Hi Răzvan! Thanks for your response. Yes, I can decode with wireshark. If you want I can send you a pcap (with succesfull and failed calls) and the private key (obviusly in a private mail)
The only "strange" thing I can see in wireshark is that OpenSips sends to the UAC a TLS Close Notify just after segment of a reasembled PDU, like this: Alert (Level: Warning, Description: Close Notify) but this reasembly works well in another call. Thank you very much for your help, Carlos Oliva * _________________________________________________ Carlos OlivaDepartamento de Sistemas C/ Pujades, 77-79, 8a Planta 9B | 08005 Barcelona www.numintec.com <http://www.numintec.com/> | [email protected] <[email protected]> | T: 902 02 02 97 _________________________________________________ Talking Numintec: Dialogando con empresarios de éxito <http://www.youtube.com/user/numintec> <http://www.youtube.com/user/numintec> Las soluciones en la nube de Numintec - Casos de éxito <http://www.numintec.com/category/caso-de-exito/> <http://www.numintec.com/category/caso-de-exito/> Solicita una demo <http://www.numintec.com/demo/> _________________________________________________ Medio Ambiente: Antes de imprimir este mensaje, asegúrese de que es necesario. Nota Legal: La información contenida en la presente transmisión es confidencial y su uso únicamente está permitido a su(s) destinatario(s). Le informamos que los datos personales que facilite/ha facilitado pasarán/han pasado a formar parte de un fichero responsabilidad de NUMINTEC COMUNICACIONES S.L.. y que tiene por finalidad gestionar las relaciones. Tiene la posibilidad de ejercitar los derechos de acceso, rectificación, cancelación y oposición respecto a sus datos ante la empresa, en el e-mail [email protected] <[email protected]> o bien en el domicilio sito en C/ Pujades, 77-79 8ª Planta 9-B 08005 de Barcelona.* 2015-10-14 20:27 GMT+02:00 Răzvan Crainea <[email protected]>: > Hi, Carlos! > > Each TLS connection has its own buffer, protected by a locking mechanisms, > so I don't see how data might get corrupted. Have you tried taking a > wireshark capture to see if Wireshark manages to parse and validate the TLS > sessions? > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer > http://www.opensips-solutions.com > > On 10/14/2015 02:55 PM, Carlos Oliva wrote: > >> After some tests I was able to reproduce the issue with >> tls_verify_client = 0 and tls_require_client_certificate = 0 The error >> now is: >> "ERROR:core:tls_print_errstack: TLS errstack: error:14094418:SSL >> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca" >> >> Always is reproducible after some tests with a bit of load in the proxy. >> I was not able to reproduce with only two registered AORs. Maybe (only a >> supposition) the ssl buffer can be modified by other process while >> reading and the data is corrupted? >> >> In case it can help, here a new paste with debug=6 >> http://pastebin.com/vCmitj0m >> >> — >> Reply to this email directly or view it on GitHub >> <https://github.com/OpenSIPS/opensips/issues/670#issuecomment-148027341>. >> >> >> >> _______________________________________________ >> Devel mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel >> >> > _______________________________________________ > Devel mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/devel >
_______________________________________________ Devel mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
