[Freeswitch-users] TLS on FS

Tihomir Culjaga tculjaga at gmail.com
Tue Mar 20 15:33:52 MSK 2012


hello,

im new on TLS setup... and as usual, im having issues configuring a SIP
client (Bria for windows) with FS.


I guess i configured FS properly, but im not sure about certificates.


FS conf:
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1"/>

  <!-- Internal SIP Profile -->
  <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
  <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
  <X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>

  <!-- External SIP Profile -->
  <X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
  <X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
  <X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_enable=true"/>
  <X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>



I created certificates using the commands on the wiki:



./gentls_cert setup -cn pbx.freeswitch.org -alt DNS:pbx.freeswitch.org
-org freeswitch.org
./gentls_cert create_server -cn pbx.freeswitch.org -alt
DNS:pbx.freeswitch.org -org freeswitch.org


./gentls_cert create_client -cn Client1 -out Client1


/usr/local/freeswitch/conf/ssl
-rw-r----- 1 root root 3029 Mar 20 08:56 agent.pem
drwxr-x--- 2 root root 4096 Mar 20 08:56 CA
-rw-r----- 1 root root 1046 Mar 20 08:49 cafile.pem
-rw-r----- 1 root root 3029 Mar 20 09:45 Client1


/usr/local/freeswitch/conf/ssl/CA
-rw-r----- 1 root root 1046 Mar 20 08:49 cacert.pem
-rw-r----- 1 root root   17 Mar 20 09:45 cacert.srl
-rw-r----- 1 root root 1679 Mar 20 08:49 cakey.pem
-rw-r----- 1 root root  579 Mar 20 08:49 config.tpl


i deployed and installed cafile.pem on windows machine running Bria
softphone. I did the same with Client1. Restarted

but all im getting is this error in console:


tport_wakeup_pri(0x85b9590): events IN
tport_alloc_secondary(0x85b9590): new secondary tport 0x85ef610
tport_tls_accept(0x85ef610): new connection from tls/
85.114.34.202:61030/sips
tls_connect(0x85ef610): events NEGOTIATING
tls_connect(0x85ef610): events NEGOTIATING
tls_connect(0x85ef610): TLS setup failed
(error:00000001:lib(0):func(0):reason(1))
tport_close(0x85ef610): tls/85.114.34.202:61030/sips


please, can anyone help ?





this is a portion showing how FS loads mod_sofia:

su_port_create(0x857c060): epoll_create() => 0: OK
su_socket_port_init(0x857c060, 0xd9b400) called
su_pthread_port_init(0x857c060, 0xd9b400) called
su_port_create(0x85b1840): epoll_create() => 0: OK
su_socket_port_init(0x85b1840, 0xd9b400) called
su_pthread_port_init(0x85b1840, 0xd9b400) called
nua: nua_create: entering
su_port_create(0x85b3920): epoll_create() => 0: OK
su_socket_port_init(0x85b3920, 0xd9b400) called
su_pthread_port_init(0x85b3920, 0xd9b400) called
nua: nua_stack_init: entering
nua: nua_stack_set_params: entering
soa_create("default", 0x85b0eb8, 0x85b0f70) called
soa_set_params(static::0x85ae410, ...) called
soa_set_params(static::0x85ae410, ...) called
nta_agent_create: initialized hash tables
nta_agent_create: initialized transports
nua: nua_create: entering
su_port_create(0x85b2368): epoll_create() => 0: OK
su_socket_port_init(0x85b2368, 0xd9b400) called
su_pthread_port_init(0x85b2368, 0xd9b400) called
nua: nua_stack_init: entering
nua: nua_stack_set_params: entering
soa_create("default", 0x85b2198, 0x85b6440) called
soa_set_params(static::0x85b6938, ...) called
soa_set_params(static::0x85b6938, ...) called
nta_agent_create: initialized hash tables
nta_agent_create: initialized transports
nta_agent_create: initialized random identifiers
nta_agent_create: initialized timer
nta_agent_create: initialized random identifiers
nta_agent_create: initialized timer
nta_agent_create: initialized resolver
nta_agent_create: initialized resolver
tport_create(): 0x85aefe8
tport_create(): 0xb780f688
nta: master transport created
nta: master transport created
tport_bind_server(0x85aefe8) to */85.114.35.241:5060/sip
tport_bind_server(0xb780f688) to */85.114.35.241:5080/sip
tport_bind_server(0xb780f688): calling tport_listen for udp
tport_bind_server(0x85aefe8): calling tport_listen for udp
tport_alloc_primary(0x85aefe8): new primary tport 0x85af2d0
tport_alloc_primary(0xb780f688): new primary tport 0xb780add0
tport_listen(0xb780add0): listening at udp/85.114.35.241:5080/sip
tport_listen(0x85af2d0): listening at udp/85.114.35.241:5060/sip
tport_bind_server(0xb780f688): calling tport_listen for tcp
tport_bind_server(0x85aefe8): calling tport_listen for tcp
tport_alloc_primary(0xb780f688): new primary tport 0xb7811af0
tport_alloc_primary(0x85aefe8): new primary tport 0x85af778
tport_listen(0x85af778): listening at tcp/85.114.35.241:5060/sip
tport_listen(0xb7811af0): listening at tcp/85.114.35.241:5080/sip
nta: bound to (85.114.35.241:5080;transport=*)
nta: bound to (85.114.35.241:5060;transport=*)
nta: agent_init_via: SIP/2.0/udp 85.114.35.241:5080 (sip)
nta: agent_init_via: SIP/2.0/udp 85.114.35.241 (sip)
nta: agent_init_via: SIP/2.0/tcp 85.114.35.241 (sip)
nta: agent_init_via: SIP/2.0/tcp 85.114.35.241:5080 (sip)
nta: Via fields initialized
nta: Via fields initialized
nta: Contact header created
nta: Contact header created
tport_bind_server(0x85aefe8) to tls/85.114.35.241:5061/sips
tport_bind_server(0xb780f688) to tls/85.114.35.241:5081/sips
tport_bind_server(0xb780f688): calling tport_listen for tls
tport_bind_server(0x85aefe8): calling tport_listen for tls
tport_alloc_primary(0xb780f688): new primary tport 0xb780e378
tport_alloc_primary(0x85aefe8): new primary tport 0x85b9590
tport_tls_init_master(0x85b9590): tls key =
/usr/local/freeswitch/conf/ssl/agent.pem
tport_tls_init_master(0xb780e378): tls key =
/usr/local/freeswitch/conf/ssl/agent.pem
tport_tls_init_master(0xb780e378): tls context initialized for
[85.114.35.241]:5081
tport_tls_init_master(0x85b9590): tls context initialized for
[85.114.35.241]:5061
tport_listen(0x85b9590): listening at tls/85.114.35.241:5061/sips
tport_listen(0xb780e378): listening at tls/85.114.35.241:5081/sips
nta: bound to (85.114.35.241:5061;transport=tls)
nta: bound to (85.114.35.241:5081;transport=tls)
nta: agent_init_via: SIP/2.0/udp 85.114.35.241 (sip)
nta: agent_init_via: SIP/2.0/udp 85.114.35.241:5080 (sip)
nta: agent_init_via: SIP/2.0/tcp 85.114.35.241 (sip)
nta: agent_init_via: SIP/2.0/tcp 85.114.35.241:5080 (sip)
nta: agent_init_via: SIP/2.0/tls 85.114.35.241 (sips)
nta: agent_init_via: SIP/2.0/tls 85.114.35.241:5081 (sips)
nta: Via fields initialized
nta: Via fields initialized
nta: Contact header created
nta: Contact header created
nua_register: Adding contact URL '85.114.35.241' to list.
nua_register: Adding contact URL '85.114.35.241' to list.
nua_register: Adding contact URL '85.114.35.241' to list.
nua_register: Adding contact URL '85.114.35.241' to list.
nua: nua_set_params: entering
nua: nua_set_params: entering
nua((nil)): sent signal r_set_params
nua((nil)): sent signal r_set_params
nua: nua_stack_set_params: entering
soa_set_params(static::0x85b6938, ...) called
2012-03-20 10:57:48.859351 [NOTICE] sofia_reg.c:2969 Added gateway '
example.com' to profile 'external'
nua: nua_stack_set_params: entering
soa_set_params(static::0x85ae410, ...) called
2012-03-20 10:57:48.859745 [NOTICE] sofia.c:2710 Adding Alias
[85.114.35.241] for profile [internal]
tport_wakeup_pri(0x85b9590): events IN
tport_alloc_secondary(0x85b9590): new secondary tport 0x85bae68
tport_tls_accept(0x85bae68): new connection from tls/
85.114.34.202:60916/sips
tls_connect(0x85bae68): events NEGOTIATING
tls_connect(0x85bae68): events NEGOTIATING
tls_connect(0x85bae68): TLS setup failed
(error:00000001:lib(0):func(0):reason(1))
tport_close(0x85bae68): tls/85.114.34.202:60916/sips
nua: nua_application_event: entering
nua: nua_application_event: entering
2012-03-20 10:57:49.959654 [CONSOLE] sofia.c:1214 MSG Thread Started
nua: nua_handle_magic: entering
nua: nua_handle_magic: entering
2012-03-20 10:57:50.360893 [CONSOLE] switch_loadable_module.c:1299
Successfully Loaded [mod_sofia]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120320/418605c7/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list