reSIProcate

Mailing Lists

Source Code

Google Search:



< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate-users] [repro-users] v1.9.0~rc1 Release Candidate available


On 22/01/14 20:48, Miguel Rios wrote:
> That would be the problem then. I had chosen a different user name to keep 
> out  bruteforce attempts.
> I'll try again with user admin.

Ok, great


> Also, it seems that the certificate errors I had before have gotten worse.
> Besides the ssl/Security.cxx:684 | Caught exception: SecurityException Failed 
> opening PEM file @ ssl/Security.cxx:338 error messages on startup, I also see 
> a bunch of 
> 
> ERR | 20140122-192819.932 | repro | RESIP:TRANSPORT | 139664518264576 | 
> ssl/TlsConnection.cxx:418 | Got TLS read ret=0 error=5 
> error:00000005:lib(0):func(0):DH lib - intermediate certificates may be 
> missing from local PEM file
> ERR | 20140122-192824.827 | repro | RESIP:TRANSPORT | 139664518264576 | 
> ssl/TlsConnection.cxx:418 | Got TLS read ret=-1 error=1 
> error:00000001:lib(0):func(0):reason(1)
> WARNING | 20140122-192824.828 | repro | RESIP:TRANSPORT | 139664526657280 | 
> TransportSelector.cxx:1463 | Can't find matching transport [ V4 
> serversIP:5061 TLS target domain=unspecified mFlowKey=0 ]
> 
> The weird thing is that before upgrading I only had the error=5 message. Now 
> I also get the error=1 message and the "Can't find matching transport" 
> messages too. Even more intriguing is that despite the error messages, calls 
> between 2 peers (using TLS) work most of the time. Granted that sometimes 
> they don't work at all and I have to forcefully kill the sip client, but I 
> suspect this intermittent certificate error may be responsible.
> 
> The certificate is a StartSSL pem and I have the intermediate certificate 
> (sub.class1.server.ca.pem) appended at the end of the file, so I don't 
> understand why it throws an error.
> 

These are not definite errors, they are more like hints about why the
peer went away (to remind me what to check, because I forget sometimes
myself)

Behavior varies a lot depending on the peer

E.g. if you have a Nagios probe that connects and then disconnects, just
to check if the port is working, repro will probably log some error each
time

If the user is in a web browser and your server is expecting a client
certificate, the browser will disconnect before it displays the popup
asking the user to choose a certificate. Then the browser connects
again.  On the first disconnect, repro also logs an error because it
doesn't know why the client went away.