[Spce-user] Fwd: TLS problem

Jirka Jirout jirka.jirout at mac.com
Mon Mar 11 04:31:23 EDT 2013


Hello,

I have now spent almost a week trying to figure out some very weird TLS behavior. I am putting together a new client app and I am experiencing strange things here. The new app can connect in about 10 % of all cases. Since SPCE is still working fine with the existing ones, I naturally lamed the new application any me code. 

HOWEVER:
Today I decided to start from scratch and wrote a simple commmand line application that does only three things: opens a TLS connection, writes the REGISTER SIP message to the socket and prints the response (which should be something like 407 Unauthorized or something, but that would be fine).

The first two steps are fine - ssl_connect() and ssl_write() return success. But then the strange thins start to happen:

- No answer ever comes back
- When I run ngrep-sip on the server, I do not see the message anywhere, although tcpdump shows it on the external interface

I first though this might be a certificate problem or something, but running my app against the spce administration interface on port 1433 returns the data just fine, although the interface uses the same SSL certificates.

The weirdest thing of course is that in about 10 % of cases, my new client connects just fine and works for hours without any problem. And that the older clients work fine.

my kamailio.cfg for lb looks like this in the tls section:

#!ifdef ENABLE_TLS
loadmodule "tls.so"
#!endif
....
#!ifdef ENABLE_TLS
modparam("tls", "certificate", "/crypto-keys/certificate.pem")
modparam("tls", "private_key", "/crypto-keys/private.key")
modparam("tls", "tls_method", "SSLv23")
#!endif

SPCE is v 2.7, openssl 0.9.8.o

Any help would be greatly appreciated as this is slowly starting to drive me nuts ;-)

regards, jj





More information about the Spce-user mailing list