Hi Hamid,
As the ERROR says, the SIP packet came into OpenSIPS in more than 4
chunks, making opensips to close the TCP connection (this is an action
against potential TCP connect based attacks). For more see :
http://www.opensips.org/Documentation/Script-CoreParameters-1-11#toc96
(tcp_max_msg_chunks global param)
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 16.02.2016 15:28, Hamid Hashmi wrote:
Now I am facing following ERROR. What can be the reason ?
|Feb 16 13:11:43 ec2-siplb SIPLB[30844]:
NOTICE:proto_tls:verify_callback: depth = 2 Feb 16 13:11:43 ec2-siplb
SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good:
verify return: 1 Feb 16 13:11:43 ec2-siplb SIPLB[30844]:
NOTICE:proto_tls:verify_callback: depth = 1 Feb 16 13:11:43 ec2-siplb
SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good:
verify return: 1 Feb 16 13:11:43 ec2-siplb SIPLB[30844]:
NOTICE:proto_tls:verify_callback: depth = 0 Feb 16 13:11:43 ec2-siplb
SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good:
verify return: 1 Feb 16 13:11:43 ec2-siplb SIPLB[30844]:
INFO:proto_tls:tls_accept: New TLS connection from 103.255.5.39:64219
accepted Feb 16 13:11:43 ec2-siplb SIPLB[30844]:
INFO:proto_tls:tls_dump_cert_info: tls_accept: client TLS certificate
subject: ******* Feb 16 13:11:43 ec2-siplb SIPLB[30844]:
INFO:proto_tls:tls_dump_cert_info: tls_accept: local TLS server
certificate subject: ******* Feb 16 13:11:43 ec2-siplb SIPLB[30844]:
ERROR:proto_tls:tcp_handle_req: Made 4 read attempts but message is
not complete yet - closing connection |
*/Hamid R. Hashmi/*
Software Engineer - VoIP
Vopium A/S
------------------------------------------------------------------------
Date: Fri, 12 Feb 2016 08:03:44 +0000
Subject: Re: [OpenSIPS-Users] How to TLS ?
From: [email protected]
To: [email protected]; [email protected]
Hi,
That option is only required if you want to enable "Mutual (two-way)
client authentication' and is not normally necessary when using TLS.
Most of these clients don't seem to support two way authentication.
You can have this option disabled:
modparam("proto_tls","require_cert", "0").
477 error in my experience is usually a temporary connection error
related to TLS, but not directly related to configuration.
Nabeel
On 12 Feb 2016 6:45 am, "Hamid Hashmi" <[email protected]
<mailto:[email protected]>> wrote:
Nabeel
I dont know how to present a certificate from client. I have tried
using Xoiper (Android - Free), SFLphone (Ubuntu) and CsipSimple
(Android) but there was no options set a public key.
Now I am using CA signed certificates in opensips with disabled
flags of verify_cert and require_cert, having an error of *477
Send failed (477/TM). *
*/Hamid R. Hashmi/*
Software Engineer - VoIP
Vopium A/S
------------------------------------------------------------------------
Date: Tue, 9 Feb 2016 08:48:41 +0000
From: [email protected] <mailto:[email protected]>
To: [email protected] <mailto:[email protected]>
Subject: Re: [OpenSIPS-Users] How to TLS ?
Hi,
Does the client present a client certificate? If not, then with
modparam("proto_tls","require_cert", "1"), OpenSIPS misleadingly logs:
'failed to accept: rejected by client'. What it actually means is
that the client failed to present a certificate.
On 9 Feb 2016 6:06 am, "Hamid Hashmi" <[email protected]
<mailto:[email protected]>> wrote:
It will be a great help if you please help me in configuring
TLS. I have followed this
<http://www.opensips.org/Documentation/Tutorials-TLS-2-1> to
configure TLS but could not able to verify certificates.
its working if disable following flags
modparam("proto_tls","verify_cert", "0")
modparam("proto_tls","require_cert", "0")
BUT not verifying certificates. Please see logs
<http://pastebin.com/qmXZjSy2> if enabled
modparam("proto_tls","verify_cert", "1")
modparam("proto_tls","require_cert", "1")
then have following ERROR
|Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29867]:
[udp:[email protected]:8000
<http://192.168.26.181:8000>]: Receive request OPTIONS from
local server [192.168.26.181] Feb 9 05:57:14
comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_accept:
New TLS connection from 115.186.93.1:47015
<http://115.186.93.1:47015> failed to accept: rejected by
client Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]:
ERROR:proto_tls:tls_read_req: failed to do pre-tls reading Feb
9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]:
[tcp:[email protected]:6080 <http://192.168.26.180:6080>]:
In LOCAL Route sending OPTIONS to 192.168.26.181 Feb 9
05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]:
INFO:core:probe_max_sock_buff: using snd buffer of 244 kb Feb
9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]:
INFO:core:init_sock_keepalive: TCP keepalive enabled on socket
17 |
Regards
*/Hamid R. Hashmi/*
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
