On Sun, Sep 12, 2010 at 12:00 PM, Tony Graziano <
[email protected]> wrote:
> I would wonder if you could look at the code for the SSL server and see if
> there is any connection stuff about ssl v3 in there. I am guessing before it
> only supported 1/2?
>
> Do you have the certificate for this seer, or a previous build for it
> installed/imported in your browser? If so, would it connect from another
> machine?
>
Hmm, I don't know how can I verify these things..., but when I only want to
restart only config here is what I get:
[r...@decebal bin]# ./sipxproc --restart ConfigServer
/usr/lib/ruby/1.8/net/http.rb:586:in `connect': sslv3 alert handshake
failure (OpenSSL::SSL::SSLError)
from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /usr/lib/ruby/1.8/net/http.rb:548:in `start'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
from ./sipxproc:294
[r...@decebal bin]#
>
>
> On Sun, Sep 12, 2010 at 4:44 AM, Mircea Carasel <[email protected]> wrote:
>
>>
>>
>> On Sun, Sep 12, 2010 at 11:31 AM, Tony Graziano <
>> [email protected]> wrote:
>>
>>> i have that same version running here but it was an update. You installed
>>> from RPM or ISO?
>>
>>
>> No, I just grabbed the latest code from master-4.2 branch (douglas's repo)
>> and performed a development build
>> This is very weird, everything seems fine on my system....
>>
>>>
>>>
>>> On Sun, Sep 12, 2010 at 4:27 AM, Mircea Carasel <[email protected]>wrote:
>>>
>>>>
>>>>
>>>> On Sun, Sep 12, 2010 at 11:19 AM, Tony Graziano <
>>>> [email protected]> wrote:
>>>>
>>>>> what version is this?
>>>>
>>>>
>>>> I am running: 4.3.0-019022 2010-09-11T19:08:11
>>>>
>>>>
>>>>
>>>>>
>>>>> On Sun, Sep 12, 2010 at 4:17 AM, Mircea Carasel <[email protected]>wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Sep 12, 2010 at 10:36 AM, Tony Graziano <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> Hi Mircea,
>>>>>>>
>>>>>>> It's clearly an SSL cert issue.
>>>>>>>
>>>>>>> Was the system running sipxecs and then you uninstalled or dropped
>>>>>>> the db before reinstalling?
>>>>>>>
>>>>>>> If it was you might want to look at this:
>>>>>>>
>>>>>>>
>>>>>>> http://wiki.sipfoundry.org/display/oldxx/Notes+on+SSL+Keys+and+Keystores+used+by+sipx
>>>>>>>
>>>>>>> You need to delete the SSL stuff if so. If you changed the hostname
>>>>>>> since it was installed, you might want to look at /etc/hosts and
>>>>>>> correct it.
>>>>>>>
>>>>>>>
>>>>>>> Here's what I do to clear a box to reinstall it:
>>>>>>>
>>>>>>> sipxconfig.sh --database drop
>>>>>>> rm -rf $INSTALL/etc/sipxpbx/ssl/*
>>>>>>> rm -rf $INSTALL/var/sipxdata/certdb/*
>>>>>>>
>>>>>>> Then run the setup script again. Alternately you could delete the
>>>>>>> certs that are there and just create and install the certificates:
>>>>>>>
>>>>>>> bin/ssl-cert/gen-ssl-keys.sh
>>>>>>> bin/ssl-cert/install-cert.sh
>>>>>>>
>>>>>>> Thanks,
>>>>>> Done all that... but unfortunatelly I get the same results...
>>>>>> I checked /etc/hosts and everything is fine...
>>>>>>
>>>>>> Mircea
>>>>>>
>>>>>>>
>>>>>>> On Sun, Sep 12, 2010 at 3:20 AM, Mircea Carasel
>>>>>>> <[email protected]>wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I made a sipxecs fresh install and I noticed that XML-RPC calls are
>>>>>>>> not working...
>>>>>>>> More than this, when I run sipxecs (etc/init.d/sipxecs start)
>>>>>>>> sipxconfig is not launched. As a result, sipxconfig.log is not created
>>>>>>>>
>>>>>>>> If I launch by hand /bin/sipxconfig.sh I get the following error
>>>>>>>> for: XML-RPC replications
>>>>>>>>
>>>>>>>> "2010-09-12T07:04:20.315000Z":7:JAVA:ERR:decebal:background:00000000:XmlRpcClientInterceptor:"Exception
>>>>>>>> in XML/RPC call"
>>>>>>>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
>>>>>>>> handshake_failure
>>>>>>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>>>>>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>>>>>>>> at
>>>>>>>> sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1705)
>>>>>>>>
>>>>>>>> Apparently there is a problem with the generated certificates ( I
>>>>>>>> rerun sipxecs-setup many times but without success)
>>>>>>>> So I added the following KeyStoreOpt:
>>>>>>>> -Djavax.net.debug=ssl,handshake
>>>>>>>> I rerun sipxconfig.sh and I get:
>>>>>>>>
>>>>>>>> Avoiding obscuring previous error by supressing error encountered
>>>>>>>> while ending request: org.apache.xmlrpc.XmlRpcClientException:
>>>>>>>> Exception
>>>>>>>> closing URLConnection
>>>>>>>> %% No cached client session
>>>>>>>> *** ClientHello, TLSv1
>>>>>>>> RandomCookie: GMT: 1267497853 bytes = { 144, 111, 166, 239, 177,
>>>>>>>> 23, 168, 231, 115, 4, 127, 177, 97, 219, 129, 193, 118, 139, 230, 75,
>>>>>>>> 24,
>>>>>>>> 42, 206, 9, 221, 103, 128, 26 }
>>>>>>>> Session ID: {}
>>>>>>>> Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
>>>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
>>>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>>>>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
>>>>>>>> SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>>>>>>>> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
>>>>>>>> SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
>>>>>>>> SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
>>>>>>>> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
>>>>>>>> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
>>>>>>>> Compression Methods: { 0 }
>>>>>>>> ***
>>>>>>>> pool-82-thread-1, WRITE: TLSv1 Handshake, length = 79
>>>>>>>> pool-82-thread-1, WRITE: SSLv2 client hello message, length = 107
>>>>>>>> pool-82-thread-1, READ: TLSv1 Alert, length = 2
>>>>>>>> pool-82-thread-1, RECV TLSv1 ALERT: fatal, handshake_failure
>>>>>>>> pool-82-thread-1, called closeSocket()
>>>>>>>> pool-82-thread-1, handling exception:
>>>>>>>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
>>>>>>>> handshake_failure
>>>>>>>> %% No cached client session
>>>>>>>>
>>>>>>>> Also, I checked
>>>>>>>>
>>>>>>>> [mirc...@decebal ~]$ curl -k -X GET
>>>>>>>> https://decebal.buc.ro:8092/RPC2
>>>>>>>> curl: (35) SSL connect error
>>>>>>>>
>>>>>>>> Any help is appreciated...
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Mircea
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> sipx-dev mailing list
>>>>>>>> [email protected]
>>>>>>>> List Archive: http://list.sipfoundry.org/archive/sipx-dev/
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> ======================
>>>>>>> Tony Graziano, Manager
>>>>>>> Telephone: 434.984.8430
>>>>>>> sip: [email protected]
>>>>>>> Fax: 434.984.8431
>>>>>>>
>>>>>>> Email: [email protected]
>>>>>>>
>>>>>>> LAN/Telephony/Security and Control Systems Helpdesk:
>>>>>>> Telephone: 434.984.8426
>>>>>>> sip: [email protected]
>>>>>>> Fax: 434.984.8427
>>>>>>>
>>>>>>> Helpdesk Contract Customers:
>>>>>>> http://www.myitdepartment.net/gethelp/
>>>>>>>
>>>>>>> Why do mathematicians always confuse Halloween and Christmas?
>>>>>>> Because 31 Oct = 25 Dec.
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> sipx-dev mailing list
>>>>>>> [email protected]
>>>>>>> List Archive: http://list.sipfoundry.org/archive/sipx-dev/
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> sipx-dev mailing list
>>>>>> [email protected]
>>>>>> List Archive: http://list.sipfoundry.org/archive/sipx-dev/
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ======================
>>>>> Tony Graziano, Manager
>>>>> Telephone: 434.984.8430
>>>>> sip: [email protected]
>>>>> Fax: 434.984.8431
>>>>>
>>>>> Email: [email protected]
>>>>>
>>>>> LAN/Telephony/Security and Control Systems Helpdesk:
>>>>> Telephone: 434.984.8426
>>>>> sip: [email protected]
>>>>> Fax: 434.984.8427
>>>>>
>>>>> Helpdesk Contract Customers:
>>>>> http://www.myitdepartment.net/gethelp/
>>>>>
>>>>> Why do mathematicians always confuse Halloween and Christmas?
>>>>> Because 31 Oct = 25 Dec.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sipx-dev mailing list
>>>>> [email protected]
>>>>> List Archive: http://list.sipfoundry.org/archive/sipx-dev/
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> sipx-dev mailing list
>>>> [email protected]
>>>> List Archive: http://list.sipfoundry.org/archive/sipx-dev/
>>>>
>>>
>>>
>>>
>>> --
>>> ======================
>>> Tony Graziano, Manager
>>> Telephone: 434.984.8430
>>> sip: [email protected]
>>> Fax: 434.984.8431
>>>
>>> Email: [email protected]
>>>
>>> LAN/Telephony/Security and Control Systems Helpdesk:
>>> Telephone: 434.984.8426
>>> sip: [email protected]
>>> Fax: 434.984.8427
>>>
>>> Helpdesk Contract Customers:
>>> http://www.myitdepartment.net/gethelp/
>>>
>>> Why do mathematicians always confuse Halloween and Christmas?
>>> Because 31 Oct = 25 Dec.
>>>
>>>
>>> _______________________________________________
>>> sipx-dev mailing list
>>> [email protected]
>>> List Archive: http://list.sipfoundry.org/archive/sipx-dev/
>>>
>>
>>
>> _______________________________________________
>> sipx-dev mailing list
>> [email protected]
>> List Archive: http://list.sipfoundry.org/archive/sipx-dev/
>>
>
>
>
> --
> ======================
> Tony Graziano, Manager
> Telephone: 434.984.8430
> sip: [email protected]
> Fax: 434.984.8431
>
> Email: [email protected]
>
> LAN/Telephony/Security and Control Systems Helpdesk:
> Telephone: 434.984.8426
> sip: [email protected]
> Fax: 434.984.8427
>
> Helpdesk Contract Customers:
> http://www.myitdepartment.net/gethelp/
>
> Why do mathematicians always confuse Halloween and Christmas?
> Because 31 Oct = 25 Dec.
>
>
> _______________________________________________
> sipx-dev mailing list
> [email protected]
> List Archive: http://list.sipfoundry.org/archive/sipx-dev/
>
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev/
