[OpenSIPS-Users] Users Digest, Vol 32, Issue 56

David Chedid dchedid at p-group.cc
Fri Mar 25 13:35:17 CET 2011


Dears,

I am trying to use OpenSIPS with TLS but didn't work till now :(

I am getting the following error:

Mar 25 14:09:49 [16855] DBG:core:print_ip: tcpconn_new: new tcp connection
to: 192.168.20.19
Mar 25 14:09:49 [16855] DBG:core:tcpconn_new: on port 4034, type 3
Mar 25 14:09:49 [16855] DBG:core:tls_tcpconn_init: entered: Creating a whole
new ssl connection
Mar 25 14:09:49 [16855] DBG:core:tls_tcpconn_init: looking up socket based
TLS server domain [192.168.168.28:5061]
Mar 25 14:09:49 [16855] DBG:core:tls_find_server_domain: virtual TLS server
domain found
Mar 25 14:09:49 [16855] DBG:core:tls_tcpconn_init: found socket based TLS
server domain [192.168.168.28:5061]
Mar 25 14:09:49 [16855] DBG:core:tls_tcpconn_init: Setting in ACCEPT mode
(server)
Mar 25 14:09:49 [16855] DBG:core:tcpconn_add: hashes: 770, 1
Mar 25 14:09:49 [16855] DBG:core:handle_new_connect: new connection:
0xafc4f7c8 25 flags: 0002
Mar 25 14:09:49 [16855] DBG:core:send2child: to tcp child 0 0(16847),
0xafc4f7c8
Mar 25 14:09:49 [16847] DBG:core:handle_io: received n=4 con=0xafc4f7c8,
fd=12
Mar 25 14:09:49 [16847] DBG:core:io_watch_add: io_watch_add(0x81b6ec0, 12,
2, 0xafc4f7c8), fd_no=1
Mar 25 14:09:49 [16847] DBG:core:tls_update_fd: New fd is 12
Mar 25 14:09:49 [16847] DBG:core:tls_update_fd: New fd is 12
Mar 25 14:09:49 [16847] ERROR:core:tls_accept: some error in SSL (ret=0,
err=1, errno=0/Success):
Mar 25 14:09:49 [16847] ERROR:core:tls_print_errstack: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Mar 25 14:09:49 [16847] DBG:core:io_watch_del: io_watch_del (0x81b6ec0, 12,
-1, 0x10) fd_no=2 called
Mar 25 14:09:49 [16847] DBG:core:release_tcpconn:  releasing con 0xafc4f7c8,
state -2, fd=12, id=1
Mar 25 14:09:49 [16847] DBG:core:release_tcpconn:  extra_data 0xafc5f8e4
Mar 25 14:09:49 [16855] DBG:core:handle_tcp_child: reader response=
afc4f7c8, -2 from 0 
Mar 25 14:09:49 [16855] DBG:core:tcpconn_destroy: destroying connection
0xafc4f7c8, flags 0002
Mar 25 14:09:49 [16855] DBG:core:tls_close: closing SSL connection
Mar 25 14:09:49 [16855] DBG:core:tls_update_fd: New fd is 25
Mar 25 14:09:49 [16855] DBG:core:tls_shutdown: shutdown successful
Mar 25 14:09:49 [16855] DBG:core:tls_tcpconn_clean: entered


Below the configuration file for the debug and TLS Section:

debug=4   
fork=yes 
log_stderror=yes
check_via=no
dns=no  
rev_dns=no

tls_client_domain_avp=0
disable_tls = no
listen = tls:192.168.168.28:5061
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_handshake_timeout=30
tls_send_timeout=30
tls_method = TLSv1
tls_ciphers_list="NULL"
tls_certificate = "/usr/local/etc/opensips//tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/opensips//tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/opensips//tls/user/user-calist.pem"
tls_server_domain [192.168.168.28:5061]
{
tls_certificate = "/usr/local/etc/opensips//tls/user/user-cert.pem"
tls_private_key = "/usr/local/etc/opensips//tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/etc/opensips/tls//user/user-calist.pem"
tls_method = TLSv1
}

Below you can find also info regarding my OpenSIPS server

version: opensips 1.6.4-2-tls (i386/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE, USE_MCAST,
SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 7530 2010-12-13 19:07:53Z bogdan_iancu $
main.c compiled on 13:57:04 Jan 31 2011 with gcc 4.2.4

Linux 2.6.24-23-server #1 SMP Thu Nov 27 19:19:15 UTC 2008 i686 GNU/Linux

Ubuntu 8.04.4 LTS \n \l

Inform me if how can I fix this issue, and if you need more info don't
hesitate to contact me.

BR,


-----Original Message-----
From: users-bounces at lists.opensips.org
[mailto:users-bounces at lists.opensips.org] On Behalf Of
users-request at lists.opensips.org
Sent: Wednesday, March 23, 2011 3:47 AM
To: users at lists.opensips.org
Subject: Users Digest, Vol 32, Issue 56

Send Users mailing list submissions to
	users at lists.opensips.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.opensips.org/cgi-bin/mailman/listinfo/users
or, via email, send a message with subject or body 'help' to
	users-request at lists.opensips.org

You can reach the person managing the list at
	users-owner at lists.opensips.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Users digest..."


Today's Topics:

   1. OpenSIPS/SIP over TLS (David Chedid)
   2. Re: Munin monitoring plugin (ha do)
   3. ERROR:core:tcp_read_req: bad request (John Khvatov)
   4. Re: Opensips Control Pannel does not take effect into
      Opensips Server (Duong Manh Truong)


----------------------------------------------------------------------

Message: 1
Date: Tue, 22 Mar 2011 13:47:21 +0200
From: "David Chedid" <dchedid at p-group.cc>
Subject: [OpenSIPS-Users] OpenSIPS/SIP over TLS
To: <users at lists.opensips.org>
Message-ID: <02b001cbe886$ed185e50$c7491af0$@cc>
Content-Type: text/plain; charset="us-ascii"

I need to test the SIP over TLS using the OpenSIPS.

 

.         I need to know what is the best stable version? so I can install
it and start testing.

.         Do I need to generate certificate and install it from the client
side?

.         Is there any sample of configuration file to use it?

 

 

Thanks,

 

BR,

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.opensips.org/pipermail/users/attachments/20110322/29f3a53b/att
achment-0001.htm>

------------------------------

Message: 2
Date: Tue, 22 Mar 2011 06:48:55 -0700 (PDT)
From: ha do <haloha201 at yahoo.com>
Subject: Re: [OpenSIPS-Users] Munin monitoring plugin
To: OpenSIPS users mailling list <users at lists.opensips.org>
Message-ID: <526619.6915.qm at web32406.mail.mud.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

Hi

interesting plug_in

do you have screen shot of pictures

:D

--- On Tue, 3/22/11, Henning Holtschneider <henning at loca.net> wrote:

> From: Henning Holtschneider <henning at loca.net>
> Subject: [OpenSIPS-Users] Munin monitoring plugin
> To: "OpenSIPS users mailling list" <users at lists.opensips.org>
> Date: Tuesday, March 22, 2011, 2:01 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello everybody,
> 
> I wrote a Munin monitoring plugin which collects data via
> the 'opensipsctl fifo get_statistics' command the other day.
> The plugin is available at
<http://github.com/hehol/OpenSIPS-Munin-Plugin>. If
> you have any questions or suggestions, feel free to contact
> me or just fork my code at Github and contribute!
> 
> Cheers,
> Henning Holtschneider
> - --
> LocaNet oHG - http://www.loca.net
> Lindemannstrasse 81, D-44137 Dortmund
> tel +49 231 91596-25, fax +49 231 91596-55
> sip 25 at voip.loca.net
> 
> Registergericht Amtsgericht Dortmund HRA 14208
> Gesch?ftsf?hrer Sven Haufe, Henning Holtschneider
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (Darwin)
> 
> iEYEARECAAYFAk2IV2EACgkQP9goCV2uudcm3gCfR/37oL7BtYGKdxvvGp9Y2qTS
> lMMAoO4PV6fO9+WOm9zCNjvdD62QZHdR
> =+tCa
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 


      



------------------------------

Message: 3
Date: Tue, 22 Mar 2011 20:54:07 +0300
From: John Khvatov <ivaxer at gmail.com>
Subject: [OpenSIPS-Users] ERROR:core:tcp_read_req: bad request
To: OpenSIPS users mailling list <users at lists.opensips.org>
Message-ID: <D5DCB5BD-EAF3-4E3D-AFE0-F63CA0E53D7E at gmail.com>
Content-Type: text/plain; charset=us-ascii

Hello all.

I could be wrong but it looks like bug in parser:

Mar 22 17:26:22 sip /usr/sbin/opensips[3005]: ERROR:core:tcp_read_req: bad
request, state=4, error=4 buf:#012REGISTER sip:tipmeet.com
SIP/2.0#015#012Via: SIP/2.0/TCP
192.168.1.100:58279;branch=z9hG4bK-d8754z-e162c0293960910c-1---d8754z-;rport
#015#012Max-Forwards: 70#015#012Contact:
<sip:96210185 at 192.168.1.100:58279;rinstance=8f953a1c002afaee;transport=TCP>#
015#012To: "96210185"<sip:96210185 at tipmeet.com>#015#012From:
"96210185"<sip:96210185 at tipmeet.com>;tag=6a11c927#015#012Call-ID:
YTJhZmEzN2EzM2NkNGU1ZWY0ZDU3MTZlZTM3Y2Q1MWQ.#015#012CSeq: 2
REGISTER#015#012Expires: 3600#015#012Allow: INVITE, ACK, CANCEL, OPTIONS,
BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO#015#012User-Agent: Bria release
2.5 RC4 stamp 47242#015#012Authorization: Digest
username="tipmeet.com#012#01296210185",realm="tipmeet.com",nonce="4d88dbdb00
000b9759f36d9f0a8fbac1ae1a3aea9963bae6",uri="sip:tipmeet.com",response="bc7d
38b1bb7b190d94c8ad6a4cd4599a",cnonce="3264a3294f724a3d1cd0ca276593b9ba",nc=0
0000001,qop=auth,algorithm=MD5#015#012Content-Length:
0#015#012#015#012#012parsed:#012REGISTER sip:tipmeet.com SIP/2.0#015#012Via:
SIP/2.0/TCP
192.168.1.100:58279;branch=z9hG4bK-d8754z-e162c0293960910c-1---d8754z-;rport
#015#012Max-Forwards: 70#015#012Contact:
<sip:96210185 at 192.168.1.100:58279;rinstance=8f953a1c002afaee;transport=TCP>#
015#012To: "96210185"<sip:96210185 at tipmeet.com>#015#012From:
"96210185"<sip:96210185 at tipmeet.com>;tag=6a11c927#015#012Call-ID:
YTJhZmEzN2EzM2NkNGU1ZWY0ZDU3MTZlZTM3Y2Q1MWQ.#015#012CSeq: 2
REGISTER#015#012Expires: 3600#015#012Allow: INVITE, ACK, CANCEL, OPTIONS,
BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO#015#012User-Agent: Bria release
2.5 RC4 stamp 47242#015#012Authorization: Digest
username="tipmeet.com#012#012


Pay attention to this header:
Authorization: Digest username="tipmeet.com#012#01296210185"

Quoted string with two NL chars: "tipmeet.com\n\n96210185" did not parsed
correctly.

-- 
WBR, John Khvatov




------------------------------

Message: 4
Date: Wed, 23 Mar 2011 08:47:19 +0700
From: Duong Manh Truong <ngoahotanglongbk at gmail.com>
Subject: Re: [OpenSIPS-Users] Opensips Control Pannel does not take
	effect into Opensips Server
To: users at lists.opensips.org
Message-ID:
	<AANLkTimrLa0UHV4imbHkuGg-_YW8YL5evTX4svh=_5Jx at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Dear Dave!
Thanks for your help.

I've checked the opensips.cfg again but i still can not find out what stuff
is incorrect ! :-(

I attached my config file in this email, hope that will help my problem to
be clearer!

If anyone has had the same issue, please tell me how can i check or fix it.
(Hope to receive relatively specific informations)

Thanks and Best Regards.




Date: Mon, 21 Mar 2011 08:45:03 -0700
From: Dave Singer <dave.singer at wideideas.com>
Subject: Re: [OpenSIPS-Users] Opensips Control Pannel does not take
       effect into Opensips Server
To: OpenSIPS users mailling list <users at lists.opensips.org>
Message-ID:
       <AANLkTinGLDzzbUgJgQXOd_93r31hjnHAVAzPMo64K-MQ at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Duong,

Some modules, like drouting, you have to click a reload module button
in the control pannel.
However, I think your problem is that you haven't implemented the
needed stuff in opensips.cfg script.
CP only provides an interface to managing/accessing the databases
tables. You still have to impliment the logic in opensips.cfg.

Dave

On Sat, Mar 19, 2011 at 3:04 AM, Duong Manh Truong
<ngoahotanglongbk at gmail.com> wrote:
> Hi all,
> I have followed all instructions about Opensips CP installations
> After done all configurations, the Web interface is appeared
> but unfortunately, when i use modules in this interfaces, it seems there
is
> no connection between Opensips CP and Opensips Server Core!
> Take add/manage users module as an example: I registered user 1001, then i
> selected this module to show online users
> => But the result was "no data found" :-(
> I've created opensips database, correctly insert parameters to opensips CP
> config files (including mysql user/pass to connect to opensips database)
> No error found !
> But i still can not use Opensips CP, someone help me to figure out why
> Opensips CP has no effect ??
> Do i misconfig ?(or forget to config) some important parameters to make
> Opensips CP connect properly to Opensips Server Core?
> (Something likes authentications........etc)
> Thanks a lot!
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.opensips.org/pipermail/users/attachments/20110323/e1491166/att
achment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opensips.cfg
Type: application/octet-stream
Size: 11218 bytes
Desc: not available
URL:
<http://lists.opensips.org/pipermail/users/attachments/20110323/e1491166/att
achment.obj>

------------------------------

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


End of Users Digest, Vol 32, Issue 56
*************************************




More information about the Users mailing list