On 3/21/06, Christoph Fürstaller christoph.fuerstaller@kurtkrenn.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Cesc,
I finally managed it to connect minisip to openSER.
Can you tell us what the problem was? just in case others come across the same problem again ... tks!
But I get new Errors when I try to Register or try to call another phone:
If you established the tls correctly ... and according to the ser debug log it seems that it reads correctly the sip message. The problem is when processing it ... so i tend to think that you have either an error in your ser.cfg file or that you found a bug in ser (maybe caused by something minisip does ... but i dont know). I forwarded the email to ser list ... i think it is more appropriate.
I appended the debug output from openSER
It looks like the tls connection is beeing estables, then SER checks against the cfg and found an Error. That this is not SIP?
Have you got any idea what that could be?
Would be nice if you can help me.
chris...
Cesc wrote:
Hi Christoph,
Have you added the root certificate to minisip, in the "Certificate authorities" certificates preferences? If so, you have noted that you can add it in different ways (file, folder, chain file ... ) ... try each of them ... i think the last time i tried, not all of them actually worked ... can you report back if this helped, and which one worked?
Also, what kind of auth do you have set up in ser/openser? do you require client certificates? did you add it to minisip if so?
Regards,
Cesc
On 3/21/06, Christoph Fürstaller christoph.fuerstaller@kurtkrenn.com wrote:
Hi all,
I've set up OpenSER with TLS support and want to test it with minisip. But whenever I try to connect minisip to SER i get the following error:
SSL: connect failed 8338:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:844: SipMessageTransport: sendMessage: exception thrown! SipMessageTransport: sendMessage: creating new socket IP4Address(string): testcenter (192.168.20.156)
SSLdump gives me that output (without client siper suites):
1 1 0.0008 (0.0008) C>S SSLv2 compatible client hello Version 3.1 cipher suites 1 2 0.0025 (0.0016) S>CV3.1(74) Handshake ServerHello Version 3.1 random[32]= 44 1f ba f6 a9 a9 a7 c5 1a 2f 49 3b ce 05 e7 cb da d6 11 96 09 58 52 c9 84 0d 08 65 a4 68 77 b6 session_id[32]= 6c 14 5e 88 28 2f 34 9a 98 21 8b ad 82 6c 2d 5f 12 f9 f9 35 7b e3 99 db 50 13 38 c1 2a 0a 71 22 cipherSuite Unknown value 0x35 compressionMethod NULL 1 3 0.0025 (0.0000) S>CV3.1(476) Handshake Certificate 1 4 0.0025 (0.0000) S>CV3.1(4) Handshake ServerHelloDone 1 5 0.0816 (0.0790) C>SV3.1(2) Alert level fatal value unknown_ca 1 0.0827 (0.0011) S>C TCP FIN 1 0.0828 (0.0000) C>S TCP RST
So, minisip is complaining about the ca certificate. This certificate is a self created self signing cert. With this I signed the cert for SER and minisip. So that should be fine? Des Minisip doesn't allow self signing ca certs?
I also tested SER with sipp via tls and this is fine. So I think openSER should be working well?
Would be great if someone can give me some help.
Chris...
Minisip-users mailing list Minisip-users@minisip.org http://lists.minisip.org/mailman/listinfo/minisip-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEH+OcR0exH8dhr/YRAsWqAKDdCibAGatUTqOsK4TckUedpAgkcQCgpeRU /nWke36z3mi59gevwF+1XKQ= =k8N+ -----END PGP SIGNATURE-----
7(11894) tcpconn_new: new tcp connection to: 192.168.20.130 7(11894) tcpconn_new: on port 35957, type 3 7(11894) tls_tcpconn_init: Entered: Creating a whole new ssl connection 7(11894) tls_tcpconn_init: Looking up tls domain [192.168.20.156:5061] 7(11894) tls_tcpconn_init: Using default tls settings 7(11894) tls_tcpconn_init: Setting in ACCEPT mode (server) 7(11894) tcpconn_add: hashes: 181, 2 7(11894) tcp_main_loop: new connection: 0x405b4b90 19 7(11894) send2child: to tcp child 0 3(11880), 0x405b4b90 3(11880) received n=4 con=0x405b4b90, fd=14 3(11880) tls_update_fd: New fd is 14 3(11880) tls_update_fd: New fd is 14 3(11880) tls_accept: TLS handshake successful 3(11880) tls_update_fd: New fd is 14 3(11880) tls_update_fd: New fd is 14 3(11880) _tls_read: 403 bytes read 3(11880) tcp_read_req: content-length= 0 3(11880) SIP Request: 3(11880) method: <REGISTER> 3(11880) uri: sip:192.168.20.156 3(11880) version: <SIP/2.0> 3(11880) parse_headers: flags=2 3(11880) DEBUG:parse_to:end of header reached, state=9 3(11880) DEBUG: get_hdr_field: <To> [28]; uri=[sip:chris@192.168.20.156] 3(11880) DEBUG: to body [sip:chris@192.168.20.156 ] 3(11880) get_hdr_field: cseq <CSeq>: <601> <REGISTER> 3(11880) Found param type 232, <branch> = <z9hG4bK1327458630>; state=16 3(11880) end of header reached, state=5 3(11880) parse_headers: Via found, flags=2 3(11880) parse_headers: this is the first via 3(11880) After parse_msg... 3(11880) preparing to run routing scripts... 3(11880) DEBUG:maxfwd:is_maxfwd_present: value = 70 3(11880) parse_headers: flags=200 3(11880) is_preloaded: Yes 3(11880) grep_sock_info - checking if host==us: 14==14 && [192.168.20.156] == [192.168.20.156] 3(11880) grep_sock_info - checking if port 5061 matches port 5061 3(11880) after_loose: Topmost route URI: 'sip:192.168.20.156:5061;transport=TLS;lr' is me 3(11880) parse_headers: flags=200 3(11880) DEBUG: get_hdr_body : content_length=0 3(11880) found end of header 3(11880) find_next_route: No next Route HF found 3(11880) after_loose: No next URI found 3(11880) grep_sock_info - checking if host==us: 14==14 && [192.168.20.156] == [192.168.20.156] 3(11880) grep_sock_info - checking if port 5061 matches port 5060 3(11880) check_self: host != me 3(11880) parse_headers: flags=ffffffffffffffff 3(11880) DEBUG: t_newtran: msg id=3 , global msg id=2 , T on entrance=0xffffffff 3(11880) parse_headers: flags=ffffffffffffffff 3(11880) parse_headers: flags=78 3(11880) t_lookup_request: start searching: hash=19221, isACK=0 3(11880) DEBUG: RFC3261 transaction matching failed 3(11880) DEBUG: t_lookup_request: no transaction found 3(11880) DEBUG: mk_proxy: doing DNS lookup... 3(11880) ERROR:tm:add_uac: can't fwd to af 2, proto 1 (no corresponding listening socket) 3(11880) ERROR:tm:t_forward_nonack: failure to add branches 3(11880) ERROR:tm:t_relay_to: t_forward_nonack returned error 3(11880) parse_headers: flags=ffffffffffffffff 3(11880) check_via_address(192.168.20.130, 192.168.20.130, 3) 3(11880) WARNING:vqm_resize: resize(0) called 3(11880) DEBUG: cleanup_uac_timers: RETR/FR timers reset 3(11880) DEBUG: add_to_tail_of_timer[2]: 0x405dc5c0 3(11880) tcp_send: tcp connection found (0x405b4b90), acquiring fd 3(11880) tcp_send, c= 0x405b4b90, n=8 7(11894) tcp_main_loop: read response= 405b4b90, 1 from 3 (11880) 3(11880) tcp_send: after receive_fd: c= 0x405b4b90 n=4 fd=15 3(11880) tcp_send: sending... 3(11880) tls_update_fd: New fd is 15 3(11880) tls_write: Write was successful (530 bytes) 3(11880) tcp_send: after write: c= 0x405b4b90 n=530 fd=15 3(11880) tcp_send: buf= SIP/2.0 500 I'm terribly sorry, server error occurred (7/TM) From: sip:chris@192.168.20.156 To: sip:chris@192.168.20.156;tag=ddf051b13744e2e8329237e95d7a9ade-7b3d Call-ID: 407398382@192.168.20.130 CSeq: 601 REGISTER Via: SIP/2.0/TLS 192.168.20.130:15061;branch=z9hG4bK1327458630 Server: OpenSer (1.0.0-tls (i386/linux)) Content-Length: 0 Warning: 392 192.168.20.156:5061 "Noisy feedback tells: pid=11880 req_src_ip=192.168.20.130 req_src_port=35957 in_uri=sip:192.168.20.156 out_uri=sip:192.168.20.156 via_cnt==1"
3(11880) DEBUG:tm:_reply_light: reply sent out. buf=0x811a978: SIP/2.0 5..., shmem=0x405d9750: SIP/2.0 5 3(11880) DEBUG:tm:_reply_light: finished 3(11880) ERROR: generation of a stateful reply on error succeeded 3(11880) DEBUG:destroy_avp_list: destroying list (nil) 3(11880) receive_msg: cleaning up 2(11878) DEBUG: timer routine:2,tl=0x405dc5c0 next=(nil) 2(11878) DEBUG: wait_handler : removing 0x405dc578 from table 2(11878) DEBUG: delete transaction 0x405dc578 2(11878) DEBUG: wait_handler : done 3(11880) tcp_receive_loop: 0x405b4b90 expired (172, 173) 3(11880) releasing con 0x405b4b90, state 0, fd=14, id=2 3(11880) extra_data 0x4042fd70 7(11894) tcp_main_loop: reader response= 405b4b90, 0 from 0 7(11894) tcp_main_loop: CONN_RELEASE 0x405b4b90 refcnt= 0