| < Previous by Date | Date Index | Next by Date > |
| < Previous in Thread | Thread Index |
Hi Scott,Ya, its too complicated . Am not sure which private key should be there in the clientbox(which is acting as a server now,since it is getting an INVITE). I generated a new key usingopenssl genrsa -des3 -out server.key 1024and renamed the server.key to domain_key_<IP>.pemafter this, the client is not bale to comeup and is struck in the<<RESIP-DEBUG>> Trying to read file ../etc/domain_key_148.147.172.163.pem<<RESIP-DEBUG>> BaseSecurity::BaseSecurity
![2009-04-21 15:25:54.954] <5796:SipSwitch> [AresDns.cxx@141]
<<RESIP:DNS-INFO>> DNS initialization: found 3 name servers
![2009-04-21 15:25:54.954] <5796:SipSwitch> [AresDns.cxx@144]
<<RESIP:DNS-INFO>> name server: 135.27.4.226
![2009-04-21 15:25:54.954] <5796:SipSwitch> [AresDns.cxx@144]
<<RESIP:DNS-INFO>> name server: 135.27.168.74
![2009-04-21 15:25:54.954] <5796:SipSwitch> [AresDns.cxx@144]
<<RESIP:DNS-INFO>> name server: 198.152.7.13
![2009-04-21 15:25:54.954] <5796:SipSwitch> [Compression.cxx@40]
<<RESIP-DEBUG>> COMPRESSION SUPPORT NOT COMPILED IN
![2009-04-21 15:25:54.954] <5796:SipSwitch> [Compression.cxx@43]
<<RESIP-DEBUG>> Compression configuration object created; algorithm = 0
![2009-04-21 15:25:54.954] <5796:SipSwitch> [TransportSelector.cxx@93]![2009-04-21 15:25:54.954] <5796:SipSwitch> [Security.cxx@218]
<<RESIP:TRANSPORT-DEBUG>> No compression library available
<<RESIP-DEBUG>> Checking to load file domain_cert_148.147.172.163.pem
![2009-04-21 15:25:54.954] <5796:SipSwitch> [Security.cxx@87]
<<RESIP-DEBUG>> Trying to read file ../etc/domain_cert_148.147.172.163.pem
![2009-04-21 15:25:54.954] <5796:SipSwitch> [Security.cxx@258]
<<RESIP-INFO>> Sucessfully loaded ../etc/domain_cert_148.147.172.163.pem
![2009-04-21 15:25:54.954] <5796:SipSwitch> [Security.cxx@218]
<<RESIP-DEBUG>> Checking to load file domain_key_148.147.172.163.pem
![2009-04-21 15:25:54.954] <5796:SipSwitch> [Security.cxx@87]
<<RESIP-DEBUG>> Trying to read file ../etc/domain_key_148.147.172.163.pemIs this a problem with the key that I have generated ?Thanks,V.Lakshmi Narayanan--
On Tue, Apr 21, 2009 at 6:40 PM, Scott Godin <sgodin@xxxxxxxxxxxxxxx> wrote:
Hi Lakshmi,This stuff get's pretty complicated... : ) Comments inline.Regards,Scott
On Tue, Apr 21, 2009 at 3:04 AM, Lakshmi Narayanan <vln.lakshminarayanan@xxxxxxxxx> wrote:
Thanks Scott, Is this because of the "target domain=unspecified " from the server?since when the initial register was sent the logs shows[Scott] No. There error messages are present because there is no certificate present on your system for the domain name you passed into addTransport when adding the TLS transport, and another endpoint tried to form a TLS connection with you. Check out: http://tools.ietf.org/html/draft-ietf-sip-domain-certs-03Creating TLS connection for domain puresearch.xxxxxxx.com [ V4 148.147.172.163:5061 TLS target domain=purses52.puresearch.xxxxx.com mFlowKey=0 ] on 728
and when we get a call we get[ V4 148.147.172.163:43807 TLS target domain=unspecified mFlowKey=0 ] as fd=2284The Server machine is not in any domain as such, we have changed the hosts file in the drivers\etc for the domain name to be resolved.The hostname in the hosts file is not really relevant. You need to the tls hostname of the transport (from addTransport) to match the hostname in the certificates. Also for the client to accept your certificate (if it is doing proper validation) it must be trying to reach you via that same hostname.Is this normal for the other end to form a TLS connection back to the B2B?Yes, it is common. The base RFC3261 does not mandate connection re-use for requests within the same registration, or even the same dialog. There are some IETF drafts to add this capability, and some endpoints have implemented these or something custom to get this behaviour. See http://tools.ietf.org/html/draft-ietf-sip-connect-reuse-13 and http://tools.ietf.org/html/draft-ietf-sip-outbound-16.I see the following code in the TcpBaseTransport.cxxDebugLog (<< "Received TCP connection from: " << tuple << " as fd=" << sock);if(!mConnectionManager.findConnection(tuple))
{
createConnection(tuple, sock, true);
}
else
{
InfoLog(<<"Someone probably sent a reciprocal SYN at us.");
// ?bwc? Can we call this right after calling accept()?
closeSocket(sock);
}
}I understand that the findconnection is not able to find the tuble in the list and hence trying for a new connection, so my question is.. is the normay way it works?It is normal for the Address/port combo in a Record-Route or Contact header to not match the TCP socket connection sender ipaddr/port - since it is formed from an ephemeral port on the client. So when routing a new request to endpoint for which you've already received an inbound connection, it will not find the existing connection, and try to form a new one. Byron recently added support for the outbound draft to resiprocate, and he added capabilities to Repro to be able to re-use and find the existing connection - perhaps he can elaborate on how you would use this capability from a non-Repro application.Thanks,V.Lakshmi Narayanan--
On Mon, Apr 20, 2009 at 11:07 PM, Scott Godin <sgodin@xxxxxxxxxxxxxxx> wrote:
From the logs it looks like the other end is trying to form a TLS connection back to your B2B. In this case you are acting as the TLS server and you must install a domain certificate to provide to the TLS client, and it's corresponding private key.Scott
On Mon, Apr 20, 2009 at 11:59 AM, Lakshmi Narayanan <vln.lakshminarayanan@xxxxxxxxx> wrote:_______________________________________________
Hi,We are using resiprocate 1.4 , we are able to succesfully register our B2B with our register server and the TLS connection is up. but when we send a call to the B2B we get an the following errorWe have the certificate root_cert_purses52.xxxxxxx.com.pem in our client directory![2009-04-20 15:13:39.473] <948:SipSwitch> [TcpBaseTransport.cxx@110]
<<RESIP:TRANSPORT-DEBUG>> Received TCP connection from: [ V4 148.147.172.163:43807 TLS target domain=unspecified mFlowKey=0 ] as fd=2284
![2009-04-20 15:13:39.473] <948:SipSwitch> [ConnectionManager.cxx@77]
<<RESIP:TRANSPORT-DEBUG>> Could not find a connection for [ V4 148.147.172.163:43807 TLS target domain=unspecified mFlowKey=0 ]
![2009-04-20 15:13:39.473] <948:SipSwitch> [ConnectionBase.cxx@49]
<<RESIP:TRANSPORT-DEBUG>> ConnectionBase::ConnectionBase, who: [ V4 148.147.172.163:43807 TLS target domain=unspecified mFlowKey=0 ] 0134CE88
![2009-04-20 15:13:39.473] <948:SipSwitch> [ConnectionBase.cxx@62]
<<RESIP:TRANSPORT-DEBUG>> No compression library available: 0134CE88
![2009-04-20 15:13:39.473] <948:SipSwitch> [TlsConnection.cxx@41]
<<RESIP:TRANSPORT-INFO>> Creating TLS connection for domain puresearch.XXXXXXX.com [ V4 148.147.172.163:43807 TLS target domain=unspecified mFlowKey=0 ] on 2284
![2009-04-20 15:13:39.473] <948:SipSwitch> [TlsConnection.cxx@48]
<<RESIP:TRANSPORT-DEBUG>> Trying to form TLS connection - acting as server
![2009-04-20 15:13:39.473] <948:SipSwitch> [TlsConnection.cxx@104]
<<RESIP:TRANSPORT-ERROR>> Don't have private key for domain puresearch.xxxxxxx.com
![2009-04-20 15:13:39.473] <948:SipSwitch> [BaseException.cxx@17]
<<RESIP-DEBUG>> BaseException at .\ssl\TlsConnection.cxx:106 getDomainKey failed.
![2009-04-20 15:13:39.473] <948:SipSwitch> [ConnectionBase.cxx@89]
<<RESIP:TRANSPORT-DEBUG>> ConnectionBase::~ConnectionBase 0134CE88
![2009-04-20 15:13:39.473] <948:SipSwitch> [TransportSelector.cxx@260]
<<RESIP:TRANSPORT-ERROR>> Exception thrown from Transport::process: SecurityException getDomainKey failed. @ .\ssl\TlsConnection.cxx:106
![2009-04-20 15:13:39.473] <948:SipSwitch> [TuSelector.cxx@85]
<<RESIP:TRANSACTION-INFO>> Sending ConnectionTerminated [ V4 148.147.172.163:43807 TLS target domain=unspecified mFlowKey=2284 ] to TUs
![2009-04-20 15:13:39.473] <7352:SipSwitch> [DialogUsageManager.cxx@1195]
<<RESIP:DUM-DEBUG>> connection terminated messageDo we need to have some more certificates in our client machine? if so what are the certificates we need?Thanks,V.Lakshmi Narayanan
resiprocate-users mailing list
resiprocate-users@xxxxxxxxxxxxxxx
List Archive: http://list.resiprocate.org/archive/resiprocate-users/
luxbaba
_______________________________________________
resiprocate-users mailing list
resiprocate-users@xxxxxxxxxxxxxxx
List Archive: http://list.resiprocate.org/archive/resiprocate-users/
luxbaba