Re: [OpenSER-Users] TLS problem.

Hi, it is recommended to enable multi-process mode in the config-file for an adequate function of OpenSER with TLS (fork=yes). Your log shows that OpenSER is not able to open the Socket for TLS, which is, as far as I know, due to the fact that no child process could have been started for that socket. Btw: Last year I set up an environment with MiniSIP as well where everything worked well, referring to the descriptions in the TLS-tutorial. Regards PC fengbin schrieb: Hi,all I met a strange problem while I am testing TLS connection between minisip and openser. The following is my openser.cfg (part of that) ......... fork=no log_stderror=yes # Uncomment this to prevent the blacklisting of temporary not available destinations #disable_dns_blacklist=yes # # Uncomment this to prevent the IPv6 lookup after v4 dns lookup failures #dns_try_ipv6=no # uncomment the following lines for TLS support disable_tls = 0 listen = tls:10.11.57.197:5060 tls_verify_client = 1 tls_method = TLSv1 tls_certificate = "/usr/local/etc/openser//tls/user/user- cert.pem" tls_private_key = "/usr/local/etc/openser//tls/user/user-privkey.pem" tls_ca_list = "/usr/local/etc/openser//tls/user/user-calist.pem" tls_ciphers_list="NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA" ...... When I set "tls:10.11.57.197:5061" the registration never succeed. But if I set it to 5060 the registration over TLS is OK. I compared the log of two scenarioes and found the TLS session both are OK,but the difference is that: when the port is 5061 there is an error of forwarding. but the forwarding is because openser think it's not the destination of the registration request. See bellow: Jan 10 16:46:56 [9199] DBG:rr:after_loose: No next URI found Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if host==us: 12==12 && [10.11.57.197] == [10.11.57.197] Jan 10 16:46:56 [9199] DBG:core:grep_sock_info: checking if port 5061 matches port 5060 Jan 10 16:46:56 [9199] DBG:core:check_self: host != me Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff Jan 10 16:46:56 [9199] DBG:tm:t_newtran: T on entrance=0xffffffff Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=ffffffffffffffff Jan 10 16:46:56 [9199] DBG:core:parse_headers: flags=78 Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: start searching: hash=58073, isACK=0 Jan 10 16:46:56 [9199] DBG:tm:matching_3261: RFC3261 transaction matching failed Jan 10 16:46:56 [9199] DBG:tm:t_lookup_request: no transaction found Jan 10 16:46:56 [9199] DBG:core:mk_proxy: doing DNS lookup... Jan 10 16:46:56 [9199] ERROR:tm:update_uac_dst: failed to fwd to af 2, proto 1 (no corresponding listening socket) Jan 10 16:46:56 [9199] ERROR:tm:t_forward_nonack: failure to add branches With comparition to that when the port is set to 5060 the trace is : Jan 10 17:07:59 [9410] DBG:rr:find_next_route: No next Route HF found Jan 10 17:07:59 [9410] DBG:rr:after_loose: No next URI found Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12 && [10.11.57.197] == [10.11.57.197] Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060 matches port 5060 Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if host==us: 12==12 && [10.11.57.197] == [10.11.57.197] Jan 10 17:07:59 [9410] DBG:core:grep_sock_info: checking if port 5060 matches port 5060 Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=8000000 Jan 10 17:07:59 [9410] DBG:core:parse_headers: flags=ffffffffffffffff Jan 10 17:07:59 [9410] DBG:registrar:build_contact: created Contact HF: Contact: <sip:888@10.11.57.192:5061;transport=TLS>;expires=1000 And there is no fwd needed then.So the error didnt occur. Its a little bit strange that when I set the port to 5061,why did openser check the port 5060????? Can anyone help me to figure it out? THX BR -- Fengbin ------------------------------ _______________________________________________ Users mailing listUsers@lists.openser.orghttp://lists.openser.org/cgi-bin/mailman/listinfo/users -- Christian Prechtl A-1100 Wien Kundratstraße 16/3/4/62 Mobile: +43 664 5205764sip:8656261@sipgate.atCallto:c.prechlmailto:christian.prechtl@gmx.net &lt;christian.prechtl(a)gmx.net&gt;