<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Stan, we were able to reproduce the issue. You even commented on the jira about it. I went MIA after using the fix provided by Ethan so we never really got to the bottom of it. <div class="">Could you please share the snapshot of that machine with me? We should take that environment as the base and try the same environment updated to the latest unstable also.</div><div class=""><br class=""></div><div class="">Best,</div><div class="">Emrah<br class=""><div><blockquote type="cite" class=""><div class="">On Nov 12, 2016, at 10:45 PM, Stanislav Sinyagin <<a href="mailto:ssinyagin@gmail.com" class="">ssinyagin@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><p dir="ltr" class="">We actually built a test server, but weren't able to reproduce the issue.<br class="">
I can bring it up again if needed.<br class=""></p>
<div class="gmail_extra"><br class=""><div class="gmail_quote">On 10 Nov 2016 20:25, "Emrah" <<a href="mailto:lists@kavun.ch" class="">lists@kavun.ch</a>> wrote:<br type="attribution" class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">I agree, as long as I get to reproduce it that way. I am suspecting everything here. From the keysize to the CA to the TCP transport getting compromised to openssl not reliably transmitting certain packets to FS.<div class=""><br class=""></div><div class="">Thanks for the suggestion<br class=""><div class=""><blockquote type="cite" class=""><div class="">On Nov 10, 2016, at 5:58 PM, Alejandro Recarey <<a href="mailto:ar@cyberfonica.com" target="_blank" class="">ar@cyberfonica.com</a>> wrote:</div><br class="m_3782603778609869756Apple-interchange-newline"><div class=""><div dir="auto" class=""><div class=""></div><div class="">You could either use a self-signed cert for a nonexistent domain (<a href="http://example.com/" target="_blank" class="">example.com</a>?) and modify your hosts file or DNS to point to he server. I think that should give you an environment to reproduce the crash which you could share without leaking your private cert.</div><div class=""><br class=""></div><div class=""><br class="">On 9 Nov 2016, at 20:28, Emrah <<a href="mailto:lists@kavun.ch" target="_blank" class="">lists@kavun.ch</a>> wrote:<br class=""><br class=""></div><blockquote type="cite" class=""><div class=""><div dir="auto" style="word-wrap:break-word" class="">It's the "reliably" part that's tricky. <div class="">I'm using commercial certificates, so let me figure out how to replicate a similar environment. I'll email you the info once I have a setup, and you can circulate where needed.</div><div class=""><br class=""></div><div class="">Thanks for helping on this</div><div class=""><div class=""><blockquote type="cite" class=""><div class="">On Nov 9, 2016, at 4:25 PM, Michael Jerris <<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>> wrote:</div><br class="m_3782603778609869756Apple-interchange-newline"><div class=""><div style="word-wrap:break-word" class="">I need a recipie to reliably reproduce this so I can dig in the code. Is there a way you can put together an environment where this can be reproduced on demand?<div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Nov 9, 2016, at 3:39 AM, Emrah <<a href="mailto:lists@kavun.ch" target="_blank" class="">lists@kavun.ch</a>> wrote:</div><br class="m_3782603778609869756Apple-interchange-newline"><div class=""><div style="word-wrap:break-word" class="">No Sir, the response packet to the 407 Proxy Authentication Required is never received. So the session then eventually gets abandoned by FS. On the client side, and this is generalized, the packet is sent, except the TLS session breaks.<div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Nov 8, 2016, at 11:41 PM, Michael Jerris <<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>> wrote:</div><br class="m_3782603778609869756Apple-interchange-newline"><div class=""><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">Can you confirm if the packet is shown in freeswitch tport_log?</span><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Nov 8, 2016, at 5:02 PM, Emrah <<a href="mailto:lists@kavun.ch" target="_blank" class="">lists@kavun.ch</a>> wrote:</div><br class="m_3782603778609869756Apple-interchange-newline"><div class=""><div style="word-wrap:break-word" class="">Hello List,<div class="">Thanks to the help provided by Stanislav, I learned of issue #9113, <span style="color:rgb(0,105,217);text-decoration:underline" class=""><a href="https://freeswitch.org/jira/si/jira.issueviews:issue-html/FS-9113/FS-9113.html" target="_blank" class="">https://freeswitch.org/<wbr class="">jira/si/jira.issueviews:issue-<wbr class="">html/FS-9113/FS-9113.html</a>, which seems to be related to the issues I have been experiencing with FreeSWITCH, TLS and failed call setups.</span></div><div class=""><span style="color:rgb(0,105,217);text-decoration:underline" class="">Coincidentally, or not, the fix pushed on that issue was aligned with whole months where I did not experience any TLS issues. Calls were going through fine, until all of a sudden they started failing again. This is on 2 distinct servers running a load balanced FS setup, and using Yealink phones.</span></div><div class=""><span style="color:rgb(0,105,217);text-decoration:underline" class=""><br class=""></span></div><div class=""><font color="#0069d9" class=""><u class="">To sum up, here is what is going on.</u></font></div><div class=""><font color="#0069d9" class=""><u class="">From the Yealink, calls with TLS work if I don't use SRTP.</u></font></div><div class=""><font color="#0069d9" class=""><u class="">From the Yealink, calls crash if I use TLS and SRTP.</u></font></div><div class="">From my laptop softphone, calls only crash sometimes if I use TLS and SRTP.</div><div class=""><br class=""></div><div class="">How can I debug the TLS session on the FreeSWITCH side to see what happens with the TLS thread? I don't mean packet capture.</div><div class=""><br class=""></div><div class="">I have a feeling that the packet size is too large and doesn't make it to the FS box intact after the 407 Proxy Required is received by the client.</div><div class=""><br class=""></div><div class="">Here is the log for the Yealink:</div><div class=""><a href="http://pastebin.com/smKP286x" target="_blank" class="">http://pastebin.com/smKP286x</a></div><div class=""><br class=""></div><div class="">Your lights would be so appreciated, I'm losing my mind over this.</div></div></div></blockquote></div></div><br class=""></div></blockquote></div></div></div></div></blockquote></div></div></div>______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class=""><a href="http://www.freeswitchsolutions.com/" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class=""><br class="">Official FreeSWITCH Sites<br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a><br class=""><a href="http://confluence.freeswitch.org/" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class=""><a href="http://www.cluecon.com/" target="_blank" class="">http://www.cluecon.com</a><br class=""><br class="">FreeSWITCH-users mailing list<br class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a></div></blockquote></div><br class=""></div></div></div></blockquote><blockquote type="cite" class=""><div class=""><span class="">______________________________<wbr class="">______________________________<wbr class="">_____________</span><br class=""><span class="">Professional FreeSWITCH Consulting Services: </span><br class=""><span class=""><a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a></span><br class=""><span class=""><a href="http://www.freeswitchsolutions.com/" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a></span><br class=""><span class=""></span><br class=""><span class="">Official FreeSWITCH Sites</span><br class=""><span class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a></span><br class=""><span class=""><a href="http://confluence.freeswitch.org/" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a></span><br class=""><span class=""><a href="http://www.cluecon.com/" target="_blank" class="">http://www.cluecon.com</a></span><br class=""><span class=""></span><br class=""><span class="">FreeSWITCH-users mailing list</span><br class=""><span class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a></span><br class=""><span class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a></span><br class=""><span class="">UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a></span><br class=""><span class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a></span></div></blockquote></div>______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class=""><a href="http://www.freeswitchsolutions.com/" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class=""><br class="">Official FreeSWITCH Sites<br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a><br class=""><a href="http://confluence.freeswitch.org/" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class=""><a href="http://www.cluecon.com/" target="_blank" class="">http://www.cluecon.com</a><br class=""><br class="">FreeSWITCH-users mailing list<br class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class=""><a href="http://www.freeswitch.org/" target="_blank" class="">http://www.freeswitch.org</a></div></blockquote></div><br class=""></div></div><br class="">______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class=""></blockquote></div></div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></div></body></html>