[Freeswitch-users] TLS on FreeSwitch not Working

Mitch Capper mitch.capper at gmail.com
Thu Aug 9 20:33:28 MSD 2012


Turn on sofia tport logging it will tell you what its unable to setup
the TLS connection.

~Mitch

On Wed, Aug 8, 2012 at 10:09 PM, R W <wingcomm at hotmail.com> wrote:
> Hi All,
>
> I cannot seem to get TLS running on the sofia "internal" profile. Any
> assistance would be appreciated.
>
> I'm running FreeSWITCH Version 1.2.0-rc2+git~20120808T025758Z~9ac586adc8
> (1.2.0-rc2; git at commit 9ac586adc8 on Wed, 08 Aug 2012 02:57:58 Z) on
> Ubuntu 12.04 LTS.
>
> When I set internal_ssl_enable=true, and reload the sofia internal profile,
> I get the "usual" error:
>
> 2012-08-09 00:34:14.174431 [ERR] sofia.c:2289 Error Creating SIP UA for
> profile: internal
>
> <!-- SIP Profile: Internal -->
> <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
> <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
> <X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
> <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
> <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
>
> I verified that the OpenSSL development libraries were installed (Ubuntu
> package libssl-dev) and looked for references to ssl in the output from the
> compilation process and saw this:
>
> "checking for openssl... yes
>
> checking openssl_CFLAGS...
>
> checking openssl_LIBS... -lssl -lcrypto
>
>   adding "-DHAVE_OPENSSL" to SWITCH_AM_CFLAGS"
>
>
> ...
>
>
> "checking OpenSSL options with pkg-config... found
>
> checking for gdi32... no
>
> checking for CRYPTO_lock in -lcrypto... yes
>
> checking for SSL_connect in -lssl... yes
>
> checking openssl/x509.h usability... yes
>
> checking openssl/x509.h presence... yes
>
> checking for openssl/x509.h... yes
>
> checking openssl/rsa.h usability... yes
>
> checking openssl/rsa.h presence... yes
>
> checking for openssl/rsa.h... yes
>
> checking openssl/crypto.h usability... yes
>
> checking openssl/crypto.h presence... yes
>
> checking for openssl/crypto.h... yes
>
> checking openssl/pem.h usability... yes
>
> checking openssl/pem.h presence... yes
>
> checking for openssl/pem.h... yes
>
> checking openssl/ssl.h usability... yes
>
> checking openssl/ssl.h presence... yes
>
> checking for openssl/ssl.h... yes
>
> checking openssl/err.h usability... yes
>
> checking openssl/err.h presence... yes
>
> checking for openssl/err.h... yes
>
> checking openssl/pkcs12.h usability... yes
>
> checking openssl/pkcs12.h presence... yes
>
> checking for openssl/pkcs12.h... yes
>
> checking for ENGINE_init... yes
>
> checking openssl/engine.h usability... yes
>
> checking openssl/engine.h presence... yes
>
> checking for openssl/engine.h... yes
>
> checking for ENGINE_load_builtin_engines... yes
>
> checking for RAND_status... yes
>
> checking for RAND_screen... no
>
> checking for RAND_egd... yes
>
> checking for CRYPTO_cleanup_all_ex_data... yes
>
> checking for "/dev/urandom"... yes
>
> checking CA cert bundle install path...
> ${prefix}/share/curl/curl-ca-bundle.crt
>
> checking for inflateEnd in -lz... yes"
>
>
> Is there anything else I should be checking. Does freeswitch send logs
> anywhere other than ../freeswitch/log/ ?
>
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list