28 Dec
2006
28 Dec
'06
10:19 p.m.
Hi,
I am trying to make my non-TLS/TLS UA register with my TLS enabled openSER.
Currently I am just working on my local machine with the client UAs on the
same subnet,(so there is only one domain, but its not named). Below is my
configuration file:
disable_tls = 0
listen = tls:10.30.100.41:5061
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = "/usr/local/etc/openser/tls/user/user- cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user- privkey.pem"
tls_ca_list = "usr/local/etc/openser/tls/user/user-calist.pem"
However, with the above configuration the client UAs couldnot register and I
got 408 Request Time out Message. Is there any field that is missing to make
this simple scenario work? What should be the values of "tls_client_domain"
and "tls_server_domain" fields in this case?
I noticed that when I start the openSER without TLS support using
"openserctl start" and do "ps -e" after that, there are more openSER
processes running than if I start openSER with TLS support in which case I
see very few of these processes running.
Your help is much appreciated....
Best regards,
NCheeku
28 Dec
28 Dec
11:49 p.m.
Hello again,
maybe you should add the following line to test your non-TLS UAs:
disable_tls = 0
listen = udp:10.30.100.41:5060 <---
listen = tls:10.30.100.41:5061
You can check your TLS handshake by simulating your server with openssl.
Please have a look at the following link that describes the TLS support:
http://www.openser.org/docs/tls.html
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
Hi,
I am trying to make my non-TLS/TLS UA register with my TLS enabled openSER.
Currently I am just working on my local machine with the client UAs on the
same subnet,(so there is only one domain, but its not named). Below is my
configuration file:
disable_tls = 0
listen = tls:10.30.100.41:5061
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = "/usr/local/etc/openser/tls/user/user-
cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user-
privkey.pem"
tls_ca_list =
"usr/local/etc/openser/tls/user/user-calist.pem"
However, with the above configuration the client UAs couldnot register and I
got 408 Request Time out Message. Is there any field that is missing to make
this simple scenario work? What should be the values of "tls_client_domain"
and "tls_server_domain" fields in this case?
I noticed that when I start the openSER without TLS support using
"openserctl start" and do "ps -e" after that, there are more openSER
processes running than if I start openSER with TLS support in which case I
see very few of these processes running.
Your help is much appreciated....
Best regards,
NCheeku
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
29 Dec
29 Dec
12:12 a.m.
Thanks a lot Steffen. Adding the new listen = udp:10.30.100.41:5060 indeed
worked. How can I check the TLS handshake using openssl at the server?
Thanks a lot..
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
Hello again,
maybe you should add the following line to test your non-TLS UAs:
disable_tls = 0
listen = udp:10.30.100.41:5060 <---
listen = tls:10.30.100.41:5061
You can check your TLS handshake by simulating your server with openssl.
Please have a look at the following link that describes the TLS support:
http://www.openser.org/docs/tls.html
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
Hi,
I am trying to make my non-TLS/TLS UA register with my TLS enabled
openSER.
Currently I am just working on my local machine
with the client UAs on
the
same subnet,(so there is only one domain, but its
not named). Below is
my
configuration file:
disable_tls = 0
listen = tls:10.30.100.41:5061
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = "/usr/local/etc/openser/tls/user/user-
cert.pem"
tls_private_key = "/usr/local/etc/openser/tls/user/user-
privkey.pem"
tls_ca_list =
"usr/local/etc/openser/tls/user/user-calist.pem"
However, with the above configuration the client UAs couldnot register
and I
got 408 Request Time out Message. Is there any
field that is missing to
make
this simple scenario work? What should be the
values of
"tls_client_domain"
and "tls_server_domain" fields in this
case?
I noticed that when I start the openSER without TLS support using
"openserctl start" and do "ps -e" after that, there are more openSER
processes running than if I start openSER with TLS support in which case
I
see very few of these processes running.
Your help is much appreciated....
Best regards,
NCheeku
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
12:56 a.m.
Hello Ncheeku,
change to the directory with your ".pem" files:
/usr/local/etc/openser/tls/user
Then you can test your TLS handshake with the following command:
openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept 5061
Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
Thanks a lot Steffen. Adding the new listen =
udp:10.30.100.41:5060 indeed
worked. How can I check the TLS handshake using openssl at the server?
Thanks a lot..
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
Hello again,
maybe you should add the following line to test your non-TLS UAs:
disable_tls = 0
listen = udp:10.30.100.41:5060 <---
listen = tls:10.30.100.41:5061
You can check your TLS handshake by simulating your server with openssl.
Please have a look at the following link that describes the TLS support:
http://www.openser.org/docs/tls.html
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> Hi,
>
> I am trying to make my non-TLS/TLS UA register with my TLS enabled
openSER.
> Currently I am just working on my local
machine with the client UAs on
the
> same subnet,(so there is only one domain,
but its not named). Below is
my
> configuration file:
>
> disable_tls = 0
> listen = tls:10.30.100.41:5061
> tls_verify_server = 1
> tls_verify_client = 0
> tls_require_client_certificate = 0
> tls_method = TLSv1
> tls_certificate =
"/usr/local/etc/openser/tls/user/user-
> cert.pem"
> tls_private_key =
"/usr/local/etc/openser/tls/user/user-
> privkey.pem"
> tls_ca_list =
> "usr/local/etc/openser/tls/user/user-calist.pem"
>
> However, with the above configuration the client UAs couldnot register
and I
> got 408 Request Time out Message. Is there
any field that is missing to
make
> this simple scenario work? What should be
the values of
"tls_client_domain"
> and "tls_server_domain" fields in
this case?
>
> I noticed that when I start the openSER without TLS support using
> "openserctl start" and do "ps -e" after that, there are more
openSER
> processes running than if I start openSER with TLS support in which case
I
see very
few of these processes running.
Your help is much appreciated....
Best regards,
NCheeku
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
4:21 p.m.
Thanks Steffen. Is there any freely available tls client which can be used
to check this settings and the handshake? That will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
Hello Ncheeku,
change to the directory with your ".pem"
files: /usr/local/etc/openser/tls/user
Then you can test your TLS handshake with the following command:
openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept
5061
Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
on
Thanks a lot Steffen. Adding the new listen =
udp:10.30.100.41:5060indeed
worked. How can I check the TLS handshake using openssl at the server?
Thanks a lot..
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
> Hello again,
>
> maybe you should add the following line to test your non-TLS UAs:
>
> disable_tls = 0
> listen = udp:10.30.100.41:5060 <---
> listen = tls:10.30.100.41:5061
>
>
> You can check your TLS handshake by simulating your server with
openssl.
>
>
> Please have a look at the following link that describes the TLS
support:
http://www.openser.org/docs/tls.html
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> Hi,
>
> I am trying to make my non-TLS/TLS UA register with my TLS enabled
openSER.
> > Currently I am just working on my local machine with the client UAs the
> > same subnet,(so there is only one domain, but its not named). Below
is
my
register
> configuration file:
>
> disable_tls = 0
> listen = tls:10.30.100.41:5061
> tls_verify_server = 1
> tls_verify_client = 0
> tls_require_client_certificate = 0
> tls_method = TLSv1
> tls_certificate =
"/usr/local/etc/openser/tls/user/user-
> cert.pem"
> tls_private_key =
"/usr/local/etc/openser/tls/user/user-
> > privkey.pem"
> > tls_ca_list =
> > "usr/local/etc/openser/tls/user/user-calist.pem"
> >
> > However, with the above configuration the client UAs couldnot and I
> > got 408 Request Time out Message. Is there any field that is missing
to
make
case
> this simple scenario work? What should be
the values of
"tls_client_domain"
> > and "tls_server_domain" fields in this case?
> >
> > I noticed that when I start the openSER without TLS support using
> > "openserctl start" and do "ps -e" after that, there are
more openSER
> > processes running than if I start openSER with TLS support in which I
see very
few of these processes running.
Your help is much appreciated....
Best regards,
NCheeku
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
4:25 p.m.
Hello,
openssl can play client and/or server role.
Best regards,
Steffen
2006/12/29, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
Thanks Steffen. Is there any freely available tls
client which can be used
to check this settings and the handshake? That will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
Hello Ncheeku,
change to the directory with your ".pem" files:
/usr/local/etc/openser/tls/user
Then you can test your TLS handshake with the following command:
openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept
5061
Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> Thanks a lot Steffen. Adding the new listen = udp: 10.30.100.41:5060
indeed
> worked. How can I check the TLS handshake
using openssl at the server?
> Thanks a lot..
>
>
>
> On 12/28/06, Steffen Witt < witt.steffen(a)googlemail.com> wrote:
> > Hello again,
> >
> > maybe you should add the following line to test your non-TLS UAs:
> >
> > disable_tls = 0
> > listen = udp:10.30.100.41:5060 <---
> > listen = tls:10.30.100.41:5061
> >
> >
> > You can check your TLS handshake by simulating your server with
openssl.
> >
> >
> > Please have a look at the following link that describes the TLS
support:
> >
> > http://www.openser.org/docs/tls.html
> >
> >
> > Best regards,
> > Steffen
> >
> >
> >
> >
> > 2006/12/28, Ncheeku Baranov < opensersubscribe(a)gmail.com>gt;:
> > > Hi,
> > >
> > > I am trying to make my non-TLS/TLS UA register with my TLS enabled
> openSER.
> > > Currently I am just working on my local machine with the client UAs
on
> the
> > > same subnet,(so there is only one domain, but its not named). Below
is
> my
> > > configuration file:
> > >
> > > disable_tls = 0
> > > listen = tls:10.30.100.41:5061
> > > tls_verify_server = 1
> > > tls_verify_client = 0
> > > tls_require_client_certificate = 0
> > > tls_method = TLSv1
> > > tls_certificate =
> "/usr/local/etc/openser/tls/user/user-
> > > cert.pem"
> > > tls_private_key =
> "/usr/local/etc/openser/tls/user/user-
> > > privkey.pem"
> > > tls_ca_list =
> > > "usr/local/etc/openser/tls/user/user-calist.pem"
> > >
> > > However, with the above configuration the client UAs couldnot
register
> and I
> > > got 408 Request Time out Message. Is there any field that is missing
to
> make
> > > this simple scenario work? What should be the values of
> "tls_client_domain"
> > > and "tls_server_domain" fields in this case?
> > >
> > > I noticed that when I start the openSER without TLS support using
> > > "openserctl start" and do "ps -e" after that, there
are more openSER
> > > processes running than if I start openSER with TLS support in which
case
I
> see very few of these processes running.
>
> Your help is much appreciated....
>
> Best regards,
> NCheeku
>
> _______________________________________________
> Users mailing list
> Users(a)openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
>
4:52 p.m.
You are correct, so just for the trial purposes if I want the TLS handshake
to be successful what credentials for the client should I use? i.e. can I do
something like:
openssl s_client -cert user-cert.pem -key user-privkey.pem -state -connect
10.30.00.41:5061
on doing this it comes back with an error saying Verify Return Code: 21
(Unable to verify the first certificate), Should I be using new certificates
or with the same set of certificates I can achive a successful handshake?
Thanks a lot..
Ncheeku
On 12/29/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
Hello,
openssl can play client and/or server role.
Best regards,
Steffen
2006/12/29, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
enabled
Thanks Steffen. Is there any freely available tls
client which can be
used
to check this settings and the handshake? That
will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
-accept
Hello Ncheeku,
change to the directory with your ".pem" files:
/usr/local/etc/openser/tls/user
>
>
> Then you can test your TLS handshake with the following command:
>
> openssl s_server -cert user-cert.pem -key user-privkey.pem -state 5061
server?
Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> Thanks a lot Steffen. Adding the new listen = udp: 10.30.100.41:5060
indeed
> > worked. How can I check the TLS handshake using openssl at the >
Thanks a lot..
>
>
>
> On 12/28/06, Steffen Witt < witt.steffen(a)googlemail.com> wrote:
> > Hello again,
> >
> > maybe you should add the following line to test your non-TLS UAs:
> >
> > disable_tls = 0
> > listen = udp:10.30.100.41:5060 <---
> > listen = tls:10.30.100.41:5061
> >
> >
> > You can check your TLS handshake by simulating your server with
openssl.
> >
> >
> > Please have a look at the following link that describes the TLS
support:
> > >
> > > http://www.openser.org/docs/tls.html
> > >
> > >
> > > Best regards,
> > > Steffen
> > >
> > >
> > >
> > >
> > > 2006/12/28, Ncheeku Baranov < opensersubscribe(a)gmail.com>gt;:
> > > > Hi,
> > > >
> > > > I am trying to make my non-TLS/TLS UA register with my TLS > > openSER.
> > > > Currently I am just working on my local machine with the client
UAs
on
> > the
> > > > same subnet,(so there is only one domain, but its not named).
Below
is
missing
> my
> > > configuration file:
> > >
> > > disable_tls = 0
> > > listen = tls:10.30.100.41:5061
> > > tls_verify_server = 1
> > > tls_verify_client = 0
> > > tls_require_client_certificate = 0
> > > tls_method = TLSv1
> > > tls_certificate =
> "/usr/local/etc/openser/tls/user/user-
> > > cert.pem"
> > > tls_private_key =
> "/usr/local/etc/openser/tls/user/user-
> > > privkey.pem"
> > > tls_ca_list =
> > > "usr/local/etc/openser/tls/user/user-calist.pem"
> > >
> > > However, with the above configuration the client UAs couldnot
register
> > and I
> > > > got 408 Request Time out Message. Is there any field that is to
> > make
> > > > this simple scenario work? What should be the values of
> > "tls_client_domain"
> > > > and "tls_server_domain" fields in this case?
> > > >
> > > > I noticed that when I start the openSER without TLS support
using
> > > > "openserctl start"
and do "ps -e" after that, there are more
openSER
> > > > processes running than if I
start openSER with TLS support in
which
case
I
> > see very few of these processes running.
> >
> > Your help is much appreciated....
> >
> > Best regards,
> > NCheeku
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
>
6:12 p.m.
OK, the certificate authority (CA) is missing in your client command:
openssl s_client ... -CAfile name_of_cafile.pem
In my opinion a client should use a different certificate/private key
pair but signed by the same CA.
Best regards,
Steffen
2006/12/29, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
You are correct, so just for the trial purposes if I
want the TLS handshake
to be successful what credentials for the client should I use? i.e. can I do
something like:
openssl s_client -cert user-cert.pem -key user-privkey.pem -state -connect
10.30.00.41:5061
on doing this it comes back with an error saying Verify Return Code: 21
(Unable to verify the first certificate), Should I be using new certificates
or with the same set of certificates I can achive a successful handshake?
Thanks a lot..
Ncheeku
6:23 p.m.
Yes, it worked. It came back saying that the certificate has expired, verify
return code: 10. Probably the certificate has expired and I need to generate
the new certificates..
Thanks a lot....
NCheeku
On 12/29/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
OK, the certificate authority (CA) is missing in your client command:
openssl s_client ... -CAfile name_of_cafile.pem
In my opinion a client should use a different certificate/private key
pair but signed by the same CA.
Best regards,
Steffen
2006/12/29, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
You are correct, so just for the trial purposes
if I want the TLS
handshake
to be successful what credentials for the client
should I use? i.e. can
I do
something like:
openssl s_client -cert user-cert.pem -key user-privkey.pem -state
-connect
10.30.00.41:5061
on doing this it comes back with an error saying Verify Return Code: 21
(Unable to verify the first certificate), Should I be using new
certificates
or with the same set of certificates I can achive
a successful
handshake?
Thanks a lot..
Ncheeku
9:55 p.m.
The only free TLS-capeable client is minisip.
Commercial phones with TLs support are eyebeam (IMO the best client
available and IMO worth the 60$) and the SNOM hardphones.
MAybe the free snom softphone also supports TLS - but I do not know.
regards
klaus
On Fri, December 29, 2006 15:21, Ncheeku Baranov said:
Thanks Steffen. Is there any freely available tls
client which can be used
to check this settings and the handshake? That will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
Hello Ncheeku,
change to the directory with your ".pem"
files: /usr/local/etc/openser/tls/user
Then you can test your TLS handshake with the following command:
openssl s_server -cert user-cert.pem -key user-privkey.pem -state
-accept
5061
Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
UAs
on
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
Thanks a lot Steffen. Adding the new listen =
udp:10.30.100.41:5060indeed
worked. How can I check the TLS handshake using
openssl at the server?
Thanks a lot..
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
> Hello again,
>
> maybe you should add the following line to test your non-TLS UAs:
>
> disable_tls = 0
> listen = udp:10.30.100.41:5060 <---
> listen = tls:10.30.100.41:5061
>
>
> You can check your TLS handshake by simulating your server with
openssl.
>
>
> Please have a look at the following link that describes the TLS
support:
http://www.openser.org/docs/tls.html
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> Hi,
>
> I am trying to make my non-TLS/TLS UA register with my TLS enabled
openSER.
> > Currently I am just working on my local machine with the client the
> > same subnet,(so there is only one domain, but its not named).
Below
is
my
register
> configuration file:
>
> disable_tls = 0
> listen = tls:10.30.100.41:5061
> tls_verify_server = 1
> tls_verify_client = 0
> tls_require_client_certificate = 0
> tls_method = TLSv1
> tls_certificate =
"/usr/local/etc/openser/tls/user/user-
> cert.pem"
> tls_private_key =
"/usr/local/etc/openser/tls/user/user-
> > privkey.pem"
> > tls_ca_list =
> > "usr/local/etc/openser/tls/user/user-calist.pem"
> >
> > However, with the above configuration the client UAs couldnot and I
> > got 408 Request Time out Message. Is there any field that is
missing
to
make
openSER
> this simple scenario work? What should be
the values of
"tls_client_domain"
> > and "tls_server_domain" fields in this case?
> >
> > I noticed that when I start the openSER without TLS support using
> > "openserctl start" and do "ps -e" after that, there are
more > > processes running than if I start
openSER with TLS support in
which
case
I
> see very few of these processes running.
>
> Your help is much appreciated....
>
> Best regards,
> NCheeku
>
> _______________________________________________
> Users mailing list
> Users(a)openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
>
2 Jan
2 Jan
10:28 p.m.
Thanks Klaus.
On 12/29/06, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
The only free TLS-capeable client is minisip.
Commercial phones with TLs support are eyebeam (IMO the best client
available and IMO worth the 60$) and the SNOM hardphones.
MAybe the free snom softphone also supports TLS - but I do not know.
regards
klaus
On Fri, December 29, 2006 15:21, Ncheeku Baranov said:
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
Thanks Steffen. Is there any freely available tls
client which can be
used
to check this settings and the handshake? That
will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
>
> Hello Ncheeku,
>
> change to the directory with your ".pem"
> files: /usr/local/etc/openser/tls/user
>
>
> Then you can test your TLS handshake with the following command:
>
> openssl s_server -cert user-cert.pem -key user-privkey.pem -state
> -accept
> 5061
>
> Openssl simulates a TLS server with your certificate/private key files
> and it accepts only requests at port 5061.
>
>
> Best regards,
> Steffen
>
>
>
> 2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> > Thanks a lot Steffen. Adding the new listen =
> udp:10.30.100.41:5060indeed
> > worked. How can I check the TLS handshake using openssl at the
server?
> > Thanks a lot..
> >
> >
> >
> > On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
> > > Hello again,
> > >
> > > maybe you should add the following line to test your non-TLS UAs:
> > >
> > > disable_tls = 0
> > > listen = udp:10.30.100.41:5060 <---
> > > listen = tls:10.30.100.41:5061
> > >
> > >
> > > You can check your TLS handshake by simulating your server with
> openssl.
> > >
> > >
> > > Please have a look at the following link that describes the TLS
> support:
> > >
> > > http://www.openser.org/docs/tls.html
> > >
> > >
> > > Best regards,
> > > Steffen
> > >
> > >
> > >
> > >
> > > 2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> > > > Hi,
> > > >
> > > > I am trying to make my non-TLS/TLS UA register with my TLS
enabled
openSER.
> > Currently I am just working on my local machine with the client
UAs
on
the
> > same subnet,(so there is only one domain, but its not named).
Below
is
my
> > configuration file:
> >
> > disable_tls = 0
> > listen = tls:10.30.100.41:5061
> > tls_verify_server = 1
> > tls_verify_client = 0
> > tls_require_client_certificate = 0
> > tls_method = TLSv1
> > tls_certificate =
"/usr/local/etc/openser/tls/user/user-
> > cert.pem"
> > tls_private_key =
"/usr/local/etc/openser/tls/user/user-
> > privkey.pem"
> > tls_ca_list =
> > "usr/local/etc/openser/tls/user/user-calist.pem"
> >
> > However, with the above configuration the client UAs couldnot
register
and I
> > got 408 Request Time out Message. Is there any field that is
missing
to
make
> > this simple scenario work? What should be the values of
"tls_client_domain"
> > and "tls_server_domain" fields in this case?
> >
> > I noticed that when I start the openSER without TLS support using
> > "openserctl start" and do "ps -e" after that, there are
more
openSER
> > processes running than if I start
openSER with TLS support in
which
case
I
> > see very few of these processes running.
> >
> > Your help is much appreciated....
> >
> > Best regards,
> > NCheeku
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
>
3 Jan
3 Jan
12:08 p.m.
Hi!
I've just read the pjsip news - there is now also TLS support. You can
use the included command line client for testing:
Merry Christmas and happy new year for all. I just
checked in
experimental TLS support in pjsip, just in case anyone is interested.
pjsua manual also has been updated:
http://www.pjsip.org/pjsua.htm
I've also updated the getting started page with the instructions on
how to enable TLS support during build. You can find it here:
http://www.pjsip.org/using.htm
cheers,
-benny
regards
klaus
--
Klaus Darilion
nic.at
6536
days inactive
6542
days old
11 comments
3 participants
participants (3)
-
Klaus Darilion -
Ncheeku Baranov -
Steffen Witt