[Freeswitch-users] How to setup TLS

Peter P GMX Prometheus001 at gmx.net
Sun Aug 3 10:01:10 PDT 2008 

Hello Brian,

Yes it's turned on:
    <!-- TLS: disabled by default, set to "true" to enable -->
    <param *name="tls" value="true"*/>
    <!-- additional bind parameters for TLS -->
    <param name="tls-bind-params" value="transport=tls"/>
    <!-- Port to listen on for TLS requests. (5061 will be used if 
unspecified) -->
    <param name="tls-sip-port" value="5061"/>
    <!-- Location of the agent.pem and cafile.pem ssl certificates 
(needed for TLS server) -->
    <param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/>
    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not 
work with TLSv1 -->
    <param name="tls-version" value="tlsv1"/>


I recompiled it and checked the output for warnings and errors. This is 
what I found:

configure: WARNING: python2.5 is unusable
configure: WARNING: Your python lacks threads support, can not build 
mod_python
config.status: WARNING:  Makefile.in seems to ignore the --datarootdir 
setting
./configure: line 4234: AX_COMPILER_VENDOR: command not found
config.status: WARNING:  apr-config.in seems to ignore the --datarootdir 
setting
/bin/bash: /usr/src/freeswitch/libs/curl/missing: No such file or directory
configure: WARNING: `missing' script is too old or missing
configure: WARNING: dlfcn.h: present but cannot be compiled
configure: WARNING: dlfcn.h:     check for missing prerequisite headers?
configure: WARNING: dlfcn.h: see the Autoconf documentation
configure: WARNING: dlfcn.h:     section "Present But Cannot Be Compiled"
configure: WARNING: dlfcn.h: proceeding with the preprocessor's result
configure: WARNING: dlfcn.h: in the future, the compiler will take 
precedence
libtool: line 121: CC: command not found
config.status: WARNING:  config/autoconf.mk.in seems to ignore the 
--datarootdir setting
./configure: line 1908: /shtool: No such file or directory
configure: WARNING: dlfcn.h: accepted by the compiler, rejected by the 
preprocessor!
configure: WARNING: dlfcn.h: proceeding with the compiler's result
configure: WARNING: Touching files in directory tests/.
config.status: WARNING:  packages/sofia-sip-ua.pc.in seems to ignore the 
--datarootdir setting
mod_lua_wrap.cpp: In function ‘int 
_wrap_CoreSession_hangup__SWIG_1(lua_State*)’:
mod_lua_wrap.cpp:4563: warning: deprecated conversion from string 
constant to ‘char*’
sndfile.c: In function ‘sf_error’:
sndfile.c:491: warning: the address of ‘sf_error’ will never be NULL
libtool: link: warning: `-version-info/-version-number' is ignored for 
convenience libraries
quiet_libtool: install: warning: relinking `mod_sofia.la'
../../../../libs/xmlrpc-c/src/method.c: In function ‘xmlrpc_methodCreate’:
../../../../libs/xmlrpc-c/src/method.c:213: note: ‘signatureP’ was 
declared here
../../../../libs/xmlrpc-c/src/parse_value.c: In function 
‘xmlrpc_parseValue’:
../../../../libs/xmlrpc-c/src/parse_value.c:199: note: ‘valueElemP’ was 
declared here
../../../../libs/xmlrpc-c/src/parse_value.c:191: note: ‘nameElemP’ was 
declared here
../../../../libs/xmlrpc-c/src/parse_value.c:245: note: ‘keyP’ was 
declared here
../../../../libs/xmlrpc-c/src/parse_value.c:420: note: ‘fractionEnd’ was 
declared here
../../../../libs/xmlrpc-c/src/parse_value.c:419: note: ‘fraction’ was 
declared here
../../../../libs/xmlrpc-c/src/parse_value.c:418: note: ‘mantissaEnd’ was 
declared here
../../../../libs/xmlrpc-c/src/parse_value.c:417: note: ‘mantissa’ was 
declared here
../../../../libs/xmlrpc-c/src/parse_value.c:503: note: ‘valueDouble’ was 
declared here
../../../../libs/xmlrpc-c/src/system_method.c: In function 
‘system_methodSignature’:
../../../../libs/xmlrpc-c/src/system_method.c:455: note: ‘signatureVP’ 
was declared here
../../../../libs/xmlrpc-c/src/xmlrpc_server_abyss.c: In function 
‘handleXmlrpcReq’:
../../../../libs/xmlrpc-c/src/xmlrpc_server_abyss.c:474: note: ‘body’ 
was declared here
../../../../libs/xmlrpc-c/src/xmlrpc_server_abyss.c: In function 
‘xmlrpc_server_abyss_create’:
../../../../libs/xmlrpc-c/src/xmlrpc_server_abyss.c:894: note: 
‘socketFd’ was declared here
../../../../libs/xmlrpc-c/src/xmlrpc_server_abyss.c:893: note: 
‘portNumber’ was declared here

Is there anything special I have to take care aout?

I also grepped the ./configure and make output for "tls" and received 
the following:

config.status: creating scripts/gentls_cert
checking for libgnutls-config... /usr/bin/libgnutls-config
checking for libgnutls - version >= 0.1.0... yes

It also compiles tport_type_tls.o and tport_type_tls.o

When I grep for "ssl" I received the following:
checking for SSL_connect in -lssl... yes
checking openssl/x509.h usability... yes
checking openssl/x509.h presence... yes
checking for openssl/x509.h... yes
checking openssl/rsa.h usability... yes
checking openssl/rsa.h presence... yes
checking for openssl/rsa.h... yes
checking openssl/crypto.h usability... yes
checking openssl/crypto.h presence... yes
checking for openssl/crypto.h... yes
checking openssl/pem.h usability... yes
checking openssl/pem.h presence... yes
checking for openssl/pem.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... yes
checking for openssl/err.h... yes
checking openssl/pkcs12.h usability... yes
checking openssl/pkcs12.h presence... yes
checking for openssl/pkcs12.h... yes
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
config.status: creating packages/Linux/RPM/curl-ssl.spec
checking for openssl... yes
checking openssl_CFLAGS...
checking openssl_LIBS... -lssl -lcrypto
gcc -Wall -DSU_DEBUG=0 -g -ggdb -o stunc stunc.o  ./.libs/libstun.a 
../sresolv/.libs/libsresolv.a ../su/.libs/libsu.a -lssl -lcrypto -lrt 
-lpthread
gcc -Wall -DSU_DEBUG=0 -g -ggdb -o sip-options sip-options.o  
../libsofia-sip-ua/.libs/libsofia-sip-ua.a -lssl -lcrypto -lrt -lpthread
gcc -Wall -DSU_DEBUG=0 -g -ggdb -o sip-date sip-date.o  
../libsofia-sip-ua/.libs/libsofia-sip-ua.a -lssl -lcrypto -lrt -lpthread
gcc -Wall -DSU_DEBUG=0 -g -ggdb -o sip-dig sip-dig.o  
../libsofia-sip-ua/.libs/libsofia-sip-ua.a -lssl -lcrypto -lrt -lpthread
gcc -shared  .libs/mod_sofia_la-mod_sofia.o .libs/mod_sofia_la-sofia.o 
.libs/mod_sofia_la-sofia_glue.o .libs/mod_sofia_la-sofia_presence.o 
.libs/mod_sofia_la-sofia_reg.o -Wl,--whole-archive 
/usr/src/freeswitch/libs/sofia-sip/libsofia-sip-ua/.libs/libsofia-sip-ua.a 
-Wl,--no-whole-archive  -Wl,--rpath -Wl,/usr/local/freeswitch/lib 
-L/usr/local/freeswitch/lib -lfreeswitch -lssl -lcrypto -lrt -lpthread 
-lncurses  -Wl,-soname -Wl,mod_sofia.so -o .libs/mod_sofia.so
root at freeswitch:/var/log#

So it seems that in fact he tries to use ssl.
But I still receive
2008-08-03 18:57:32 [NOTICE] sofia.c:1883 config_sofia() Started Profile 
internal [sofia_reg_internal]
2008-08-03 18:57:32 [DEBUG] sofia.c:522 sofia_profile_thread_run() 
Creating agent for internal
2008-08-03 18:57:32 [*ERR] sofia.c:552 sofia_profile_thread_run() Error 
Creating SIP UA for profile: internal*


Best regards
Peter

Brian West schrieb:
> Did you turn tls on the profile on?
>
> /b
>
> Sent from my iPhone
>
> On Aug 3, 2008, at 6:44 AM, Peter P GMX <Prometheus001 at gmx.net> wrote:
>
>   
>> If have done this but again the same result.
>>
>> Is there any way to enhance the output in the log (currently  
>> loglevel is
>> debug) or to determine if freeswitch was compiled correctly with  
>> TLS? At
>> least if I grep the freeswitch binary with tls there is no occurence.
>>
>> Best regards
>> Peter
>>
>> Brian West schrieb:
>>     
>>> Make sure you install OpenSSL-Dev packages and ./configure again.
>>>
>>> /b
>>>
>>> On Aug 2, 2008, at 10:54 AM, Peter P GMX wrote:
>>>
>>>
>>>       
>>>> Any hints how to continue?
>>>>
>>>>         
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>       
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>     
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20080803/67980953/attachment-0002.html

More information about the FreeSWITCH-users mailing list