[OpenSIPS-Users] Trying to get TLS working with OpenSips 1.5

Bogdan-Andrei Iancu bogdan at voice-system.ro
Fri Apr 24 14:10:11 CEST 2009 

Hi Anil,

Are you sure the connecting party is also using TLS ? maybe it is using 
pure TCP instead of TLC - use tcpdump to see what is going one.

Regards,
Bogdan

Anil Pannikode wrote:
> THanks for the tip. I did not cut and paste the private key properly. 
> It is now loading how ever the connection is failing with the 
> following error
>
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tls_find_server_domain: virtual TLS server domain not found, 
> Using default TLS server domain settings
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tls_tcpconn_init: found socket based TLS server domain 
> [0.0.0.0:0]
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tcpconn_add: hashes: 594, 1
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:handle_new_connect: new connection: 0xb3ebdf50 24 flags: 0002
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:send2child: to tcp child 0 0(16980), 0xb3ebdf50
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> DBG:core:handle_io: received n=4 con=0xb3ebdf50, fd=19
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> DBG:core:io_watch_add: io_watch_add(0x826ab20, 19, 2, 0xb3ebdf50), 
> fd_no=1
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> DBG:core:tls_update_fd: New fd is 19
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> ERROR:core:tls_accept: some error in SSL:
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> ERROR:core:tls_print_errstack: error:140760FC:SSL 
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> DBG:core:io_watch_del: io_watch_del (0x826ab20, 19, -1, 0x10) fd_no=2 
> called
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> DBG:core:release_tcpconn: releasing con 0xb3ebdf50, state -2, fd=19, id=1
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: 
> DBG:core:release_tcpconn: extra_data 0xb3ece068
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:handle_tcp_child: reader response= b3ebdf50, -2 from 0
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tcpconn_destroy: destroying connection 0xb3ebdf50, flags 0002
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tls_close: closing SSL connection
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tls_update_fd: New fd is 24
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tls_shutdown: shutdown successful
> Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: 
> DBG:core:tls_tcpconn_clean: entered
>
>
> Regards
>
> Anil
>
>
>
> > Date: Thu, 23 Apr 2009 23:24:44 +0300
> > From: bogdan at voice-system.ro
> > To: anilpannikode at hotmail.com
> > CC: users at lists.opensips.org
> > Subject: Re: [OpenSIPS-Users] Trying to get TLS working with 
> OpenSips 1.5
> >
> > Hi Anil,
> >
> > Typical error cases:
> > - the private key file does not exist or you do not have permission
> > to read that file
> > - the private key file is not in PEM (base64 encoded) format.
> > - if the private key file is encrypted, the password is not correct
> > or no password was provided
> > - if you loaded a certificate file before issuing this function, the
> > public key in that certificate does not match the corresponding private
> > key in the private key file.
> >
> > Regards,
> > Bogdan
> >
> > Anil M Pannikode (hotmail) wrote:
> > >
> > > I am getting the following error in the log files
> > >
> > >
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_certificate:
> > > entered
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_certificate:
> > > '//etc/opensips/tls/user/certonly.pem' successfuly loaded
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: Entered
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: CA
> > > '//etc/opensips/tls/user/user-calist.pem' successfuly loaded
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_private_key:
> > > entered
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key:
> > > unable to load private key file
> > > '//etc/opensips/tls/user/privatekey.pem'. Retry (2 left) (check
> > > password case)
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key:
> > > unable to load private key file
> > > '//etc/opensips/tls/user/privatekey.pem'. Retry (1 left) (check
> > > password case)
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key:
> > > unable to load private key file
> > > '//etc/opensips/tls/user/privatekey.pem'. Retry (0 left) (check
> > > password case)
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: ERROR:core:load_private_key:
> > > unable to load private key file 
> '//etc/opensips/tls/user/privatekey.pem'
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: CRITICAL:core:main: could 
> not
> > > initialize tls, exiting...
> > >
> > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:dispatcher:destroy:
> > > destroying module ...
> > >
> > >
> > >
> > > Anybody know what the issues or where to set the password ?
> > >
> > >
> > >
> > > Anil
> > >
> > >
> > >
> > > 
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opensips.org
> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > >
> >
>
> ------------------------------------------------------------------------
> Create a cool, new character for your Windows Live™ Messenger. Check 
> it out <http://go.microsoft.com/?linkid=9656621>

More information about the Users mailing list