[Freeswitch-users] mod_xml_curl VS https on Windows.

Rob Moore Rob.Moore at Aeriandi.com
Tue Feb 28 17:43:35 MSK 2012 

Hi There,

I'm having a problem with mod_xml_curl on Windows (2008 R2)  while attempting to curl  requests/ responses over HTTPS.

While running request over HTTP the curl works fine but simply switching to HTTPS causes the process to error. I've checked the IIS logs on our webserver and can see the requests are not arriving and running a packet trace on the Freeswitch server it seems the request is not even leaving the server which points towards a configuration problem within freeswitch itself either within the Curl Config or something relating to OpenSSL.

Here is the error I receive from the Freeswitch logs:

2012-02-27 22:50:14.284328 [ERR] mod_xml_curl.c:305 Received HTTP error 0 trying to fetch https://xxxx.xxxxxx-contact.com/FreeSwitchModXmlCurlServer/FreeswitchCurlServer.aspx
data: [hostname=DS_Freeswitch&section=directory&tag_name=domain&key_name=name&key_value=sipxxxx.xxxxxx--contact.com&Event-Name=REQUEST_PARAMS&Core-UUID=a474
3447-f6f2-4dd7-b8c2-81df33cb533b&FreeSWITCH-Hostname=DS_Freeswitch&FreeSWITCH-Switchname=DS_Freeswitch&FreeSWITCH-IPv4=10.1.1.98&FreeSWITCH-IPv6=%3A%3A1&Eve
nt-Date-Local=2012-02-27%2022%3A50%3A14&Event-Date-GMT=Mon,%2027%20Feb%202012%2022%3A50%3A14%20GMT&Event-Date-Timestamp=1330383014284328&Event-Calling-File=
sofia_reg.c&Event-Calling-Function=sofia_reg_parse_auth&Event-Calling-Line-Number=2108&action=sip_auth&sip_profile=sipPhones&sip_user_agent=Yealink%20SIP-T2
2P%xxx.xxx.xxx.xxx%2000%3A15%3A65%3A22%3A24%3A29&sip_auth_username=1001&sip_auth_realm=sipxxxx.xxxxxx--contact.com&sip_auth_nonce=d0587e72-xxxx-4734-f391a5
54987f&sip_auth_uri=sip%3Asipxxxx.xxxxxx--contact.com&sip_contact_user=1001&sip_contact_host=87.194.173.226&sip_to_user=1001&sip_to_host=sipxxxx.xxxxxx--con
tact.com&sip_from_user=1001&sip_from_host=sipxxxx.xxxxxx--contact.com&sip_request_host=sipxxxx.xxxxxx--contact.com&sip_auth_qop=auth&sip_auth_cnonce=0a4f113
b&sip_auth_nc=00000004&sip_auth_response=418b5804263d3cbaa75e25beecdf5088&sip_auth_method=REGISTER&key=id&user=1001&domain=sipxxxx.xxxxxx--contact.com&ip=xxx.xxx.xxx.xxx]

The Xml_curl.conf.xml only has the Curl URL added with all other variables commented out so I wouldn't expect anything in there to cause any problems.

This only leaves me with OpenSSL. Freeswitch was definitely built with OpenSSL  however it seems some of the configuration for OpenSSL is default to Linux UNC paths.

For example if I attempt to create TLS certificates from the command prompt I receive this error:

C:\FreeSwitch>openssl req -new -out "careq.pem" -newkey rsa:1024 -keyout "cakey.pem" -config "tmpfile1.cfg" -nodes -sha1
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
error on line -1 of tmpfile1.cfg
3568:error:02001002:system library:fopen:No such file or directory:..\..\openssl-1.0.0a\crypto\bio\bss_file.c:163:fopen('
3568:error:2006D080:BIO routines:BIO_new_file:no such file:..\..\openssl-1.0.0a\crypto\bio\bss_file.c:166:
3568:error:0E078072:configuration file routines:DEF_LOAD:no such file:..\..\openssl-1.0.0a\crypto\conf\conf_def.c:197:

After calling the following to redirect open SSL to another version of the .cnf file it requires (installed from www.openssl.org<http://www.openssl.org> )

set OPENSSL_CONF="C:\Program Files (x86)\GnuWin32\share\openssl.cfg"

The this eliminates the first error but ther sys library, Bio Routine and Configuration file routines errors still appear

3568:error:02001002:system library:fopen:No such file or directory:..\..\openssl-1.0.0a\crypto\bio\bss_file.c:163:fopen('
3568:error:2006D080:BIO routines:BIO_new_file:no such file:..\..\openssl-1.0.0a\crypto\bio\bss_file.c:166:
3568:error:0E078072:configuration file routines:DEF_LOAD:no such file:..\..\openssl-1.0.0a\crypto\conf\conf_def.c:197:

Does anyone have any idea what the problem could be here? I could be looking in completely the wrong place for the answer here.

Any help, advice or direction would be greatly appreciated.

Thanks

Rob




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120228/56e4d969/attachment.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list