Probably we should try to get more info about the error at runtime . Let me do some checks to see how we can squize more info about the error and to print it.
Regards, Bogdan gianluca moretti wrote: > Bogdan, the error is ok, how can i solve the problem. > The update to this issue is if the client send the his certificate to > the server and this cause the problem. > > Ciao > > Best regards > > > Date: Tue, 20 Jan 2009 15:04:48 +0200 > > From: [email protected] > > To: [email protected] > > CC: [email protected]; [email protected] > > Subject: Re: [OpenSIPS-Users] OCS Opensisp certificate issues using TLS > > > > Hi Gianluca, > > > > You get this: > > > > Jan 17 16:06:12 [30304] ERROR:core:_tls_read: something wrong in SSL: 5 > > > > 5 is SSL_ERROR_SYSCALL . See: > > http://openssl.org/docs/ssl/SSL_get_error.html > > > > Regards, > > Bogdan > > > > gianluca moretti wrote: > > > We try to integrate OCS 2007 and opensisps using TLS > > > > > > SCENARIO: > > > > > > [wesip] Sending register to OCS > > > Seas ------------------------------------> EDGE --> OCS > > > [Opensips] > > > > > > > > > Issue: Opensisps cannot connect to EDGE server and in details > > > opensisps send always a the certificate to the client > > > any idea to avoid to opensisps to send the always certificate. > > > EDGE: CertVerifyCertificateChainPolicy retuned a failure in > > > CERT_CHAIN_POLICY_STATUS > > > OPENSIPS: > > > Jan 17 16:06:12 [30303] DBG:core:tls_dump_cert_info: tls_connect: > > > local (client) certificate issuer: /CN=Your_NAME/ST=Your_ST > > > ATE/C=CO/emailAddress=YOUR_EMAIL/O=YOUR_ORG_NAME > > > Jan 17 16:06:12 [30303] DBG:core:tls_write: write was successful (791 > > > bytes) > > > Jan 17 16:06:12 [30303] DBG:core:tcp_send: after write: c= 0xb612fcf8 > > > n=791 fd=23 > > > Jan 17 16:06:12 [30303] DBG:core:tcp_send: buf= > > > REGISTER sip:hmcint.local:5060;transport=tcp SIP/2.0 > > > Via: SIP/2.0/TLS 192.168.5.59:5061;branch=z9hG4bKd863.89657825.0;i=2 > > > Via: SIP/2.0/TCP 192.168.5.59;branch=z9hG4bKd863.79657825.0 > > > To: sip:[email protected];transport=tcp > > > From: > > > > sip:[email protected];transport=tcp;tag=BB479256370FF64C226AA6220F2364DD > > > CSeq: 1 REGISTER > > > Call-ID: [email protected] > > > <mailto:[email protected]> > > > Content-Length: 0 > > > Max-Forwards: 70 > > > Contact: > > > > <sip:192.168.5.59:5060;transport=tcp;AppId=.sip2msipGW>;methods="INVITE, > > > MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY > > > , ACK, > > > > REFER";proxy=replace;+sip.instance="<urn:uuid:787C69C1-2A21-441f-B792-A908ABFF5010>" > > > Supported: gruu-10,adhoclist,msrtc-event-categories,ms-forking > > > ms-keep-alive: UAC;hop-hop=yes > > > Event: registration > > > X-WeSIP-SPIRAL: true > > > > > > Jan 17 16:06:12 [30303] DBG:tm:set_timer: relative timeout is 30 > > > Jan 17 16:06:12 [30303] DBG:tm:insert_timer_unsafe: [0]: > 0xb610d020 (300) > > > Jan 17 16:06:12 [30303] DBG:tm:t_relay_to: new transaction fwd'ed > > > Jan 17 16:06:12 [30303] DBG:tm:t_unref: UNREF_UNSAFE: after is 0 > > > Jan 17 16:06:12 [30303] DBG:core:destroy_avp_list: destroying list > (nil) > > > Jan 17 16:06:12 [30303] DBG:core:receive_msg: cleaning up > > > Jan 17 16:06:12 [30304] DBG:core:tls_update_fd: New fd is 23 > > > Jan 17 16:06:12 [30304] ERROR:core:_tls_read: something wrong in > SSL: 5 > > > Jan 17 16:06:12 [30304] ERROR:core:tcp_read_req: failed to read > > > Jan 17 16:06:12 [30304] DBG:core:io_watch_del: io_watch_del > > > (0x8164160, 23, -1, 0x10) fd_no=2 called > > > Jan 17 16:06:12 [30304] DBG:core:release_tcpconn: releasing con > > > 0xb612fcf8, state -2, fd=23, id=9 > > > Jan 17 16:06:12 [30304] DBG:core:release_tcpconn: extra_data > 0xb613fe10 > > > Jan 17 16:06:12 [30311] DBG:core:handle_tcp_child: reader response= > > > b612fcf8, -2 from 1 > > > Jan 17 16:06:12 [30311] DBG:core:tcpconn_destroy: destroying > > > connection 0xb612fcf8, flags 0002 > > > Jan 17 16:06:12 [30311] DBG:core:tls_close: closing SSL connection > > > > > > > > > The opensips.cfg is configured as following: > > > disable_tls = no > > > listen = tls:##OPENSIPSIP##:5061 > > > tls_verify_server = 0 > > > tls_verify_client = 0 > > > tls_require_client_certificate = 0 > > > tls_method = TLSv1 > > > tls_ca_list = > "/product/opensips//etc/opensips/tls/dario/dario-calist.pem" > > > tls_certificate = > "/product/opensips//etc/opensips/tls/user/user-cert.pem" > > > tls_private_key = > > > "/product/opensips//etc/opensips/tls/user/user-privkey.pem" > > > tls_ciphers_list="RC4-MD5" > > > > > > route{ > > > > > > if(is_present_hf("X-WeSIP-SPIRAL")){ > > > log("\nSPIRAL!!!\n"); > > > t_relay("tls:EDGEIP:5061"); > > > exit;} > > > (on WESIP SPIRAL is equal TRUE) > > > > > > OPENSIPSIP is the CLIENT e EDGEIP is the SERVER > > > > > > > > > Using Open SSL the connection is OK > > > openssl s_client -connect EDGEIP:5061 -ssl2 -CAfile > > > /product/opensips_dev/etc/opensips/tls/user/user-calist.pem -cipher > > > RC4-MD5 > > > > > > New, TLSv1/SSLv3, Cipher is RC4-MD5 > > > Server public key is 1024 bit > > > SSL-Session: > > > Protocol : TLSv1 > > > Cipher : RC4-MD5 > > > Session-ID: > > > E708000007E4CC591AA8982939C17298FBEDF72E749C010EFFC39FBEB2D143A6 > > > Session-ID-ctx: > > > Master-Key: > > > > 5835CA1877799D4B507AA31DB8DEA5F11D27DD077FE43F52DC9606ABF296AF6043402938E384FFF7B1485DC77D4D13D7 > > > Key-Arg : None > > > Krb5 Principal: None > > > Start Time: 1232205185 > > > Timeout : 7200 (sec) > > > Verify return code: 0 (ok) > > > > > > Regards > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > Scoprilo insieme ai nuovi servizi Windows Live! Messenger 9: oltre le > > > parole. <http://download.live.com/messenger/?mkt=it-it> > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > > ------------------------------------------------------------------------ > Scopri le novità! Più veloce, più tua, più Hotmail. > <http://www.messenger.it/hotmail.aspx> _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
