Re: [reSIProcate-users] Resiprocate TLS help
- From: "Krister Jarl" <kj@xxxxxxxxxxx>
- Date: Thu, 29 Nov 2007 15:03:22 +0100
Ok that did the trick. Thanks! "TLS sessions set up with TLSv1 TLSv1/SSLv3
AES256-SHA".
I have some follow up questions on using reciprocate with TLS.
1. When the TLS connection is setup, do I have to encrypt/decrypt my
SIP-messages on my own or will the stack do this for me? Can I just call the
send function just as usual?
2. What's the behaviour of reciprocate when acting as client? Will it present a
certificate? Does reciprocate support mutual TLS?
Thanks for your time.
Best regards
Krister
>-----Ursprungligt meddelande-----
>Från: Byron Campen [mailto:bcampen@xxxxxxxxxxxx]
>Skickat: den 23 november 2007 21:26
>Till: Krister Jarl
>Kopia: resiprocate-users@xxxxxxxxxxxxxxx
>Ämne: Re: [reSIProcate-users] Resiprocate TLS help
>
> I've looked at the code, and I'm pretty sure this was fixed in
>version 1.2. If you can get your sipp instance to put an rport in its
>Via, this should let things function ok with 1.1.
>
>Best regards,
>Byron Campen
>
>> I'm running version 1.1. Please find the full log attached.
>> Thanks!
>>
>>> -----Ursprungligt meddelande-----
>>> Från: Byron Campen [mailto:bcampen@xxxxxxxxxxxx]
>>> Skickat: den 23 november 2007 06:32
>>> Till: Krister Jarl
>>> Kopia: Boris Rozinov; resiprocate-users@xxxxxxxxxxxxxxx
>>> Ämne: Re: [reSIProcate-users] Resiprocate TLS help
>>>
>>> This is very strange behavior. What revision are you running?
>>> Also,
>>> full logs would help us debug.
>>>
>>> Best regards,
>>> Byron Campen
>>>
>>>
>>>> Ok, I see. Then what am I doing wrong?
>>>> I'm just using one of the makeResponse functions to create the
>>>> response and then passing it to the stack send function.
>>>>
>>>> /KJ
>>>>
>>>>> -----Ursprungligt meddelande-----
>>>>> Från: Boris Rozinov [mailto:borisrozinov@xxxxxxxx]
>>>>> Skickat: den 22 november 2007 16:02
>>>>> Till: Krister Jarl; resiprocate-users@xxxxxxxxxxxxxxx
>>>>> Ämne: Re: [reSIProcate-users] Resiprocate TLS help
>>>>>
>>>>> It is not OK to try to open new conection for sending
>>>>> response; UA should reuse the same connection that the
>>>>> request was received on. Only if this connection is
>>>>> down, UA should open new connection based on value
>>>>> retrieved in Via header.
>>>>>
>>>>> --- Krister Jarl <kj@xxxxxxxxxxx> wrote:
>>>>>
>>>>>> Hi!
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'm using the resiprocate stack to implement TLS
>>>>>> support for our
>>>>>> application, but I've encountered some problems.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I've set up the security object and passed it to the
>>>>>> stack. Receiving an
>>>>>> INVITE works perfectly but when I'm trying to send a
>>>>>> 100 Trying response
>>>>>> I get the following:
>>>>>>
>>>>>> connection id 4 exists, but does not match the
>>>>>> destination. ("Cid" and
>>>>>> "Tuple" does not match. From what I can see the only
>>>>>> thing that differs
>>>>>> is the remote port.)
>>>>>>
>>>>>>
>>>>>>
>>>>>> So resiprocate then tries to set up a new connection
>>>>>> (I guess this is
>>>>>> OK?). However, during the handshake there's a
>>>>>> certificate mismatch.
>>>>>>
>>>>>> "Certificate name mismatch: trying to connect to <>
>>>>>> remote cert
>>>>>> domain(s) are <X.X.X.X>"
>>>>>>
>>>>>>
>>>>>>
>>>>>> The remote cert domain is correct but why is target
>>>>>> domain empty?
>>>>>> Checking the log file I can see that the target
>>>>>> domain is 'unspecified'.
>>>>>>
>>>>>> I'm betting that I've overlooked something simple.
>>>>>> All help is much
>>>>>> appreciated!
>>>>>>
>>>>>>
>>>>>>
>>>>>> Also, when sending requests, can I think of the
>>>>>> TlsTransport as an
>>>>>> "encrypted pipe" just throwing my requests into it
>>>>>> or do I have to take
>>>>>> some special actions before sending?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> KJ
>>>>>>
>>>>>>> _______________________________________________
>>>>>> resiprocate-users mailing list
>>>>>> resiprocate-users@xxxxxxxxxxxxxxx
>>>>>> List Archive:
>>>>> http://resiprocate.org/archive/resiprocate-users/
>>>>>
>>>>>
>>>>>
>>>>> Looking for the perfect gift? Give the gift of Flickr!
>>>>>
>>>>> http://www.flickr.com/gift/
>>>>>
>>>>
>>>> _______________________________________________
>>>> resiprocate-users mailing list
>>>> resiprocate-users@xxxxxxxxxxxxxxx
>>>> List Archive: http://resiprocate.org/archive/resiprocate-users/
>>
>> <log.txt>