Re: [repro-users] SSL Error want syscall / TLS handshake failed
Looks like a handshake issue. Using wireshark to trace the handshake
process usually helps further in troubleshooting. One possible cause
is that repro is using TLSv1 and the client is using SSLv2 or v3
handshake.
Note: Repro on windows will not use the windows certificate store.
If you don't provide an alternate location on the command line, repro
will expect your certificates to be in .pem files located in
c:\sipCerts folder. See the following wiki page for help on the .pem
file naming convention:
http://www.resiprocate.org/Certificates
Scott
On Mon, Oct 5, 2009 at 11:50 AM, Thangavelu, Palaniselvam
<palaniselvam.thangavelu@xxxxxxxxxxx> wrote:
> Hi All,
>
> I am trying the run the proxy configured with the TLS transport (using
> domain certificates) on a x86 windows 2003 server (SP2)
>
> I could see the following TLS connection error on the log and am kind of
> stuck with this error for sometime now, this log is with the resiprocate
> 1.3.4,
>
> RESIP:TRANSPORT | 3428 | TlsConnection.cxx:40 | Creating TLS connection for
> domain ilab2stag-ns.vzbi.com [ V4 xxx.xxx.xxx.xxx:21378 TLS target
> domain=unspecified mFlowKey=0 ] on 1000
> RESIP:TRANSPORT | 3428 | TlsConnection.cxx:191 | TLS connection failed ok=0
> err=5 error:00000005:lib(0):func(0):DH lib
> RESIP:TRANSPORT | 3428 | TlsConnection.cxx:211 | (SSL Error want syscall)
> RESIP:TRANSPORT | 3428 | TlsConnection.cxx:212 | Error may be because trying
> ssl connection to tls server
> RESIP:TRANSPORT | 3428 | TlsConnection.cxx:244 | Couldn't TLS connect
> RESIP:TRANSACTION | 3428 | TuSelector.cxx:85 | Sending ConnectionTerminated
> [ V4 xxx.xxx.xxx.xxx:21378 TLS target domain=unspecified mFlowKey=1000 ] to
> TUs
> RESIP:TRANSPORT | 3428 | TcpConnection.cxx:24 | Before ::recv() on socket
> [1000] count of :[2048]
> RESIP:TRANSPORT | 3428 | TcpConnection.cxx:73 | Connection closed by remote
> CONN: 00C630C8 1000 [ V4 xxx.xxx.xxx.xxx:21381 TCP target domain=unspecified
> mFlowKey=1000 ]
> RESIP:TRANSACTION | 3428 | TuSelector.cxx:85 | Sending ConnectionTerminated
> [ V4 xxx.xxx.xxx.xxx:21381 TCP target domain=unspecified mFlowKey=1000 ] to
> TUs
> I tried updating the stack to resiprocate 1.5 & with the OpenSSL 0.9.8k for
> windows and VS 2008 redistributable and still get
>
> RESIP:TRANSPORT | 5888 | TlsConnection.cxx:42 | Creating TLS connection for
> domain xyzverizon.com [ V4 xxx.xxx.xxx.xxx:44468 TLS target
> domain=unspecified mFlowKey=0 ] on 1008
> RESIP:TRANSPORT | 5888 | TlsConnection.cxx:178 | TLS handshake starting
> (Server mode)
> RESIP:TRANSPORT | 5888 | TlsConnection.cxx:189 | TLS connected
> RESIP:TRANSPORT | 5888 | TlsConnection.cxx:239 | socket error 0
> RESIP:TRANSPORT | 5888 | TlsConnection.cxx:245 | TLS handshake failed
> RESIP:TRANSACTION | 5888 | TuSelector.cxx:85 | Sending ConnectionTerminated
> [ V4 xxx.xxx.xxx.xxx:44468 TLS target domain=unspecified mFlowKey=1008 ] to
> TUs
> RESIP:TRANSPORT | 5888 | TcpConnection.cxx:72 | Connection closed by remote
> CONN: 00C9EEB0 1008 [ V4 xxx.xxx.xxx.xxx:44473 TCP target domain=unspecified
> mFlowKey=1008 ]
> RESIP:TRANSACTION | 5888 | TuSelector.cxx:85 | Sending ConnectionTerminated
> [ V4 xxx.xxx.xxx.xxx:44473 TCP target domain=unspecified mFlowKey=1008 ] to
> TUs
> I did put the domain_cert*.pem and domain_key*.pem files on the path &
> configured using --cert-path , --tls-domain & --domain options
>
> Any inputs on this is much appreciated.
> Please let me know if i am missing something here .
>
>
> Thanx
> Palani
> _______________________________________________
> repro-users mailing list
> repro-users@xxxxxxxxxxxxxxx
> https://list.resiprocate.org/mailman/listinfo/repro-users
>