7 Mar
2007
7 Mar
'07
12:59 a.m.
Hi
I have two questions.
1. Receiver(a)1.1.1.1 and Receiver(a)2.2.2.2 register with ser.
Client sends an INVITE to ser for Receiver.
ser forks these INVITES in parallel to both Receiver(a)1.1.1.1 and
Receiver(a)2.2.2.2.
As both Receivers are online, they both reply with 200 OK.
SER then relays BOTH 200 OK's back to the Client.
My question: Shouldn't SER send CANCEL to one of them, and relay only
ONE 200 OK back to the client? How would I do this?
It is not the client's responsibility to send a CANCEL to the SER to
relay to one of the receivers, is this correct?
2. When I have
tls_verify_client = 1
tls_require_client_certificate = 1
in my cfg file, ser still accepts tcp and udp connections, despite
tls_require_client_certificate=1. I did a search, and found this way:
if (proto != TLS) {
sl_send_reply("403", "Forbidden");
exit;
};
However SER is really still listening on UDP and TCP port 5060. Is there
a way to configure SER such that it only listens and acknowledges TLS
connections?
Thanks
Andrew
7 Mar
7 Mar
3:11 p.m.
Hi Andrew,
Andrew T Gin wrote:
Hi
I have two questions.
1. Receiver(a)1.1.1.1 and Receiver(a)2.2.2.2 register with ser.
Client sends an INVITE to ser for Receiver.
ser forks these INVITES in parallel to both Receiver(a)1.1.1.1 and
Receiver(a)2.2.2.2.
As both Receivers are online, they both reply with 200 OK.
SER then relays BOTH 200 OK's back to the Client.
My question: Shouldn't SER send CANCEL to one of them, and relay only
ONE 200 OK back to the client? How would I do this?
It is not the client's responsibility to send a CANCEL to the SER to
relay to one of the receivers, is this correct?
AFAIK, the rfc state that all 200 ok must be sent to the UAC - the proxy
cannot decide which to select and more important it is not able to
terminate a call (CANCEL is used only prior to 200 OK; after that, BYE
must be used)
So, the UAC should select one of the 200 OK and for the other one, it
should send a BYE.
2. When I have
tls_verify_client = 1
tls_require_client_certificate = 1
in my cfg file, ser still accepts tcp and udp connections, despite
tls_require_client_certificate=1. I did a search, and found this way:
if (proto != TLS) {
sl_send_reply("403", "Forbidden");
exit;
};
However SER is really still listening on UDP and TCP port 5060. Is
there a way to configure SER such that it only listens and
acknowledges TLS connections?
do:
disable_tcp = yes
to get rid of TCP
for UDP is not so simple as RFC make mandatory for a proxy to use UDP.
So, you have to do it from script.
regards,
bogdan
Thanks
Andrew
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
12 Mar
12 Mar
12:28 p.m.
Bogdan-Andrei Iancu wrote:
or just configure iptables ( or antother firewall) to drop packets to
port 5060 UDP and TCP.
regards
klaus
--
Klaus Darilion
nic.at
2. When I
have
tls_verify_client = 1
tls_require_client_certificate = 1
in my cfg file, ser still accepts tcp and udp connections, despite
tls_require_client_certificate=1. I did a search, and found this way:
if (proto != TLS) {
sl_send_reply("403", "Forbidden");
exit;
};
However SER is really still listening on UDP and TCP port 5060. Is
there a way to configure SER such that it only listens and
acknowledges TLS connections?
do:
disable_tcp = yes
to get rid of TCP
for UDP is not so simple as RFC make mandatory for a proxy to use UDP.
So, you have to do it from script.
6468
days inactive
6474
days old
2 comments
3 participants
participants (3)
-
Andrew T Gin -
Bogdan-Andrei Iancu -
Klaus Darilion