[OpenSIPS-Users] Problem in sending outbound SIP messages via TLS

Nachiket Tarate tarate.nachiket at gmail.com
Tue Sep 2 12:56:36 CEST 2008 

Hi Klaus,

Thanks for your reply!

If you move slightly upward in my log file, you will find following lines:

Aug 20 17:00:42 [22847] DBG:core:tcp_send: no open tcp connection found,
opening new one
Aug 20 17:00:42 [22847] DBG:core:print_ip: tcpconn_new: new tcp connection
to: 172.25.0.113
Aug 20 17:00:42 [22847] DBG:core:tcpconn_new: on port 28785, type 3
Aug 20 17:00:42 [22847] DBG:core:tls_tcpconn_init: entered: Creating a whole
new ssl connection
Aug 20 17:00:42 [22847] DBG:core:tls_tcpconn_init: name based TLS client
domains are disabled
Aug 20 17:00:42 [22847] DBG:core:tls_tcpconn_init: no TLS client doman AVP
set, looking for socket based TLS client domain
Aug 20 17:00:42 [22847] DBG:core:tls_find_client_domain: virtual TLS client
domain not found, Using default TLS client domain settings
Aug 20 17:00:42 [22847] DBG:core:tls_tcpconn_init: found socket based TLS
client domain [0.0.0.0:0]
Aug 20 17:00:42 [22847] DBG:core:tls_tcpconn_init: Setting in CONNECT mode
(client)
Aug 20 17:00:42 [22847] DBG:core:tcp_send: sending...
Aug 20 17:00:42 [22847] DBG:core:tls_update_fd: New fd is 25
Aug 20 17:00:42 [22847] ERROR:core:tls_connect: something wrong in SSL:

This shows that there is not any existing TCP connection with eyeBeam
available and it is obvious as the "INVITE" message is outbound message.

OpenSIPs server successfully establishes TCP connection with eyeBeam but the
TLS handshake fails. So as suggested by you I need to go in more dtails by
using ssldump utility.


Thanks agian,
NT


On Mon, Sep 1, 2008 at 8:06 PM, Klaus Darilion <klaus.mailinglists at pernau.at
> wrote:

> Aug 20 17:00:42 [22847] DBG:core:tcp_send: sending...
> Aug 20 17:00:42 [22847] DBG:core:tls_update_fd: New fd is 25
> Aug 20 17:00:42 [22847] ERROR:core:tls_connect: something wrong in SSL:
> Aug 20 17:00:42 [22847] DBG:core:tcp_send: after write: c= 0xb60f4d78 n=-1
> fd=25
> Aug 20 17:00:42 [22847] DBG:core:tcp_send: buf=
>
> Unfortunately the log file does not tell us what the problem was.
>
> Sniff the TLS connection to find out the problem:
> 1. Does openser establish TCP connection with eyebeam - usually there
> should be an existing TCP/TLS connection - if this is not the case you will
> problems anyway.)
>
> So watch out if there is existing TCP/TLS connection of if a new one is
> setup
>
> If a new one is setup, take a look if the ssl ahdnshak is fine (e.g. use
> ssldump utility)
>
> regards
> klaus
>
> Nachiket Tarate schrieb:
>
>>  Hi,
>>
>> I am currently trying to make Secure RTP calls between my SIP client and
>> the eyeBeam. When eyeBeam is configured for encrypted calls, it uses Secure
>> RTP for media and TLS for SIP signalling.
>>
>> I have configured the OpenSIPs server with TLS support.
>>
>> The scenario is as shown below:
>>
>>
>>  ----------------    UDP      ------------------    TLS    -------------
>> |  My SIP Client |  <----->  |  OpenSIPs Server | <-----> | eyeBeam 1.5 |
>>  ----------------             ------------------           -------------
>>  Linux Machine                Linux Machine             Widows XP machine
>>
>> When a call is made from eyeBeam to My SIP client the call gets
>> established properly and the OpenSIPs server acts as a gateway.
>>
>> But when a call is made from My SIP client to eyeBeam the OpenSIPs returns
>> the *477 Send failed* response to My SIP client.
>>
>> By enabling the debug informaiton on OpenSIPs server, I found that it
>> couldn't do TLS handshake with the eyeBeam and so couldn't send the SIP
>> Request from My SIP client to the eyeBeam.
>>
>> In brief the OpenSIPs server can accept the inbound messages via TLS but
>> *it can't send outbound messages via TLS*.
>>
>> Can anybody help me to resolve this problem? Please see my opensips.cfg
>> file and OpenSIPs server logs attached with this mail.
>>
>> Thanks,
>> NT
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20080902/e06a6eed/attachment.htm

More information about the Users mailing list