[Serusers] Re: Testing SIPS with minisip and openSER - sr-users

21 Mar 2006


      On 3/21/06, Christoph Fürstaller christoph.fuerstaller@kurtkrenn.com wrote:
...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Cesc,
I finally managed it to connect minisip to openSER.
Can you tell us what the problem was? just in case others come across
the same problem again ... tks!
...
But I get new Errors
when I try to Register or try to call another phone:
If you established the tls correctly ... and according to the ser
debug log it seems that it reads correctly the sip message. The
problem is when processing it ... so i tend to think that you have
either an error in your ser.cfg file or that you found a bug in ser
(maybe caused by something minisip does ... but i dont know).
I forwarded the email to ser list ... i think it is more appropriate.
...
I appended the debug output from openSER
It looks like the tls connection is beeing estables, then SER checks
against the cfg and found an Error. That this is not SIP?
Have you got any idea what that could be?
Would be nice if you can help me.
chris...
Cesc wrote:
...
Hi Christoph,
Have you added the root certificate to minisip, in the "Certificate
authorities" certificates preferences?
If so, you have noted that you can add it in different ways (file,
folder, chain file ... ) ... try each of them ... i think the last
time i tried, not all of them actually worked ... can you report back
if this helped, and which one worked?
Also, what kind of auth do you have set up in ser/openser? do you
require client certificates? did you add it to minisip if so?
Regards,
Cesc
On 3/21/06, Christoph Fürstaller christoph.fuerstaller@kurtkrenn.com wrote:
Hi all,
I've set up OpenSER with TLS support and want to test it with minisip.
But whenever I try to connect minisip to SER i get the following error:
SSL: connect failed
8338:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed:s3_clnt.c:844:
SipMessageTransport: sendMessage: exception thrown!
SipMessageTransport: sendMessage: creating new socket
IP4Address(string): testcenter (192.168.20.156)
SSLdump gives me that output (without client siper suites):
1 1  0.0008 (0.0008)  C>S SSLv2 compatible client hello
  Version 3.1
  cipher suites
1 2  0.0025 (0.0016)  S>CV3.1(74)  Handshake
      ServerHello
        Version 3.1
        random[32]=
          44 1f ba f6 a9 a9 a7 c5 1a 2f 49 3b ce 05 e7 cb
          da d6 11 96 09 58 52 c9 84 0d 08 65 a4 68 77 b6
        session_id[32]=
          6c 14 5e 88 28 2f 34 9a 98 21 8b ad 82 6c 2d 5f
          12 f9 f9 35 7b e3 99 db 50 13 38 c1 2a 0a 71 22
        cipherSuite         Unknown value 0x35
        compressionMethod                   NULL
1 3  0.0025 (0.0000)  S>CV3.1(476)  Handshake
      Certificate
1 4  0.0025 (0.0000)  S>CV3.1(4)  Handshake
      ServerHelloDone
1 5  0.0816 (0.0790)  C>SV3.1(2)  Alert
    level           fatal
    value           unknown_ca
1    0.0827 (0.0011)  S>C  TCP FIN
1    0.0828 (0.0000)  C>S  TCP RST
So, minisip is complaining about the ca certificate. This certificate is
a self created self signing cert. With this I signed the cert for SER
and minisip. So that should be fine? Des Minisip doesn't allow self
signing ca certs?
I also tested SER with sipp via tls and this is fine. So I think openSER
should be working well?
Would be great if someone can give me some help.
Chris...

Minisip-users mailing list
Minisip-users@minisip.org
http://lists.minisip.org/mailman/listinfo/minisip-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEH+OcR0exH8dhr/YRAsWqAKDdCibAGatUTqOsK4TckUedpAgkcQCgpeRU
/nWke36z3mi59gevwF+1XKQ=
=k8N+
-----END PGP SIGNATURE-----
7(11894) tcpconn_new: new tcp connection to: 192.168.20.130
 7(11894) tcpconn_new: on port 35957, type 3
 7(11894) tls_tcpconn_init: Entered: Creating a whole new ssl connection
 7(11894) tls_tcpconn_init: Looking up tls domain [192.168.20.156:5061]
 7(11894) tls_tcpconn_init: Using default tls settings
 7(11894) tls_tcpconn_init: Setting in ACCEPT mode (server)
 7(11894) tcpconn_add: hashes: 181, 2
 7(11894) tcp_main_loop: new connection: 0x405b4b90 19
 7(11894) send2child: to tcp child 0 3(11880), 0x405b4b90
 3(11880) received n=4 con=0x405b4b90, fd=14
 3(11880) tls_update_fd: New fd is 14
 3(11880) tls_update_fd: New fd is 14
 3(11880) tls_accept: TLS handshake successful
 3(11880) tls_update_fd: New fd is 14
 3(11880) tls_update_fd: New fd is 14
 3(11880) _tls_read: 403 bytes read
 3(11880) tcp_read_req: content-length= 0
 3(11880) SIP Request:
 3(11880)  method:  <REGISTER>
 3(11880)  uri:     sip:192.168.20.156
 3(11880)  version: <SIP/2.0>
 3(11880) parse_headers: flags=2
 3(11880) DEBUG:parse_to:end of header reached, state=9
 3(11880) DEBUG: get_hdr_field: <To> [28]; uri=[sip:chris@192.168.20.156]
 3(11880) DEBUG: to body [sip:chris@192.168.20.156
]
 3(11880) get_hdr_field: cseq <CSeq>: <601> <REGISTER>
 3(11880) Found param type 232, <branch> = <z9hG4bK1327458630>; state=16
 3(11880) end of header reached, state=5
 3(11880) parse_headers: Via found, flags=2
 3(11880) parse_headers: this is the first via
 3(11880) After parse_msg...
 3(11880) preparing to run routing scripts...
 3(11880) DEBUG:maxfwd:is_maxfwd_present: value = 70
 3(11880) parse_headers: flags=200
 3(11880) is_preloaded: Yes
 3(11880) grep_sock_info - checking if host==us: 14==14 &&  [192.168.20.156] == [192.168.20.156]
 3(11880) grep_sock_info - checking if port 5061 matches port 5061
 3(11880) after_loose: Topmost route URI: 'sip:192.168.20.156:5061;transport=TLS;lr' is me
 3(11880) parse_headers: flags=200
 3(11880) DEBUG: get_hdr_body : content_length=0
 3(11880) found end of header
 3(11880) find_next_route: No next Route HF found
 3(11880) after_loose: No next URI found
 3(11880) grep_sock_info - checking if host==us: 14==14 &&  [192.168.20.156] == [192.168.20.156]
 3(11880) grep_sock_info - checking if port 5061 matches port 5060
 3(11880) check_self: host != me
 3(11880) parse_headers: flags=ffffffffffffffff
 3(11880) DEBUG: t_newtran: msg id=3 , global msg id=2 , T on entrance=0xffffffff
 3(11880) parse_headers: flags=ffffffffffffffff
 3(11880) parse_headers: flags=78
 3(11880) t_lookup_request: start searching: hash=19221, isACK=0
 3(11880) DEBUG: RFC3261 transaction matching failed
 3(11880) DEBUG: t_lookup_request: no transaction found
 3(11880) DEBUG: mk_proxy: doing DNS lookup...
 3(11880) ERROR:tm:add_uac: can't fwd to af 2, proto 1  (no corresponding listening socket)
 3(11880) ERROR:tm:t_forward_nonack: failure to add branches
 3(11880) ERROR:tm:t_relay_to:  t_forward_nonack returned error
 3(11880) parse_headers: flags=ffffffffffffffff
 3(11880) check_via_address(192.168.20.130, 192.168.20.130, 3)
 3(11880) WARNING:vqm_resize: resize(0) called
 3(11880) DEBUG: cleanup_uac_timers: RETR/FR timers reset
 3(11880) DEBUG: add_to_tail_of_timer[2]: 0x405dc5c0
 3(11880) tcp_send: tcp connection found (0x405b4b90), acquiring fd
 3(11880) tcp_send, c= 0x405b4b90, n=8
 7(11894) tcp_main_loop: read response= 405b4b90, 1 from 3 (11880)
 3(11880) tcp_send: after receive_fd: c= 0x405b4b90 n=4 fd=15
 3(11880) tcp_send: sending...
 3(11880) tls_update_fd: New fd is 15
 3(11880) tls_write: Write was successful (530 bytes)
 3(11880) tcp_send: after write: c= 0x405b4b90 n=530 fd=15
 3(11880) tcp_send: buf=
SIP/2.0 500 I'm terribly sorry, server error occurred (7/TM)
From: sip:chris@192.168.20.156
To: sip:chris@192.168.20.156;tag=ddf051b13744e2e8329237e95d7a9ade-7b3d
Call-ID: 407398382@192.168.20.130
CSeq: 601 REGISTER
Via: SIP/2.0/TLS 192.168.20.130:15061;branch=z9hG4bK1327458630
Server: OpenSer (1.0.0-tls (i386/linux))
Content-Length: 0
Warning: 392 192.168.20.156:5061 "Noisy feedback tells:  pid=11880 req_src_ip=192.168.20.130 req_src_port=35957 in_uri=sip:192.168.20.156 out_uri=sip:192.168.20.156 via_cnt==1"
3(11880) DEBUG:tm:_reply_light: reply sent out. buf=0x811a978: SIP/2.0 5..., shmem=0x405d9750: SIP/2.0 5
 3(11880) DEBUG:tm:_reply_light: finished
 3(11880) ERROR: generation of a stateful reply on error succeeded
 3(11880) DEBUG:destroy_avp_list: destroying list (nil)
 3(11880) receive_msg: cleaning up
 2(11878) DEBUG: timer routine:2,tl=0x405dc5c0 next=(nil)
 2(11878) DEBUG: wait_handler : removing 0x405dc578 from table
 2(11878) DEBUG: delete transaction 0x405dc578
 2(11878) DEBUG: wait_handler : done
 3(11880) tcp_receive_loop: 0x405b4b90 expired (172, 173)
 3(11880) releasing con 0x405b4b90, state 0, fd=14, id=2
 3(11880)  extra_data 0x4042fd70
 7(11894) tcp_main_loop: reader response= 405b4b90, 0 from 0
 7(11894) tcp_main_loop: CONN_RELEASE  0x405b4b90 refcnt= 0