-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi! I saw that you use SSLv23, did you try to force TLSv1? That might be a solution... jeevan ravula wrote:
Hi Greg, I am sending my openser.cfg. Pls check it.I am able to register( without tls) with polycom phones.
Regards, jeevan
---------- Forwarded message ---------- From: Gregoire mlgg@hispeed.ch Date: Oct 16, 2006 4:24 PM Subject: Re: [Users] Registration of Polycom SoundPointIP phone with OpenSER To: jeevan ravula jeevanravula@gmail.com Cc: users@openser.org
Hi! Could you send your configuration file? Have you check your log on the server? If you disable TLS, does it work?
Regards
Greg
jeevan ravula wrote:
Hi Gregoire, Thank you for your help.My certificate has validity period of 1 year.I have some interesting observations to share
from what you said the clock wasn't the same for openser and polycom phone.Ihave set the clock of both openser and polycom phone to same.
The polycom phone got registered to openser.
Now I tried communicating b/w two polycom phones via openser(with TLS support).The call gets established randomly.Initially it was only in one direction but once managed to establish in other direction.
But once the phone gets registered to openser proxy,the time clock aspect is getting irrelavant.Because each time I boot from boot server the clock time changes to default settings but still manages to register with openser.
Even though both the polycom phones(soundpointIp 430) are register.I am unable to establish communication b/w them.The calling party call doesn't get forwarded to the callee.I am unable to understand the reason.Can you explain me if possible?
Thanks, Jeevan.
On 10/15/06, Gregoire mlgg@hispeed.ch wrote:
Hi! Have you check the validity of the certificate? When it begins, when it ends?Are the clock from Openser and the client the same or are they different from any hours?What ssldump give you as output?
Regards
Greg jeevan ravula wrote:
Hi all,
I am using Polycom SoundPointIP phone as User Agent.I want to
register
Polycom phone with OpenSER(with TLS support) server.Can anybody help me out in this regard?
I have generated my rootCA and given to polycom phone.The polycom phone does not accept certificate from openser server side.It shows bad certificate.
anybody who has used polycom phone earlier can help me out in this matter.I shall be greatful to them
Regards, Jeevan.
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
# # $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $ # # simple quick-start config script #
# ----------- global configuration parameters
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) listen = 172.21.67.46 # Add by Mohit on 7 Sep port=5060 children=4 fifo="/tmp/openser_fifo"
# # uncomment the following lines for TLS support disable_tls = 0 listen = tls:172.21.67.46:5061 tls_verify = 1 tls_require_certificate = 0 tls_method =SSLv23 #TLSv1 tls_certificate = "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-cert.pem" tls_private_key = "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-privkey.pem" tls_ca_list = "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-calist.pem" tls_handshake_timeout=119 tls_ciphers_list= "ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:KRB5-RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-RC4-SHA:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:ADH-DES-CBC3-SHA:ADH-RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:NULL-SHA:NULL-MD5" #"NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA" tls_send_timeout=121 #
------------------ module loading
# Uncomment this if you want to use SQL database #loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/local/lib/openser/modules/auth.so" #loadmodule "/usr/local/lib/openser/modules/auth_db.so"
# ----------------- setting module-specific parameters
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy #modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay_to_tls("IP_domain1","port_domain1"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay_to_tls("IP_domain2","port_domain2"); # exit; #} route(1); };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication #if (!www_authorize("openser.org", "subscriber")) { #www_challenge("openser.org", "0"); #exit; #};
save("location"); exit; };
lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };
route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }