<div dir="ltr">Hi, All,<br><br>Peer Subject Mismatch (incoming connection) - WHY MISMATCH? WHAT MISMATCH?<br><br>Why Peer Certificate Subject 0: "<a href="http://sip.obolenskaya.su">sip.obolenskaya.su</a>" is mismatching realm (which is correctly resolving with DNS SRV including port) "<a href="http://sip.obolenskaya.su">sip.obolenskaya.su</a>"?<br>The same CA certificate was placed in cafile.pem on both peers.<br><br>Peer Certificate:<br>    Data:<br>        Version: 3 (0x2)<br>        Serial Number:<br>            a7:17:ad:32:72:ce:b5:e9<br>    Signature Algorithm: sha256WithRSAEncryption<br>        Issuer: O=FS, CN=My_FS<br>        Validity<br>            Not Before: Jun 18 07:42:08 2018 GMT<br>            Not After : Dec  9 07:42:08 2023 GMT<br>        Subject: O=FS, CN=<a href="http://obolenskaya.su">obolenskaya.su</a><br>        Subject Public Key Info:<br>            Public Key Algorithm: rsaEncryption<br>                Public-Key: (2048 bit)<br>                Modulus:<br>                    00:ef:31:86:e6:dd:13:2d:92:e1:2b:7a:14:7f:de:<br>                    0f:11:97:2b:d9:de:bf:1e:6b:bc:90:ef:8e:04:2a:<br>                    99:7b:58:a1:39:94:01:42:00:38:6e:e0:1c:cf:13:<br>                    7f:25:2d:f2:c0:0f:ed:0d:ad:0e:e9:37:40:32:ae:<br>                    92:2e:58:b0:79:2b:bf:16:5a:11:86:5b:18:bd:a1:<br>                    b0:3c:2a:2f:cb:bd:52:c5:dd:a1:94:64:96:18:3a:<br>                    77:eb:0d:b3:65:24:ff:22:d9:3b:55:a7:13:bc:1c:<br>                    d2:61:be:40:e1:1c:43:87:c9:78:ab:b4:55:95:fd:<br>                    52:f6:e7:e3:04:ed:50:86:d3:19:53:67:07:30:d4:<br>                    08:62:c6:a2:f5:e9:07:71:5e:03:af:96:1a:89:39:<br>                    db:cf:6f:21:be:46:61:6b:cc:2c:10:99:b4:cf:32:<br>                    db:c1:a3:0d:03:5d:1f:30:45:4e:ca:ff:f4:ba:ad:<br>                    d9:4f:6a:5a:f6:42:41:82:d4:3f:39:f9:5a:98:95:<br>                    1a:c1:e4:4f:5c:a0:e3:a0:dd:1c:a6:65:f9:98:15:<br>                    f0:8b:18:c5:0d:8f:67:17:4c:5c:ef:ed:fc:b5:42:<br>                    80:0f:c8:e4:e6:02:73:c6:8d:8f:1c:94:4d:de:90:<br>                    eb:24:05:94:36:f3:76:8c:62:a2:80:e6:57:24:06:<br>                    0d:33<br>                Exponent: 65537 (0x10001)<br>        X509v3 extensions:<br>            X509v3 Basic Constraints: <br>                CA:FALSE<br>            X509v3 Key Usage: <br>                Digital Signature, Non Repudiation, Key Encipherment<br>            X509v3 Subject Alternative Name: <br>                DNS:<a href="http://sip.obolenskaya.su">sip.obolenskaya.su</a>, DNS:<a href="http://obolenskaya.su">obolenskaya.su</a><br>    Signature Algorithm: sha256WithRSAEncryption<br>         5a:54:62:45:66:71:3c:11:b8:01:21:e2:bb:bb:3c:ca:0d:23:<br>         c8:d2:3e:5b:9f:93:28:cd:4d:df:b0:82:8f:76:b3:9e:0c:4a:<br>         91:e1:f5:c7:aa:ae:26:a1:c5:87:a5:16:8f:60:6f:6b:f6:80:<br>         f8:7f:f9:12:f3:87:bf:63:52:da:1b:35:c7:31:16:d0:4f:7c:<br>         49:71:f4:77:99:4c:64:97:a0:bb:e3:cb:b5:67:64:64:c4:f4:<br>         93:7e:55:35:3e:07:ad:9c:b5:a7:01:89:14:a1:e8:2f:44:ea:<br>         8e:f6:66:79:1b:5d:51:7f:e2:41:b5:cc:97:da:62:db:68:40:<br>         8f:82:68:8c:5c:da:26:d2:1f:43:0c:ea:3b:14:6d:15:0e:d4:<br>         12:92:a0:89:8e:42:e5:1e:33:cc:55:64:fc:11:30:5b:f9:15:<br>         cd:47:61:b5:b3:b4:6d:26:ee:dd:68:6a:6b:b3:15:28:41:d4:<br>         ee:d5:60:cd:e7:59:3c:91:45:6c:85:79:78:87:a5:24:ca:0f:<br>         33:ec:b2:03:7f:03:81:a6:b5:8a:22:e2:98:30:32:06:5f:f9:<br>         7b:ec:c3:d6:a7:aa:e8:db:29:6b:e0:be:97:59:51:be:a0:69:<br>         00:61:86:e5:ea:93:fb:45:b4:6c:aa:d7:e3:01:54:e7:a6:7d:<br>         7f:9b:0a:d5<br><br>Very simple gateway:<br><gateway name="my_freeswitch"><br>     <param name="username" value="1234"/><br>     <param name="realm" value="<a href="http://sip.obolenskaya.su">sip.obolenskaya.su</a>"/><br>     <param name="password" value="my_strong_password"/><br>     <param name="register-transport" value="tls"/><br></gateway><br><br>Some relevant tls-setings:<br><settings><br>     <param name="tls" value="true"/><br>     <param name="tls-only" value="true"/><br>     <param name="tls-bind-params" value="transport=tls"/><br>     <param name="tls-sip-port" value="5061"/><br>     <param name="tls-cert-dir" value="/usr/local/freeswitch/certs"/><br>     <param name="tls-passphrase" value=""/><br>     <param name="tls-verify-date" value="true"/><br>     <param name="tls-verify-policy" value="subjects_all"/><br>     <param name="tls-verify-depth" value="2"/><br>     param name="tls-verify-in-subjects" value="CN"/><br>     <param name="tls-version" value="tlsv1.2"/><br></settings><br><br>[NOTICE] sofia_reg.c:448 Registering my_freeswitch<br>tport.c:3257 tport_tsend() tport_tsend(0x7f9c2c094410) tpn = tls/2a02:b184:3:1a11::2ba1:5061<br>tport.c:4046 tport_resolve() tport_resolve addrinfo = [2a02:b184:3:1a11::2ba1]:5061<br>tport.c:4680 tport_by_addrinfo() tport_by_addrinfo(0x7f9c2c094410): not found by name tls/2a02:b184:3:1a11::2ba1:5061<br>tport.c:4680 tport_by_addrinfo() tport_by_addrinfo(0x7f9c2c094410): not found by name tls/2a02:b184:3:1a11::2ba1:5061<br>tport.c:862 tport_alloc_secondary() tport_alloc_secondary(0x7f9c2c094410): new secondary tport 0x7f9c2c068f10<br>tport_type_tcp.c:203 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7f9c2c068f10): Setting TCP_KEEPIDLE to 30<br>tport_type_tcp.c:209 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7f9c2c068f10): Setting TCP_KEEPINTVL to 30<br>tport_type_tls.c:683 tport_tls_connect() tport_tls_connect(0x7f9c2c068f10): connecting to tls/[2a02:b184:3:1a11::2ba1]:5061/sips<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c2c068f10): reset timer<br>tport.c:3782 tport_queue() tport_queue(0x7f9c2c068f10): queueing 0x7f9c2c05d030 for tls/[2a02:b184:3:1a11::2ba1]:5061<br>tport.c:4160 tport_pend() tport_pend(0x7f9c2c068f10): pending 0x7f9c2c05d030 for tls/[2a02:b184:3:1a11::2ba1]:5061 (already 0)<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c2c068f10): events CONNECTING<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c2c068f10): events NEGOTIATING<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c2c068f10): events NEGOTIATING<br>tport_tls.c:599 tls_post_connection_check() tls_post_connection_check(0x7f9c2c068f10): TLS cipher chosen (name): ECDHE-RSA-AES256-GCM-SHA384<br>tport_tls.c:601 tls_post_connection_check() tls_post_connection_check(0x7f9c2c068f10): TLS cipher chosen (version): TLSv1/SSLv3<br>tport_tls.c:604 tls_post_connection_check() tls_post_connection_check(0x7f9c2c068f10): TLS cipher chosen (bits/alg_bits): 256/256<br>tport_tls.c:607 tls_post_connection_check() tls_post_connection_check(0x7f9c2c068f10): TLS cipher chosen (description): ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD<br><br>tport_tls.c:694 tls_post_connection_check() tls_post_connection_check(0x7f9c2c068f10): Peer Certificate Subject 0: <a href="http://sip.obolenskaya.su">sip.obolenskaya.su</a><br>tport_tls.c:694 tls_post_connection_check() tls_post_connection_check(0x7f9c2c068f10): Peer Certificate Subject 1: <a href="http://obolenskaya.su">obolenskaya.su</a><br>tport.c:3923 tport_send_event() tport_send_event(0x7f9c2c068f10) - ready to send to (tls/[2a02:b184:3:1a11::2ba1]:5061)<br>tport_type_tls.c:534 tport_tls_send() tport_tls_writevec: vec 0x7f9c2c0af610 0x7f9c2c09db90 637 (637)<br>tport.c:3594 tport_vsend() tport_vsend(0x7f9c2c068f10): 637 bytes of 637 to tls/[2a02:b184:3:1a11::2ba1]:5061<br>tport.c:3492 tport_send_msg() tport_vsend returned 637<br>tport_type_tls.c:338 tport_tls_set_events() tport_tls_set_events(0x7f9c2c068f10): logical events IN real IN<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c2c068f10): reset timer<br>tport.c:2773 tport_wakeup() tport_wakeup(0x7f9c2c068f10): events IN<br>tport.c:2864 tport_recv_event() tport_recv_event(0x7f9c2c068f10)<br>tport_type_tls.c:434 tport_tls_recv() tport_tls_recv(0x7f9c2c068f10): tls_read() returned 653<br>tport.c:3205 tport_recv_iovec() tport_recv_iovec(0x7f9c2c068f10) msg 0x7f9c2c089c70 from (tls/[2a02:b184:3:1a11::2ba1]:5061) has 653 bytes, veclen = 1<br>tport.c:3023 tport_deliver() tport_deliver(0x7f9c2c068f10): msg 0x7f9c2c089c70 (653 bytes) from tls/[2a02:b184:3:1a11::2ba1]:5061/sips next=(nil)<br>tport.c:4222 tport_release() tport_release(0x7f9c2c068f10): 0x7f9c2c05d030 by 0x7f9c2c0672c0 with 0x7f9c2c089c70<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c2c068f10): reset timer<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c2c068f10): reset timer<br>tport.c:3257 tport_tsend() tport_tsend(0x7f9c2c094410) tpn = tls/2a02:b184:3:1a11::2ba1:5061<br>tport.c:4046 tport_resolve() tport_resolve addrinfo = [2a02:b184:3:1a11::2ba1]:5061<br>tport.c:4677 tport_by_addrinfo() tport_by_addrinfo(0x7f9c2c094410): found 0x7f9c2c068f10 by name tls/2a02:b184:3:1a11::2ba1:5061<br>tport_type_tls.c:534 tport_tls_send() tport_tls_writevec: vec 0x7f9c2c0af610 0x7f9c2c080930 912 (912)<br>tport.c:3594 tport_vsend() tport_vsend(0x7f9c2c068f10): 912 bytes of 912 to tls/[2a02:b184:3:1a11::2ba1]:5061<br>tport.c:3492 tport_send_msg() tport_vsend returned 912<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c2c068f10): reset timer<br>tport.c:4160 tport_pend() tport_pend(0x7f9c2c068f10): pending 0x7f9c2c05d030 for tls/[2a02:b184:3:1a11::2ba1]:5061 (already 0)<br>tport.c:2773 tport_wakeup() tport_wakeup(0x7f9c2c068f10): events IN<br>tport.c:2864 tport_recv_event() tport_recv_event(0x7f9c2c068f10)<br>tport_type_tls.c:434 tport_tls_recv() tport_tls_recv(0x7f9c2c068f10): tls_read() returned 654<br>tport.c:3205 tport_recv_iovec() tport_recv_iovec(0x7f9c2c068f10) msg 0x7f9c2c089c70 from (tls/[2a02:b184:3:1a11::2ba1]:5061) has 654 bytes, veclen = 1<br>tport.c:3023 tport_deliver() tport_deliver(0x7f9c2c068f10): msg 0x7f9c2c089c70 (654 bytes) from tls/[2a02:b184:3:1a11::2ba1]:5061/sips next=(nil)<br>tport.c:4222 tport_release() tport_release(0x7f9c2c068f10): 0x7f9c2c05d030 by 0x7f9c2c067080 with 0x7f9c2c089c70<br>tport.c:4160 tport_pend() tport_pend(0x7f9c2c068f10): pending (nil) for tls/[2a02:b184:3:1a11::2ba1]:5061 (already 0)<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c2c068f10): reset timer<br>tport.c:2749 tport_wakeup_pri() tport_wakeup_pri(0x7f9c2c094410): events IN<br>tport.c:862 tport_alloc_secondary() tport_alloc_secondary(0x7f9c2c094410): new secondary tport 0x7f9c2c082960<br>tport_type_tcp.c:203 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7f9c2c082960): Setting TCP_KEEPIDLE to 30<br>tport_type_tcp.c:209 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7f9c2c082960): Setting TCP_KEEPINTVL to 30<br>tport_type_tls.c:610 tport_tls_accept() tport_tls_accept(0x7f9c2c082960): new connection from tls/[2a02:b184:3:1a11::2ba1]:52886/sips<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c2c082960): events NEGOTIATING<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c2c082960): events NEGOTIATING<br>tport_tls.c:599 tls_post_connection_check() tls_post_connection_check(0x7f9c2c082960): TLS cipher chosen (name): ECDHE-RSA-AES256-GCM-SHA384<br>tport_tls.c:601 tls_post_connection_check() tls_post_connection_check(0x7f9c2c082960): TLS cipher chosen (version): TLSv1/SSLv3<br>tport_tls.c:604 tls_post_connection_check() tls_post_connection_check(0x7f9c2c082960): TLS cipher chosen (bits/alg_bits): 256/256<br>tport_tls.c:607 tls_post_connection_check() tls_post_connection_check(0x7f9c2c082960): TLS cipher chosen (description): ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD<br><br>tport_tls.c:694 tls_post_connection_check() tls_post_connection_check(0x7f9c2c082960): Peer Certificate Subject 0: <a href="http://sip.obolenskaya.su">sip.obolenskaya.su</a><br>tport_tls.c:694 tls_post_connection_check() tls_post_connection_check(0x7f9c2c082960): Peer Certificate Subject 1: <a href="http://obolenskaya.su">obolenskaya.su</a><br>tport_tls.c:721 tls_post_connection_check() tls_post_connection_check(0x7f9c2c082960): Peer Subject Mismatch (incoming connection)<br>tport.c:2090 tport_close() tport_close(0x7f9c2c082960): tls/[2a02:b184:3:1a11::2ba1]:52886/sips<br>tport.c:2263 tport_set_secondary_timer() tport(0x7f9c2c082960): set timer at 0 ms because zap<br><br><br>If this setting changed the mismatch disappear:<br><param name="tls-verify-policy" value="subjects_out|in"/><br><br>[NOTICE] sofia_reg.c:448 Registering my_freeswitch<br>tport.c:3257 tport_tsend() tport_tsend(0x7f9c1c046570) tpn = tls/2a02:b184:3:1a11::2ba1:5061<br>tport.c:4046 tport_resolve() tport_resolve addrinfo = [2a02:b184:3:1a11::2ba1]:5061<br>tport.c:4680 tport_by_addrinfo() tport_by_addrinfo(0x7f9c1c046570): not found by name tls/2a02:b184:3:1a11::2ba1:5061<br>tport.c:862 tport_alloc_secondary() tport_alloc_secondary(0x7f9c1c046570): new secondary tport 0x7f9c1c07fa60<br>tport_type_tcp.c:203 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7f9c1c07fa60): Setting TCP_KEEPIDLE to 30<br>tport_type_tcp.c:209 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7f9c1c07fa60): Setting TCP_KEEPINTVL to 30<br>tport_type_tls.c:683 tport_tls_connect() tport_tls_connect(0x7f9c1c07fa60): connecting to tls/[2a02:b184:3:1a11::2ba1]:5061/sips<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c1c07fa60): reset timer<br>tport.c:3782 tport_queue() tport_queue(0x7f9c1c07fa60): queueing 0x7f9c1c03a460 for tls/[2a02:b184:3:1a11::2ba1]:5061<br>tport.c:4160 tport_pend() tport_pend(0x7f9c1c07fa60): pending 0x7f9c1c03a460 for tls/[2a02:b184:3:1a11::2ba1]:5061 (already 0)<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c1c07fa60): events CONNECTING<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c1c07fa60): events NEGOTIATING<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c1c07fa60): events NEGOTIATING<br>tport_tls.c:599 tls_post_connection_check() tls_post_connection_check(0x7f9c1c07fa60): TLS cipher chosen (name): ECDHE-RSA-AES256-GCM-SHA384<br>tport_tls.c:601 tls_post_connection_check() tls_post_connection_check(0x7f9c1c07fa60): TLS cipher chosen (version): TLSv1/SSLv3<br>tport_tls.c:604 tls_post_connection_check() tls_post_connection_check(0x7f9c1c07fa60): TLS cipher chosen (bits/alg_bits): 256/256<br>tport_tls.c:607 tls_post_connection_check() tls_post_connection_check(0x7f9c1c07fa60): TLS cipher chosen (description): ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD<br>tport_tls.c:694 tls_post_connection_check() tls_post_connection_check(0x7f9c1c07fa60): Peer Certificate Subject 0: <a href="http://sip.obolenskaya.su">sip.obolenskaya.su</a><br>tport_tls.c:694 tls_post_connection_check() tls_post_connection_check(0x7f9c1c07fa60): Peer Certificate Subject 1: <a href="http://obolenskaya.su">obolenskaya.su</a><br>tport.c:3923 tport_send_event() tport_send_event(0x7f9c1c07fa60) - ready to send to (tls/[2a02:b184:3:1a11::2ba1]:5061)<br>tport_type_tls.c:534 tport_tls_send() tport_tls_writevec: vec 0x7f9c1c0a4750 0x7f9c1c058cb0 637 (637)<br>tport.c:3594 tport_vsend() tport_vsend(0x7f9c1c07fa60): 637 bytes of 637 to tls/[2a02:b184:3:1a11::2ba1]:5061<br>tport.c:3492 tport_send_msg() tport_vsend returned 637<br>tport_type_tls.c:338 tport_tls_set_events() tport_tls_set_events(0x7f9c1c07fa60): logical events IN real IN<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c1c07fa60): reset timer<br>tport.c:2773 tport_wakeup() tport_wakeup(0x7f9c1c07fa60): events IN<br>tport.c:2864 tport_recv_event() tport_recv_event(0x7f9c1c07fa60)<br>tport_type_tls.c:434 tport_tls_recv() tport_tls_recv(0x7f9c1c07fa60): tls_read() returned 653<br>tport.c:3205 tport_recv_iovec() tport_recv_iovec(0x7f9c1c07fa60) msg 0x7f9c1c09c620 from (tls/[2a02:b184:3:1a11::2ba1]:5061) has 653 bytes, veclen = 1<br>tport.c:3023 tport_deliver() tport_deliver(0x7f9c1c07fa60): msg 0x7f9c1c09c620 (653 bytes) from tls/[2a02:b184:3:1a11::2ba1]:5061/sips next=(nil)<br>tport.c:4222 tport_release() tport_release(0x7f9c1c07fa60): 0x7f9c1c03a460 by 0x7f9c1c0a4500 with 0x7f9c1c09c620<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c1c07fa60): reset timer<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c1c07fa60): reset timer<br>tport.c:3257 tport_tsend() tport_tsend(0x7f9c1c046570) tpn = tls/2a02:b184:3:1a11::2ba1:5061<br>tport.c:4046 tport_resolve() tport_resolve addrinfo = [2a02:b184:3:1a11::2ba1]:5061<br>tport.c:4677 tport_by_addrinfo() tport_by_addrinfo(0x7f9c1c046570): found 0x7f9c1c07fa60 by name tls/2a02:b184:3:1a11::2ba1:5061<br>tport_type_tls.c:534 tport_tls_send() tport_tls_writevec: vec 0x7f9c1c0a4750 0x7f9c1c09c620 912 (912)<br>tport.c:3594 tport_vsend() tport_vsend(0x7f9c1c07fa60): 912 bytes of 912 to tls/[2a02:b184:3:1a11::2ba1]:5061<br>tport.c:3492 tport_send_msg() tport_vsend returned 912<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c1c07fa60): reset timer<br>tport.c:4160 tport_pend() tport_pend(0x7f9c1c07fa60): pending 0x7f9c1c058cb0 for tls/[2a02:b184:3:1a11::2ba1]:5061 (already 0)<br>tport.c:2773 tport_wakeup() tport_wakeup(0x7f9c1c07fa60): events IN<br>tport.c:2864 tport_recv_event() tport_recv_event(0x7f9c1c07fa60)<br>tport_type_tls.c:434 tport_tls_recv() tport_tls_recv(0x7f9c1c07fa60): tls_read() returned 654<br>tport.c:3205 tport_recv_iovec() tport_recv_iovec(0x7f9c1c07fa60) msg 0x7f9c1c09ca30 from (tls/[2a02:b184:3:1a11::2ba1]:5061) has 654 bytes, veclen = 1<br>tport.c:3023 tport_deliver() tport_deliver(0x7f9c1c07fa60): msg 0x7f9c1c09ca30 (654 bytes) from tls/[2a02:b184:3:1a11::2ba1]:5061/sips next=(nil)<br>tport.c:4222 tport_release() tport_release(0x7f9c1c07fa60): 0x7f9c1c058cb0 by 0x7f9c1c09d470 with 0x7f9c1c09ca30<br>tport.c:4160 tport_pend() tport_pend(0x7f9c1c07fa60): pending (nil) for tls/[2a02:b184:3:1a11::2ba1]:5061 (already 0)<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c1c07fa60): reset timer<br>tport.c:2749 tport_wakeup_pri() tport_wakeup_pri(0x7f9c1c046570): events IN<br>tport.c:862 tport_alloc_secondary() tport_alloc_secondary(0x7f9c1c046570): new secondary tport 0x7f9c1c058cb0<br>tport_type_tcp.c:203 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7f9c1c058cb0): Setting TCP_KEEPIDLE to 30<br>tport_type_tcp.c:209 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7f9c1c058cb0): Setting TCP_KEEPINTVL to 30<br>tport_type_tls.c:610 tport_tls_accept() tport_tls_accept(0x7f9c1c058cb0): new connection from tls/[2a02:b184:3:1a11::2ba1]:40928/sips<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c1c058cb0): events NEGOTIATING<br>tport_tls.c:956 tls_connect() tls_connect(0x7f9c1c058cb0): events NEGOTIATING<br>tport_tls.c:599 tls_post_connection_check() tls_post_connection_check(0x7f9c1c058cb0): TLS cipher chosen (name): ECDHE-RSA-AES256-GCM-SHA384<br>tport_tls.c:601 tls_post_connection_check() tls_post_connection_check(0x7f9c1c058cb0): TLS cipher chosen (version): TLSv1/SSLv3<br>tport_tls.c:604 tls_post_connection_check() tls_post_connection_check(0x7f9c1c058cb0): TLS cipher chosen (bits/alg_bits): 256/256<br>tport_tls.c:607 tls_post_connection_check() tls_post_connection_check(0x7f9c1c058cb0): TLS cipher chosen (description): ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD<br><br>tport_tls.c:694 tls_post_connection_check() tls_post_connection_check(0x7f9c1c058cb0): Peer Certificate Subject 0: <a href="http://sip.obolenskaya.su">sip.obolenskaya.su</a><br>tport_tls.c:694 tls_post_connection_check() tls_post_connection_check(0x7f9c1c058cb0): Peer Certificate Subject 1: <a href="http://obolenskaya.su">obolenskaya.su</a><br>tport.c:2296 tport_set_secondary_timer() tport(0x7f9c1c058cb0): reset timer<br><br>Now the peer can call me.<br><br>But what should I do that subjects_in will be checked correctly?<br><br>Thank you!<br><br>Xenia Obolenskaya<br></div>