[Freeswitch-users] FS-9113, still experiencing TLS crashes
Stanislav Sinyagin
ssinyagin at gmail.com
Sun Nov 13 00:45:37 MSK 2016
We actually built a test server, but weren't able to reproduce the issue.
I can bring it up again if needed.
On 10 Nov 2016 20:25, "Emrah" <lists at kavun.ch> wrote:
> I agree, as long as I get to reproduce it that way. I am suspecting
> everything here. From the keysize to the CA to the TCP transport getting
> compromised to openssl not reliably transmitting certain packets to FS.
>
> Thanks for the suggestion
>
> On Nov 10, 2016, at 5:58 PM, Alejandro Recarey <ar at cyberfonica.com> wrote:
>
> You could either use a self-signed cert for a nonexistent domain (
> example.com?) and modify your hosts file or DNS to point to he server. I
> think that should give you an environment to reproduce the crash which you
> could share without leaking your private cert.
>
>
> On 9 Nov 2016, at 20:28, Emrah <lists at kavun.ch> wrote:
>
> It's the "reliably" part that's tricky.
> I'm using commercial certificates, so let me figure out how to replicate a
> similar environment. I'll email you the info once I have a setup, and you
> can circulate where needed.
>
> Thanks for helping on this
>
> On Nov 9, 2016, at 4:25 PM, Michael Jerris <mike at jerris.com> wrote:
>
> I need a recipie to reliably reproduce this so I can dig in the code. Is
> there a way you can put together an environment where this can be
> reproduced on demand?
>
> On Nov 9, 2016, at 3:39 AM, Emrah <lists at kavun.ch> wrote:
>
> No Sir, the response packet to the 407 Proxy Authentication Required is
> never received. So the session then eventually gets abandoned by FS. On the
> client side, and this is generalized, the packet is sent, except the TLS
> session breaks.
>
> On Nov 8, 2016, at 11:41 PM, Michael Jerris <mike at jerris.com> wrote:
>
> Can you confirm if the packet is shown in freeswitch tport_log?
>
> On Nov 8, 2016, at 5:02 PM, Emrah <lists at kavun.ch> wrote:
>
> Hello List,
> Thanks to the help provided by Stanislav, I learned of issue #9113,
> https://freeswitch.org/jira/si/jira.issueviews:issue-
> html/FS-9113/FS-9113.html, which seems to be related to the issues I have
> been experiencing with FreeSWITCH, TLS and failed call setups.
> Coincidentally, or not, the fix pushed on that issue was aligned with
> whole months where I did not experience any TLS issues. Calls were going
> through fine, until all of a sudden they started failing again. This is on
> 2 distinct servers running a load balanced FS setup, and using Yealink
> phones.
>
> *To sum up, here is what is going on.*
> *From the Yealink, calls with TLS work if I don't use SRTP.*
> *From the Yealink, calls crash if I use TLS and SRTP.*
> From my laptop softphone, calls only crash sometimes if I use TLS and SRTP.
>
> How can I debug the TLS session on the FreeSWITCH side to see what happens
> with the TLS thread? I don't mean packet capture.
>
> I have a feeling that the packet size is too large and doesn't make it to
> the FS box intact after the 407 Proxy Required is received by the client.
>
> Here is the log for the Yealink:
> http://pastebin.com/smKP286x
>
> Your lights would be so appreciated, I'm losing my mind over this.
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161112/7aca260c/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list