routing logic in request

                        append_hf("P-hint: rr-enforced\r\n");

                        route(1);

            };

 

            if (!uri==myself) {

                        # mark routing logic in request

                        append_hf("P-hint: outbound\r\n");

                        # if you have some interdomain connections via TLS

                        #if(uri=~"@tls_domain1.net") {

                        #          t_relay_to_tls("IP_domain1","port_domain1");

                        #          exit;

                        #} else if(uri=~"@tls_domain2.net") {

                        #          t_relay_to_tls("IP_domain2","port_domain2");

                        #          exit;

                        #}

                        route(1);

            };

 

            # if the request is for other domain use UsrLoc

            # (in case, it does not work, use the following command

            # with proper names and addresses in it)

            if (uri==myself) {

 

                        if (method=="REGISTER") {

 

                                    # Uncomment this if you want to use digest authentication

                                    #if (!www_authorize("openser.org", "subscriber")) {

                                    #          www_challenge("openser.org", "0");

                                    #          exit;

                                    #};

 

                                    save("location");

                                    exit;

                        };

 

                        lookup("aliases");

                        if (!uri==myself) {

                                    append_hf("P-hint: outbound alias\r\n");

                                    route(1);

                        };

 

                        # native SIP destinations are handled using our USRLOC DB

                        if (!lookup("location")) {

                                    sl_send_reply("404", "Not Found");

                                    exit;

                        };

                        append_hf("P-hint: usrloc applied\r\n");

            };

 

            route(1);

}

 

 

route[1] {

            # send it out now; use stateful forwarding as it works reliably

            # even for UDP2TCP

            if (!t_relay()) {

                        sl_reply_error();

            };

            exit;

}

 

 

Thanks,

Murali Reddy

Texas Instruments