|
Hi All, The following was observed while trying out -ve tests for the certificates exchanged for TLS connection between 2 SCS sites. Setup: SiteA - jupiter.qantom.int having SCS installed SiteB - moon.qantom.int having SCS installed 1. The certificates of both the sites were first exchanged and TLS connection was established between the 2 sites 2. Basic calls over TLS were tested between the 2 sites. 3. Next delete the certificate of SiteB from the 'certificates authorities' screen of SiteA (restart the services prompted for restart in SiteA) 4. From SiteA make a call to SiteB Observation: The call fails (correct behavior) with the exception "Exception Info com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuil derImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by [email protected], CN=ca.moo n.qantom.int, OU=scs, O=qantom.int, L=AnyTown, ST=AnyState, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error at SIPClientTransaction.java:972===========" Attachment - exception1.txt 5. After a few minutes try to make another call from SiteA to SiteB Observation: The call fails (correct behavior) with the exception "javax.sip.SipException: Could not acquire IO Semaphore'176.25.10.203:5081' after 10 seconds -- giving up" Attachment - exception2.txt Query: Can someone please let me know why the exception is different now although the cause for the failure is due to missing certificate. 6. Now goto SiteA and add the certificate of SiteB back (restart the services prompted for restart in SiteA) -- Try to make a call from SiteA to SiteB Observation: This call fails with the exception "javax.sip.SipException: Could not acquire IO Semaphore'176.25.10.203:5081' after 10 seconds -- giving up" This call should have been succeeded since the certificate of SiteB is now added in SiteA -- Try to make a call from SiteA to SiteB after sometime > This call fails each time with the exception "javax.sip.SipException: Could not acquire IO Semaphore'176.25.10.203:5081' after 10 seconds -- giving up" 7. Restart the SIP Trunking service at SiteB or start the services in Site B, make a call from SiteA to SiteB ---> The call is successful Query: Is this behavior observed in #6 an issue OR is it mandatory to start the services in SiteB for the calls to work again Thanks, Chaitra |
2010-05-05T11:20:04.661000Z:386:JAVA:ERR:jupiter.qantom.int:PipelineThread-0:00000000:BackToBackUserAgent:Error
occurred duri
ng processing of request
javax.sip.SipException: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCer
tPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued
by [email protected], CN=ca.moo
n.qantom.int, OU=scs, O=qantom.int, L=AnyTown, ST=AnyState, C=US is not
trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining
error
at
gov.nist.javax.sip.stack.SIPClientTransaction.sendRequest(SIPClientTransaction.java:972)
at
org.sipfoundry.sipxbridge.BackToBackUserAgent.sendInviteToItsp(BackToBackUserAgent.java:1890)
at
org.sipfoundry.sipxbridge.CallControlManager.processInvite(CallControlManager.java:621)
at
org.sipfoundry.sipxbridge.CallControlManager.processRequest(CallControlManager.java:3057)
at
org.sipfoundry.sipxbridge.SipListenerImpl.processRequest(SipListenerImpl.java:449)
at gov.nist.javax.sip.EventScanner.deliverEvent(EventScanner.java:224)
at
gov.nist.javax.sip.SipProviderImpl.handleEvent(SipProviderImpl.java:192)
at
gov.nist.javax.sip.DialogFilter.processRequest(DialogFilter.java:1137)
at
gov.nist.javax.sip.stack.SIPServerTransaction.processRequest(SIPServerTransaction.java:823)
at
gov.nist.javax.sip.stack.TCPMessageChannel.processMessage(TCPMessageChannel.java:515)
at
gov.nist.javax.sip.parser.PipelinedMsgParser.run(PipelinedMsgParser.java:361)
at java.lang.Thread.run(Thread.java:736)
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path
building failed: java.security.cert.CertPathB
uilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;
internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued
by [email protected], CN=ca.moo
n.qantom.int, OU=scs, O=qantom.int, L=AnyTown, ST=AnyState, C=US is not
trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining
error
at com.ibm.jsse2.n.a(n.java:36)
at com.ibm.jsse2.sc.a(sc.java:442)
at com.ibm.jsse2.gb.a(gb.java:18)
at com.ibm.jsse2.gb.a(gb.java:205)
at com.ibm.jsse2.hb.a(hb.java:46)
at com.ibm.jsse2.hb.a(hb.java:57)
at com.ibm.jsse2.gb.n(gb.java:285)
at com.ibm.jsse2.gb.a(gb.java:146)
at com.ibm.jsse2.sc.a(sc.java:88)
at com.ibm.jsse2.sc.g(sc.java:437)
at com.ibm.jsse2.sc.a(sc.java:544)
at com.ibm.jsse2.sc.startHandshake(sc.java:124)
at gov.nist.javax.sip.stack.IOHandler.sendBytes(IOHandler.java:303)
at
gov.nist.javax.sip.stack.TLSMessageChannel.sendMessage(TLSMessageChannel.java:308)
at
gov.nist.javax.sip.stack.MessageChannel.sendMessage(MessageChannel.java:255)
at
gov.nist.javax.sip.stack.SIPTransaction.sendMessage(SIPTransaction.java:745)
at
gov.nist.javax.sip.stack.SIPClientTransaction.sendMessage(SIPClientTransaction.java:476)
at
gov.nist.javax.sip.stack.SIPClientTransaction.sendRequest(SIPClientTransaction.java:968)
... 11 more
Caused by: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderI
mpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued
by [email protected], CN=ca.moo
n.qantom.int, OU=scs, O=qantom.int, L=AnyTown, ST=AnyState, C=US is not
trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining
error
at com.ibm.jsse2.util.e.b(e.java:101)
at com.ibm.jsse2.util.e.b(e.java:35)
at com.ibm.jsse2.util.d.a(d.java:12)
at com.ibm.jsse2.gc.a(gc.java:28)
at com.ibm.jsse2.gc.checkServerTrusted(gc.java:16)
at com.ibm.jsse2.gc.b(gc.java:82)
at com.ibm.jsse2.hb.a(hb.java:308)
... 24 more
Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl
could not build a valid CertPath.; internal c
ause is:
java.security.cert.CertPathValidatorException: The certificate issued
by [email protected], CN=ca.moo
n.qantom.int, OU=scs, O=qantom.int, L=AnyTown, ST=AnyState, C=US is not
trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining
error
at
com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:411)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
at com.ibm.jsse2.util.e.b(e.java:49)
... 30 more
Caused by: java.security.cert.CertPathValidatorException: The certificate
issued by [email protected], CN=ca.
moon.qantom.int, OU=scs, O=qantom.int, L=AnyTown, ST=AnyState, C=US is not
trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining
error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at
com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
at
com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:732)
at
com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
at
com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:357)
... 32 more
Caused by: java.security.cert.CertPathValidatorException: Certificate chaining
error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 36 more
2010-05-05T11:36:05.518000Z:1878:JAVA:ERR:jupiter.qantom.int:Thread-143:00000000:BackToBackUserAgent:Error
occurred during pr
ocessing of request
javax.sip.SipException: Could not acquire IO Semaphore'176.25.10.203:5081'
after 10 seconds -- giving up
at
gov.nist.javax.sip.stack.SIPClientTransaction.sendRequest(SIPClientTransaction.java:972)
at
org.sipfoundry.sipxbridge.BackToBackUserAgent.sendInviteToItsp(BackToBackUserAgent.java:1890)
at
org.sipfoundry.sipxbridge.CallControlManager.processInvite(CallControlManager.java:621)
at
org.sipfoundry.sipxbridge.CallControlManager.processRequest(CallControlManager.java:3057)
at
org.sipfoundry.sipxbridge.SipListenerImpl.processRequest(SipListenerImpl.java:449)
at gov.nist.javax.sip.EventScanner.deliverEvent(EventScanner.java:224)
at
gov.nist.javax.sip.SipProviderImpl.handleEvent(SipProviderImpl.java:192)
at
gov.nist.javax.sip.DialogFilter.processRequest(DialogFilter.java:1137)
at
gov.nist.javax.sip.stack.SIPServerTransaction.processRequest(SIPServerTransaction.java:823)
at
gov.nist.javax.sip.stack.UDPMessageChannel.processMessage(UDPMessageChannel.java:499)
at
gov.nist.javax.sip.stack.UDPMessageChannel.processIncomingDataPacket(UDPMessageChannel.java:459)
at
gov.nist.javax.sip.stack.UDPMessageChannel.run(UDPMessageChannel.java:295)
at java.lang.Thread.run(Thread.java:736)
Caused by: java.io.IOException: Could not acquire IO
Semaphore'176.25.10.203:5081' after 10 seconds -- giving up
at
gov.nist.javax.sip.stack.IOHandler.enterIOCriticalSection(IOHandler.java:415)
at gov.nist.javax.sip.stack.IOHandler.sendBytes(IOHandler.java:277)
at
gov.nist.javax.sip.stack.TLSMessageChannel.sendMessage(TLSMessageChannel.java:308)
at
gov.nist.javax.sip.stack.MessageChannel.sendMessage(MessageChannel.java:255)
at
gov.nist.javax.sip.stack.SIPTransaction.sendMessage(SIPTransaction.java:745)
at
gov.nist.javax.sip.stack.SIPClientTransaction.sendMessage(SIPClientTransaction.java:476)
at
gov.nist.javax.sip.stack.SIPClientTransaction.sendRequest(SIPClientTransaction.java:968)
... 12 more_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
