[Spce-user] Fwd: TLS problem

Jon Bonilla (Manwe) jbonilla at sipwise.com
Mon Mar 11 07:37:02 EDT 2013


El Mon, 11 Mar 2013 09:31:23 +0100
Jirka Jirout <jirka.jirout at mac.com> escribió:

> 
> HOWEVER:
> Today I decided to start from scratch and wrote a simple commmand line
> application that does only three things: opens a TLS connection, writes the
> REGISTER SIP message to the socket and prints the response (which should be
> something like 407 Unauthorized or something, but that would be fine).
> 
> The first two steps are fine - ssl_connect() and ssl_write() return success.
> But then the strange thins start to happen:
> 
> - No answer ever comes back
> - When I run ngrep-sip on the server, I do not see the message anywhere,
> although tcpdump shows it on the external interface

are you listening tcp port 5061?
> 
> The weirdest thing of course is that in about 10 % of cases, my new client
> connects just fine and works for hours without any problem. And that the
> older clients work fine.
> 
> my kamailio.cfg for lb looks like this in the tls section:
> 
> #!ifdef ENABLE_TLS
> loadmodule "tls.so"
> #!endif
> ....
> #!ifdef ENABLE_TLS
> modparam("tls", "certificate", "/crypto-keys/certificate.pem")
> modparam("tls", "private_key", "/crypto-keys/private.key")
> modparam("tls", "tls_method", "SSLv23")
> #!endif
> 
> SPCE is v 2.7, openssl 0.9.8.o
> 
> Any help would be greatly appreciated as this is slowly starting to drive me
> nuts ;-)
> 

I'll try to take a look when I have some more time but meanwhile I'd suggest
you to crosspost this to the kamailio-users mailing list as this issue could
match there and you might also get an answer there.





More information about the Spce-user mailing list