[Freeswitch-users] symbian s60 SIP over TLS

R. Eric Bennett reb-freeswitch at futurexp.com
Fri Sep 12 11:17:01 PDT 2008 

Note that I was mostly just hoping to find someone who'd already had  
experience trying to do SIP over TLS with an s60 device, not asking  
you folks to do add developing that knowledge in order to have you do  
my debugging for me.

That said, I did leave out a few things in the interest of note being  
too long-winded...

First, I should point out that I'm doing this on vanilla Mac OS X  
10.5.4, i.e. no fink or macports installed packages.  Second, I'm  
using a "latest" tarball from an unknown date in late August (see  
prior post on AIM SIP for explanation of why).  I'm 4k miles away from  
the machine with no remote access so I don't know the exact date of  
the tarball.  Third, my configs work fine without TLS.

So what I did was perform a gentls_cert and then:

1) configured FreeSWITCH for TLS, forced e71 to register.  Didn't  
work, "illegal parameter" error returned to server by client.
2) configured FS with "sslv23", forced e71 to register.  Didn't work,  
"illegal parameter" error.
3) ran "openssh s_server -accept ... -CApath ... -CAfile ... -www - 
tls1" using the CA and server cert created by gentls_cert, pointed e71  
browser at s_server port.  Didn't work, "illegal parameter" error.
4) ran "openssh s_server -accept ... -CApath ... -CAfile ... -www - 
ssl3", pointed e71 browser at s_server port.  Didn't work, "illegal  
parameter" error.
5) gave up for the time being hoping i could find wisdom on freeswitch- 
users.

If you are interested in having an s60 device with which to test,  
contact me directly via email.

<param name="podium" value="
Frankly, as the disappointed purchaser of a UTStarcom WiSIP-something- 
or-other years ago and one who waited anxiously for someone to sell  
the hipi-2200 from Paragon Wireless (never could find one), it seems  
to me that the s60 phones with SIP represent the holy grail for which  
SIP-minded VoIP people have been searching, ironic since it's been  
hiding in plain sight as they say...  Notably s60 SIP devices have  
real PIM and syncing functionality, a browser (for those of us that  
would want to do SIP because we're frequently at a remote site that  
requires web-page-based authentication), 802.1X support, all in cell  
phone... one of which you're likely to have/need anyway.
"/>

thanks,
eric

On Sep 12, 2008, at 11:14 AM, Brian West wrote:

> Without one for me to test with I can only guess.  I have tested TLS
> on Polycom, Snom you might need to setup sslv3 instead of tls on your
> profile for doing secure SIP.  What are you trying https against?
>
> /b
>
>
> On Sep 12, 2008, at 10:01 AM, R. Eric Bennett wrote:
>
>> folks,
>>
>> i'm wondering if anyone here has actually managed to get SIP over TLS
>> working from a symbian s60 phone to FreeSWITCH.  i've been trying for
>> some time with an e71 and while i've made some progress, progress !=
>> success.
>>
>> in fact, i've progressed to the point where the failure is known to
>> not be specific to FreeSWITCH's implementation.  however, having used
>> the certificates generated by FreeSWITCH's gentls_cert script with
>> openssh s_server's builtin simple web server while having my e71's
>> browser connect to it, i can say that the failure mode is same (we
>> send cert, e71 replies with "illegal parameter") whether we are
>> running SIP or HTTP over SSL/TLS.  as such, it could still be a  
>> result
>> of the certs generated by the FS scripts.
>>
>> to eliminate one obvious potential cause, note that i have installed
>> the FreeSWITCH CA cert on the e71 so it shouldn't be a self-signed
>> cert problem.  this leaves me thinking that the problem is either an
>> openssl problem (there appear to have been some interoperability
>> issues between SSL implementations as a result of e.g. padding SSL
>> PDUs) or a limitation in the feature set of the symbian s60 TLS
>> implementation, specifically limitations on the types of server certs
>> it'll accept.  before exhausting more energy trying to track this
>> down, i was hoping that someone out there may have solved this  
>> problem
>> or at least know exactly what the problem is i can stop banging my
>> head against the wall.
>>
>> anyone?  anyone?  Bueller?
>>
>> thanks,
>> eric
>>
>>
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
> Brian West
> sip:brian at freeswitch.org
>
>
>
>
>
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

More information about the FreeSWITCH-users mailing list