We have reproduced the problem, the issue appears when the opensips as client
send the certificate to the EDGE (server) we have to avoid this client
certificate invoce.
Best regards
Gianluca> Date: Tue, 20 Jan 2009 17:21:43 +0200> From: bog...@voice-system.ro>
To: gianluca.more...@hotmail.it> CC: us...@lists.opensips.org;
devel@lists.opensips.org> Subject: Re: [OpenSIPS-Users] OCS Opensisp
certificate issues using TLS> > Probably we should try to get more info about
the error at runtime . Let > me do some checks to see how we can squize more
info about the error and > to print it.> > Regards,> Bogdan> > gianluca moretti
wrote:> > Bogdan, the error is ok, how can i solve the problem.> > The update
to this issue is if the client send the his certificate to > > the server and
this cause the problem.> > > > Ciao > > > > Best regards> >> > > Date: Tue, 20
Jan 2009 15:04:48 +0200> > > From: bog...@voice-system.ro> > > To:
gianluca.more...@hotmail.it> > > CC: us...@lists.opensips.org;
devel@lists.opensips.org> > > Subject: Re: [OpenSIPS-Users] OCS Opensisp
certificate issues using TLS> > >> > > Hi Gianluca,> > >> > > You get this:> >
>> > > Jan 17 16:06:12 [30304] ERROR:core:_tls_read: something wrong in SSL: 5>
> >> > > 5 is SSL_ERROR_SYSCALL . See:> > >
http://openssl.org/docs/ssl/SSL_get_error.html> > >> > > Regards,> > > Bogdan>
> >> > > gianluca moretti wrote:> > > > We try to integrate OCS 2007 and
opensisps using TLS> > > >> > > > SCENARIO:> > > >> > > > [wesip] Sending
register to OCS> > > > Seas ------------------------------------> EDGE --> OCS>
> > > [Opensips]> > > >> > > >> > > > Issue: Opensisps cannot connect to EDGE
server and in details> > > > opensisps send always a the certificate to the
client> > > > any idea to avoid to opensisps to send the always certificate.> >
> > EDGE: CertVerifyCertificateChainPolicy retuned a failure in> > > >
CERT_CHAIN_POLICY_STATUS> > > > OPENSIPS:> > > > Jan 17 16:06:12 [30303]
DBG:core:tls_dump_cert_info: tls_connect:> > > > local (client) certificate
issuer: /CN=Your_NAME/ST=Your_ST> > > >
ATE/C=CO/emailAddress=YOUR_EMAIL/O=YOUR_ORG_NAME> > > > Jan 17 16:06:12 [30303]
DBG:core:tls_write: write was successful (791> > > > bytes)> > > > Jan 17
16:06:12 [30303] DBG:core:tcp_send: after write: c= 0xb612fcf8> > > > n=791
fd=23> > > > Jan 17 16:06:12 [30303] DBG:core:tcp_send: buf=> > > > REGISTER
sip:hmcint.local:5060;transport=tcp SIP/2.0> > > > Via: SIP/2.0/TLS
192.168.5.59:5061;branch=z9hG4bKd863.89657825.0;i=2> > > > Via: SIP/2.0/TCP
192.168.5.59;branch=z9hG4bKd863.79657825.0> > > > To:
sip:max.ambr...@hmcint.local;transport=tcp> > > > From:> > > > > >
sip:max.ambr...@hmcint.local;transport=tcp;tag=BB479256370FF64C226AA6220F2364DD>
> > > CSeq: 1 REGISTER> > > > Call-ID:
24d8315a8ebb948a4dd4f1a3518e4...@192.168.5.59> > > >
<mailto:24d8315a8ebb948a4dd4f1a3518e4...@192.168.5.59>> > > > Content-Length:
0> > > > Max-Forwards: 70> > > > Contact:> > > > > >
<sip:192.168.5.59:5060;transport=tcp;AppId=.sip2msipGW>;methods="INVITE,> > > >
MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY> > > > , ACK,> > > > > >
REFER";proxy=replace;+sip.instance="<urn:uuid:787C69C1-2A21-441f-B792-A908ABFF5010>">
> > > Supported: gruu-10,adhoclist,msrtc-event-categories,ms-forking> > > >
ms-keep-alive: UAC;hop-hop=yes> > > > Event: registration> > > >
X-WeSIP-SPIRAL: true> > > >> > > > Jan 17 16:06:12 [30303] DBG:tm:set_timer:
relative timeout is 30> > > > Jan 17 16:06:12 [30303]
DBG:tm:insert_timer_unsafe: [0]: > > 0xb610d020 (300)> > > > Jan 17 16:06:12
[30303] DBG:tm:t_relay_to: new transaction fwd'ed> > > > Jan 17 16:06:12
[30303] DBG:tm:t_unref: UNREF_UNSAFE: after is 0> > > > Jan 17 16:06:12 [30303]
DBG:core:destroy_avp_list: destroying list > > (nil)> > > > Jan 17 16:06:12
[30303] DBG:core:receive_msg: cleaning up> > > > Jan 17 16:06:12 [30304]
DBG:core:tls_update_fd: New fd is 23> > > > Jan 17 16:06:12 [30304]
ERROR:core:_tls_read: something wrong in > > SSL: 5> > > > Jan 17 16:06:12
[30304] ERROR:core:tcp_read_req: failed to read> > > > Jan 17 16:06:12 [30304]
DBG:core:io_watch_del: io_watch_del> > > > (0x8164160, 23, -1, 0x10) fd_no=2
called> > > > Jan 17 16:06:12 [30304] DBG:core:release_tcpconn: releasing con>
> > > 0xb612fcf8, state -2, fd=23, id=9> > > > Jan 17 16:06:12 [30304]
DBG:core:release_tcpconn: extra_data > > 0xb613fe10> > > > Jan 17 16:06:12
[30311] DBG:core:handle_tcp_child: reader response=> > > > b612fcf8, -2 from 1>
> > > Jan 17 16:06:12 [30311] DBG:core:tcpconn_destroy: destroying> > > >
connection 0xb612fcf8, flags 0002> > > > Jan 17 16:06:12 [30311]
DBG:core:tls_close: closing SSL connection> > > >> > > >> > > > The
opensips.cfg is configured as following:> > > > disable_tls = no> > > > listen
= tls:##OPENSIPSIP##:5061> > > > tls_verify_server = 0> > > > tls_verify_client
= 0> > > > tls_require_client_certificate = 0> > > > tls_method = TLSv1> > > >
tls_ca_list = > > "/product/opensips//etc/opensips/tls/dario/dario-calist.pem">
> > > tls_certificate = > >
"/product/opensips//etc/opensips/tls/user/user-cert.pem"> > > > tls_private_key
=> > > > "/product/opensips//etc/opensips/tls/user/user-privkey.pem"> > > >
tls_ciphers_list="RC4-MD5"> > > >> > > > route{> > > >> > > >
if(is_present_hf("X-WeSIP-SPIRAL")){> > > > log("\nSPIRAL!!!\n");> > > >
t_relay("tls:EDGEIP:5061");> > > > exit;}> > > > (on WESIP SPIRAL is equal
TRUE)> > > >> > > > OPENSIPSIP is the CLIENT e EDGEIP is the SERVER> > > >> > >
>> > > > Using Open SSL the connection is OK> > > > openssl s_client -connect
EDGEIP:5061 -ssl2 -CAfile> > > >
/product/opensips_dev/etc/opensips/tls/user/user-calist.pem -cipher> > > >
RC4-MD5> > > >> > > > New, TLSv1/SSLv3, Cipher is RC4-MD5> > > > Server public
key is 1024 bit> > > > SSL-Session:> > > > Protocol : TLSv1> > > > Cipher :
RC4-MD5> > > > Session-ID:> > > >
E708000007E4CC591AA8982939C17298FBEDF72E749C010EFFC39FBEB2D143A6> > > >
Session-ID-ctx:> > > > Master-Key:> > > > > >
5835CA1877799D4B507AA31DB8DEA5F11D27DD077FE43F52DC9606ABF296AF6043402938E384FFF7B1485DC77D4D13D7>
> > > Key-Arg : None> > > > Krb5 Principal: None> > > > Start Time:
1232205185> > > > Timeout : 7200 (sec)> > > > Verify return code: 0 (ok)> > >
>> > > > Regards> > > >> > > >> > > >> > > > > >
------------------------------------------------------------------------> > > >
Scoprilo insieme ai nuovi servizi Windows Live! Messenger 9: oltre le> > > >
parole. <http://download.live.com/messenger/?mkt=it-it>> > > > > >
------------------------------------------------------------------------> > >
>> > > > _______________________________________________> > > > Users mailing
list> > > > us...@lists.opensips.org> > > >
http://lists.opensips.org/cgi-bin/mailman/listinfo/users> > > >> > >> >> >> >
------------------------------------------------------------------------> >
Scopri le novità! Più veloce, più tua, più Hotmail. > >
<http://www.messenger.it/hotmail.aspx>>
_________________________________________________________________
Quali sono le più cliccate della settimana?
http://livesearch.it.msn.com/
_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel